https://www.healthcareitnews.com/news/7-steps-pass-or-better-yet-avoid-ocr-security-audit
By Bill Siwicki
Healthcare IT News
December 04, 2019
The U.S. Department Health and Human Services’ Office for Civil Rights is
responsible for auditing and enforcing compliance with the HIPAA security and
privacy regulations, as well as the additional rules and clarifications
contained in HITECH.
OCR enforces privacy and security rules through compliance audits, education
and outreach, and subsequent fines or mitigation expenses. OCR also works with
the Department of Justice on possible criminal violations.
An OCR audit usually is triggered by one of two events: Either a complaint has
been filed against the practice by a patient or an internal whistleblower, or
the practice has reported a breach to OCR.
“Breaches affecting 500 individuals or more must be reported to OCR, in
addition to other reporting requirements,” explained Troy Young, chief
technology officer at AdvancedMD, a medical office platform vendor.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
