Recently the Office for Civil Rights (OCR) conducted 167 desk audits of covered entities. They found that 62% of entities had not performed adequate risk analysis and 73% did not have adequate HIPAA security risk management plans. OCR continues to perform investigations of complaints and heightened enforcement for noncompliance is here.
“The new head of the federal agency that enforces HIPAA says his top enforcement priority for the coming year is to find a ‘big, juicy, egregious’ breach case to use as an example from which others can learn.”
– OCR Director Roger Severino via HealthInfoSecurity.com
Additionally, we have seen the results as Centers for Medicare & Medicaid Services (CMS) continues to audit organizations that attest to Meaningful Use. These audit findings have shown that most organizations do not retain the necessary supporting documentation of completion of core set objectives and measures. They also find that most adverse audits lack a current risk assessment even though it is also required by the HIPAA Security Rule.
To help organizations prepare for audits and investigations, CynergisTek offers a series of audit solutions that help organizations verify and validate that privacy and security programs meet compliance and business objectives. CynergisTek understands the regulatory and compliance environment and can help organizations enhance their risk management efforts through various types of audits. Our Compliance and Audit Services are delivered by our industry experts and provide an overall assessment of your organization’s audit readiness.