SlideShare a Scribd company logo

DHHS OCR steps up to increase HIPAA audits of Business Associates

David Sweigert
David Sweigert

Business Associates are now on the DHHS Office of Civil Rights auditing radar for HIPAA compliance.

Technology
1 of 4
Leadership In The News Blog Ostendio Customers Contact Us New OCR HIPAA Audits Planned – Should Digital Health Providers Be Worried? by Grant Elliott , Founder & CEO, Ostendio FEATURES PRICING MARKETPLACE ABOUT US Page 1 of 4New OCR HIPAA Audits Planned - Should Digital Health Providers be worried? | Ostend... 4/7/2014http://ostendio.com/new-ocr-hipaa-audits-planned-digital-health-providers-worried/
Last week the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) released its version of a Security Risk Assessment tool to “help guide health care providers in small to medium sized offices”. This comes after their announcement in February to target 12,000 companies for proactive HIPAA audits, a third of which will be Business Associates (BAs). All this activity follows criticism from some quarters that since introducing the Audit Protocols in 2011, the OCR has been largely ineffective at applying them.  With other agencies seemingly stepping in to fill the void, the OCR is under increasing pressure to step up their game and show they are able to effectively police the HIPAA regulations. So who will be affected? When the OCR conducted its first set of audits in 2011 to validate the Audit Protocol it mainly focused on large Covered Entities such as hospitals and health plans.   This time around it has indicated it will be targeting Business Associates as well, but it is probably still safe to assume it will be more focused on larger enterprises rather than small to medium sized businesses.  However, this does not mean SMBs should remain complacent as this exercise is part of a general acceleration of proactive auditing by the OCR and of course don’t forget should any company be guilty of a breach, then they immediately put themselves in the OCR strike zone. Until now, for many small and medium sized business, managing HIPAA compliance has been more of a marketing initiative than a true exercise in managing and protecting sensitive data.  This is not a criticism or a suggestion that these companies are trying to be deceptive, rather that there is an element of denial within the small to medium business community about compliance and a belief that, despite the changes in the law last year, they can continue to fly under the radar. This approach is driven by a lack of understanding about what they need to do to manage compliance. The reality is that while obtaining compliance is a never-ending journey, the first steps are relatively simple. The OCR comes down hardest on companies that have never conducted a risk assessment which is why they have now released their own Risk Assessment tool.  They are making it clear there is no excuse for not completing a risk assessment indicating a preference for companies that know where their vulnerabilities are to those that don’t. Sticking your head in the sand, or assuming that good IT practices are sufficient will only result in a stiffer penalty. It is much better to learn what you need to do and to get started down that path even if you can only do this slowly. As a smaller organization you are not expected to employ the same level of tools or resources to manage compliance but you are expected to know what compliance looks like and to have a plan to achieve it. Despite these recent announcements it is unlikely as a small to medium business that you need to be looking over your shoulder worried about a proactive OCR audit. That day may still come, but in the interim you need to be sure you are taking the appropriate actions just in case you find yourself under the microscope for less random reasons. And that starts by conducting your own Risk Assessment.   You can find more about how to manage your compliance at http://ostendio.com. Page 2 of 4New OCR HIPAA Audits Planned - Should Digital Health Providers be worried? | Ostend... 4/7/2014http://ostendio.com/new-ocr-hipaa-audits-planned-digital-health-providers-worried/
Resources: Security 101: Security Risk Analysis – Risk Assessment Compliance 101: MyVCM High Level Risk Assessment RESOURCES Request a Demo Recent Articles In The News Pricing Marketplace COMPANY About Us Ostendio Customers Press Privacy Policy Terms of Use CONNECT WITH US.. Twitter Feed Twitter LinkedIn Facebook Latest tweets RT @WebSecurityNews: Hackers can hijack $100,000 Tesla electric cars with simple password crack, experts warn http://t.co/NCgwMjBYen 5 days ago Follow @Ostendio Page 3 of 4New OCR HIPAA Audits Planned - Should Digital Health Providers be worried? | Ostend... 4/7/2014http://ostendio.com/new-ocr-hipaa-audits-planned-digital-health-providers-worried/
© 2014 Ostendio, Inc. All Rights Reserved Page 4 of 4New OCR HIPAA Audits Planned - Should Digital Health Providers be worried? | Ostend... 4/7/2014http://ostendio.com/new-ocr-hipaa-audits-planned-digital-health-providers-worried/

Recommended

2017 Consumer Survey: Healthcare Cybersecurity and Digital Trust
2017 Consumer Survey: Healthcare Cybersecurity and Digital Trust2017 Consumer Survey: Healthcare Cybersecurity and Digital Trust
2017 Consumer Survey: Healthcare Cybersecurity and Digital Trustaccenture
 
Emerging Technologies for Revenue Agencies - Accenture Research
Emerging Technologies for Revenue Agencies - Accenture ResearchEmerging Technologies for Revenue Agencies - Accenture Research
Emerging Technologies for Revenue Agencies - Accenture Researchaccenture
 
Digital Disconnect in Customer Engagement
Digital Disconnect in Customer EngagementDigital Disconnect in Customer Engagement
Digital Disconnect in Customer Engagementaccenture
 
Revealed- key takeaways from Silverfin's technology trends research
Revealed- key takeaways from Silverfin's technology trends researchRevealed- key takeaways from Silverfin's technology trends research
Revealed- key takeaways from Silverfin's technology trends researchSilverfin
 
Digital’s Transformative Power Across R&D: Keeping pace with Stakeholder Expe...
Digital’s Transformative Power Across R&D: Keeping pace with Stakeholder Expe...Digital’s Transformative Power Across R&D: Keeping pace with Stakeholder Expe...
Digital’s Transformative Power Across R&D: Keeping pace with Stakeholder Expe...accenture
 
New Requirements of Fraud Prevention
New Requirements of Fraud PreventionNew Requirements of Fraud Prevention
New Requirements of Fraud PreventionGuardian Analytics
 
Intelligent automation
Intelligent automationIntelligent automation
Intelligent automationHeidelberg India
 
Accenture Compliance Risk Study 2016
Accenture Compliance Risk Study 2016Accenture Compliance Risk Study 2016
Accenture Compliance Risk Study 2016accenture
 

Recommended

2017 Consumer Survey: Healthcare Cybersecurity and Digital Trust
2017 Consumer Survey: Healthcare Cybersecurity and Digital Trust2017 Consumer Survey: Healthcare Cybersecurity and Digital Trust
2017 Consumer Survey: Healthcare Cybersecurity and Digital Trustaccenture
 
Emerging Technologies for Revenue Agencies - Accenture Research
Emerging Technologies for Revenue Agencies - Accenture ResearchEmerging Technologies for Revenue Agencies - Accenture Research
Emerging Technologies for Revenue Agencies - Accenture Researchaccenture
 
Digital Disconnect in Customer Engagement
Digital Disconnect in Customer EngagementDigital Disconnect in Customer Engagement
Digital Disconnect in Customer Engagementaccenture
 
Revealed- key takeaways from Silverfin's technology trends research
Revealed- key takeaways from Silverfin's technology trends researchRevealed- key takeaways from Silverfin's technology trends research
Revealed- key takeaways from Silverfin's technology trends researchSilverfin
 
Digital’s Transformative Power Across R&D: Keeping pace with Stakeholder Expe...
Digital’s Transformative Power Across R&D: Keeping pace with Stakeholder Expe...Digital’s Transformative Power Across R&D: Keeping pace with Stakeholder Expe...
Digital’s Transformative Power Across R&D: Keeping pace with Stakeholder Expe...accenture
 
New Requirements of Fraud Prevention
New Requirements of Fraud PreventionNew Requirements of Fraud Prevention
New Requirements of Fraud PreventionGuardian Analytics
 
Intelligent automation
Intelligent automationIntelligent automation
Intelligent automationHeidelberg India
 
Accenture Compliance Risk Study 2016
Accenture Compliance Risk Study 2016Accenture Compliance Risk Study 2016
Accenture Compliance Risk Study 2016accenture
 
The Promise of Artificial Intelligence
The Promise of Artificial IntelligenceThe Promise of Artificial Intelligence
The Promise of Artificial IntelligenceAccenture Insurance
 
People & Technology: Vision for Life Sciences 2016
People & Technology: Vision for Life Sciences 2016People & Technology: Vision for Life Sciences 2016
People & Technology: Vision for Life Sciences 2016accenture
 
GRC Access Controls 1-Pager
GRC Access Controls 1-PagerGRC Access Controls 1-Pager
GRC Access Controls 1-PagerSalman Akorede
 
Seeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More Wisely
Seeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More WiselySeeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More Wisely
Seeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More Wiselyaccenture
 
Behavioral Analysis for Financial Crime Threat Mitigation
Behavioral Analysis for Financial Crime Threat MitigationBehavioral Analysis for Financial Crime Threat Mitigation
Behavioral Analysis for Financial Crime Threat Mitigationaccenture
 
Behavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and TomorrowBehavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and TomorrowGuardian Analytics
 
A Holistic Approach to Insurance Automation
A Holistic Approach to Insurance AutomationA Holistic Approach to Insurance Automation
A Holistic Approach to Insurance AutomationAccenture Insurance
 
Accenture Technology Vision for Banking
Accenture Technology Vision for BankingAccenture Technology Vision for Banking
Accenture Technology Vision for Bankingaccenture
 
Outlook on Artificial Intelligence in the Enterprise 2016
Outlook on Artificial Intelligence in the Enterprise 2016Outlook on Artificial Intelligence in the Enterprise 2016
Outlook on Artificial Intelligence in the Enterprise 2016Narrative Science
 
Deliver responsible innovation at scale with Advanced Natural Language Genera...
Deliver responsible innovation at scale with Advanced Natural Language Genera...Deliver responsible innovation at scale with Advanced Natural Language Genera...
Deliver responsible innovation at scale with Advanced Natural Language Genera...Narrative Science
 
GRC Audit Management-1-Pager
GRC Audit Management-1-PagerGRC Audit Management-1-Pager
GRC Audit Management-1-PagerSalman Akorede
 
How to Power Next-Generation Procurement with Intelligent Operations
How to Power Next-Generation Procurement with Intelligent OperationsHow to Power Next-Generation Procurement with Intelligent Operations
How to Power Next-Generation Procurement with Intelligent OperationsAccenture Operations
 
Managing Risk in a digital world: successfully enabling the quest for new rev...
Managing Risk in a digital world: successfully enabling the quest for new rev...Managing Risk in a digital world: successfully enabling the quest for new rev...
Managing Risk in a digital world: successfully enabling the quest for new rev...accenture
 
Thriving on Disruption
Thriving on Disruption Thriving on Disruption
Thriving on Disruption accenture
 
Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...
Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...
Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...accenture
 
A Turn for the Better: Intelligent Health Operations
A Turn for the Better: Intelligent Health OperationsA Turn for the Better: Intelligent Health Operations
A Turn for the Better: Intelligent Health OperationsAccenture Operations
 
ROI of Fraud Detection by Nucleus Research
ROI of Fraud Detection by Nucleus ResearchROI of Fraud Detection by Nucleus Research
ROI of Fraud Detection by Nucleus ResearchLaurent Pacalin
 
Secure Healthcare Data Management
Secure Healthcare Data ManagementSecure Healthcare Data Management
Secure Healthcare Data Managementjgatrell
 
Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...
Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...
Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...Guardian Analytics
 
The Digital Risk Assessment - An Introduction
The Digital Risk Assessment - An IntroductionThe Digital Risk Assessment - An Introduction
The Digital Risk Assessment - An IntroductionEric Cook, MBA
 
Presentatie ppp academy
Presentatie ppp academyPresentatie ppp academy
Presentatie ppp academynancytoemen
 
R&D Project
R&D ProjectR&D Project
R&D ProjectSood Sahil
 

More Related Content

What's hot

The Promise of Artificial Intelligence
The Promise of Artificial IntelligenceThe Promise of Artificial Intelligence
The Promise of Artificial IntelligenceAccenture Insurance
 
People & Technology: Vision for Life Sciences 2016
People & Technology: Vision for Life Sciences 2016People & Technology: Vision for Life Sciences 2016
People & Technology: Vision for Life Sciences 2016accenture
 
GRC Access Controls 1-Pager
GRC Access Controls 1-PagerGRC Access Controls 1-Pager
GRC Access Controls 1-PagerSalman Akorede
 
Seeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More Wisely
Seeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More WiselySeeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More Wisely
Seeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More Wiselyaccenture
 
Behavioral Analysis for Financial Crime Threat Mitigation
Behavioral Analysis for Financial Crime Threat MitigationBehavioral Analysis for Financial Crime Threat Mitigation
Behavioral Analysis for Financial Crime Threat Mitigationaccenture
 
Behavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and TomorrowBehavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and TomorrowGuardian Analytics
 
A Holistic Approach to Insurance Automation
A Holistic Approach to Insurance AutomationA Holistic Approach to Insurance Automation
A Holistic Approach to Insurance AutomationAccenture Insurance
 
Accenture Technology Vision for Banking
Accenture Technology Vision for BankingAccenture Technology Vision for Banking
Accenture Technology Vision for Bankingaccenture
 
Outlook on Artificial Intelligence in the Enterprise 2016
Outlook on Artificial Intelligence in the Enterprise 2016Outlook on Artificial Intelligence in the Enterprise 2016
Outlook on Artificial Intelligence in the Enterprise 2016Narrative Science
 
Deliver responsible innovation at scale with Advanced Natural Language Genera...
Deliver responsible innovation at scale with Advanced Natural Language Genera...Deliver responsible innovation at scale with Advanced Natural Language Genera...
Deliver responsible innovation at scale with Advanced Natural Language Genera...Narrative Science
 
GRC Audit Management-1-Pager
GRC Audit Management-1-PagerGRC Audit Management-1-Pager
GRC Audit Management-1-PagerSalman Akorede
 
How to Power Next-Generation Procurement with Intelligent Operations
How to Power Next-Generation Procurement with Intelligent OperationsHow to Power Next-Generation Procurement with Intelligent Operations
How to Power Next-Generation Procurement with Intelligent OperationsAccenture Operations
 
Managing Risk in a digital world: successfully enabling the quest for new rev...
Managing Risk in a digital world: successfully enabling the quest for new rev...Managing Risk in a digital world: successfully enabling the quest for new rev...
Managing Risk in a digital world: successfully enabling the quest for new rev...accenture
 
Thriving on Disruption
Thriving on Disruption Thriving on Disruption
Thriving on Disruption accenture
 
Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...
Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...
Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...accenture
 
A Turn for the Better: Intelligent Health Operations
A Turn for the Better: Intelligent Health OperationsA Turn for the Better: Intelligent Health Operations
A Turn for the Better: Intelligent Health OperationsAccenture Operations
 
ROI of Fraud Detection by Nucleus Research
ROI of Fraud Detection by Nucleus ResearchROI of Fraud Detection by Nucleus Research
ROI of Fraud Detection by Nucleus ResearchLaurent Pacalin
 
Secure Healthcare Data Management
Secure Healthcare Data ManagementSecure Healthcare Data Management
Secure Healthcare Data Managementjgatrell
 
Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...
Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...
Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...Guardian Analytics
 
The Digital Risk Assessment - An Introduction
The Digital Risk Assessment - An IntroductionThe Digital Risk Assessment - An Introduction
The Digital Risk Assessment - An IntroductionEric Cook, MBA
 

What's hot (20)

The Promise of Artificial Intelligence
The Promise of Artificial IntelligenceThe Promise of Artificial Intelligence
The Promise of Artificial Intelligence
 
People & Technology: Vision for Life Sciences 2016
People & Technology: Vision for Life Sciences 2016People & Technology: Vision for Life Sciences 2016
People & Technology: Vision for Life Sciences 2016
 
GRC Access Controls 1-Pager
GRC Access Controls 1-PagerGRC Access Controls 1-Pager
GRC Access Controls 1-Pager
 
Seeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More Wisely
Seeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More WiselySeeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More Wisely
Seeing Beyond the Loyalty Illusion in the UK: It’s Time You Invest More Wisely
 
Behavioral Analysis for Financial Crime Threat Mitigation
Behavioral Analysis for Financial Crime Threat MitigationBehavioral Analysis for Financial Crime Threat Mitigation
Behavioral Analysis for Financial Crime Threat Mitigation
 
Behavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and TomorrowBehavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and Tomorrow
 
A Holistic Approach to Insurance Automation
A Holistic Approach to Insurance AutomationA Holistic Approach to Insurance Automation
A Holistic Approach to Insurance Automation
 
Accenture Technology Vision for Banking
Accenture Technology Vision for BankingAccenture Technology Vision for Banking
Accenture Technology Vision for Banking
 
Outlook on Artificial Intelligence in the Enterprise 2016
Outlook on Artificial Intelligence in the Enterprise 2016Outlook on Artificial Intelligence in the Enterprise 2016
Outlook on Artificial Intelligence in the Enterprise 2016
 
Deliver responsible innovation at scale with Advanced Natural Language Genera...
Deliver responsible innovation at scale with Advanced Natural Language Genera...Deliver responsible innovation at scale with Advanced Natural Language Genera...
Deliver responsible innovation at scale with Advanced Natural Language Genera...
 
GRC Audit Management-1-Pager
GRC Audit Management-1-PagerGRC Audit Management-1-Pager
GRC Audit Management-1-Pager
 
How to Power Next-Generation Procurement with Intelligent Operations
How to Power Next-Generation Procurement with Intelligent OperationsHow to Power Next-Generation Procurement with Intelligent Operations
How to Power Next-Generation Procurement with Intelligent Operations
 
Managing Risk in a digital world: successfully enabling the quest for new rev...
Managing Risk in a digital world: successfully enabling the quest for new rev...Managing Risk in a digital world: successfully enabling the quest for new rev...
Managing Risk in a digital world: successfully enabling the quest for new rev...
 
Thriving on Disruption
Thriving on Disruption Thriving on Disruption
Thriving on Disruption
 
Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...
Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...
Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workfor...
 
A Turn for the Better: Intelligent Health Operations
A Turn for the Better: Intelligent Health OperationsA Turn for the Better: Intelligent Health Operations
A Turn for the Better: Intelligent Health Operations
 
ROI of Fraud Detection by Nucleus Research
ROI of Fraud Detection by Nucleus ResearchROI of Fraud Detection by Nucleus Research
ROI of Fraud Detection by Nucleus Research
 
Secure Healthcare Data Management
Secure Healthcare Data ManagementSecure Healthcare Data Management
Secure Healthcare Data Management
 
Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...
Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...
Preventing Business Email Compromise Fraud with Guardian Analytics Real-Time ...
 
The Digital Risk Assessment - An Introduction
The Digital Risk Assessment - An IntroductionThe Digital Risk Assessment - An Introduction
The Digital Risk Assessment - An Introduction
 

Viewers also liked

Presentatie ppp academy
Presentatie ppp academyPresentatie ppp academy
Presentatie ppp academynancytoemen
 
Informe de análisis de liturgia Manuel De Jesús Sánchez
Informe de análisis de liturgia Manuel De Jesús SánchezInforme de análisis de liturgia Manuel De Jesús Sánchez
Informe de análisis de liturgia Manuel De Jesús SánchezManuel Sanchez
 
Pen pal letters 1 terceito trimestre
Pen pal letters 1 terceito trimestrePen pal letters 1 terceito trimestre
Pen pal letters 1 terceito trimestremagdahoffmann
 
Revista de la Fundación Exportar #16
Revista de la Fundación Exportar #16Revista de la Fundación Exportar #16
Revista de la Fundación Exportar #16Noticias de Exportar
 
Amap Overview 2010
Amap Overview 2010Amap Overview 2010
Amap Overview 2010dpicazio
 
Revista de la Fundación Exportar #23
Revista de la Fundación Exportar #23Revista de la Fundación Exportar #23
Revista de la Fundación Exportar #23Noticias de Exportar
 
Revista de la Fundación Exportar #24
Revista de la Fundación Exportar #24Revista de la Fundación Exportar #24
Revista de la Fundación Exportar #24Noticias de Exportar
 
Revista de la Fundación Exportar #25
Revista de la Fundación Exportar #25Revista de la Fundación Exportar #25
Revista de la Fundación Exportar #25Noticias de Exportar
 

Viewers also liked (11)

Presentatie ppp academy
Presentatie ppp academyPresentatie ppp academy
Presentatie ppp academy
 
R&D Project
R&D ProjectR&D Project
R&D Project
 
Snowbird ski group discount
Snowbird ski group discountSnowbird ski group discount
Snowbird ski group discount
 
Informe de análisis de liturgia Manuel De Jesús Sánchez
Informe de análisis de liturgia Manuel De Jesús SánchezInforme de análisis de liturgia Manuel De Jesús Sánchez
Informe de análisis de liturgia Manuel De Jesús Sánchez
 
Pen pal letters 1 terceito trimestre
Pen pal letters 1 terceito trimestrePen pal letters 1 terceito trimestre
Pen pal letters 1 terceito trimestre
 
Clase 14.04
Clase 14.04Clase 14.04
Clase 14.04
 
Revista de la Fundación Exportar #16
Revista de la Fundación Exportar #16Revista de la Fundación Exportar #16
Revista de la Fundación Exportar #16
 
Amap Overview 2010
Amap Overview 2010Amap Overview 2010
Amap Overview 2010
 
Revista de la Fundación Exportar #23
Revista de la Fundación Exportar #23Revista de la Fundación Exportar #23
Revista de la Fundación Exportar #23
 
Revista de la Fundación Exportar #24
Revista de la Fundación Exportar #24Revista de la Fundación Exportar #24
Revista de la Fundación Exportar #24
 
Revista de la Fundación Exportar #25
Revista de la Fundación Exportar #25Revista de la Fundación Exportar #25
Revista de la Fundación Exportar #25
 

Similar to DHHS OCR steps up to increase HIPAA audits of Business Associates

HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?Redspin, Inc.
 
Anti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesAnti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesDun & Bradstreet
 
HIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsHIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsPYA, P.C.
 
The Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) ActThe Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) ActDana Boo
 
Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016DMI
 
ADP Human Capital Insights Magazine - Volume 2
ADP Human Capital Insights Magazine - Volume 2ADP Human Capital Insights Magazine - Volume 2
ADP Human Capital Insights Magazine - Volume 2Mark Schmitt
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016Compliancy Group
 
Managing the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresManaging the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresWNS Global Services
 
Cga Assignment Au1 Essay
Cga Assignment Au1 EssayCga Assignment Au1 Essay
Cga Assignment Au1 EssaySandra Arveseth
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcementsupportc2go
 
Behavioral-Based Safety – Predictive Analytics and a Safe Workplace
Behavioral-Based Safety – Predictive Analytics and a Safe Workplace Behavioral-Based Safety – Predictive Analytics and a Safe Workplace
Behavioral-Based Safety – Predictive Analytics and a Safe Workplace McKenney's Inc
 
Pharmaceutical Serialization Strategic Planning Guide
Pharmaceutical Serialization Strategic Planning GuidePharmaceutical Serialization Strategic Planning Guide
Pharmaceutical Serialization Strategic Planning GuideMichael Stewart
 
How we successfully implemented ai in audit by venkat vajradhar _ dec, 202...
How we successfully implemented ai in audit by venkat vajradhar _ dec, 202...How we successfully implemented ai in audit by venkat vajradhar _ dec, 202...
How we successfully implemented ai in audit by venkat vajradhar _ dec, 202...venkatvajradhar1
 
5 Traits of Companies Successfully Preventing Fraud and How to Apply Them in ...
5 Traits of Companies Successfully Preventing Fraud and How to Apply Them in ...5 Traits of Companies Successfully Preventing Fraud and How to Apply Them in ...
5 Traits of Companies Successfully Preventing Fraud and How to Apply Them in ...IDology, Inc
 
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdf
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdfWhite-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdf
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdfOuheb Group
 
Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations. Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations. Michael Werneburg
 
Regulating The Future Carrot or Stick ?
Regulating The Future Carrot or Stick ?Regulating The Future Carrot or Stick ?
Regulating The Future Carrot or Stick ?David Edwards MCIEH
 
Table of Experts: Insights into Cyber Security
Table of Experts: Insights into Cyber SecurityTable of Experts: Insights into Cyber Security
Table of Experts: Insights into Cyber SecurityAaron Lancaster
 

Similar to DHHS OCR steps up to increase HIPAA audits of Business Associates (20)

HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?HIPAA Security Audits in 2012-What to Expect. Are You Ready?
HIPAA Security Audits in 2012-What to Expect. Are You Ready?
 
Anti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesAnti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third Parties
 
HIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsHIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future Expectations
 
The Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) ActThe Sarbanes Oxley ( Sox ) Act
The Sarbanes Oxley ( Sox ) Act
 
Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016Top 10 Trends for Winners in Mobile 2016
Top 10 Trends for Winners in Mobile 2016
 
web-MINImag
web-MINImagweb-MINImag
web-MINImag
 
ADP Human Capital Insights Magazine - Volume 2
ADP Human Capital Insights Magazine - Volume 2ADP Human Capital Insights Magazine - Volume 2
ADP Human Capital Insights Magazine - Volume 2
 
HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016HIPAA compliance tuneup 2016
HIPAA compliance tuneup 2016
 
Managing the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance RequiresManaging the Complexities of Governance, Risk & Compliance Requires
Managing the Complexities of Governance, Risk & Compliance Requires
 
Cga Assignment Au1 Essay
Cga Assignment Au1 EssayCga Assignment Au1 Essay
Cga Assignment Au1 Essay
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
Behavioral-Based Safety – Predictive Analytics and a Safe Workplace
Behavioral-Based Safety – Predictive Analytics and a Safe Workplace Behavioral-Based Safety – Predictive Analytics and a Safe Workplace
Behavioral-Based Safety – Predictive Analytics and a Safe Workplace
 
Pharmaceutical Serialization Strategic Planning Guide
Pharmaceutical Serialization Strategic Planning GuidePharmaceutical Serialization Strategic Planning Guide
Pharmaceutical Serialization Strategic Planning Guide
 
How we successfully implemented ai in audit by venkat vajradhar _ dec, 202...
How we successfully implemented ai in audit by venkat vajradhar _ dec, 202...How we successfully implemented ai in audit by venkat vajradhar _ dec, 202...
How we successfully implemented ai in audit by venkat vajradhar _ dec, 202...
 
5 Traits of Companies Successfully Preventing Fraud and How to Apply Them in ...
5 Traits of Companies Successfully Preventing Fraud and How to Apply Them in ...5 Traits of Companies Successfully Preventing Fraud and How to Apply Them in ...
5 Traits of Companies Successfully Preventing Fraud and How to Apply Them in ...
 
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdf
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdfWhite-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdf
White-Paper-Four-Keys-to-Creating-a-Vendor-Risk-Management-Program.pdf
 
Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations. Fit for Service - A strategy for service organizations.
Fit for Service - A strategy for service organizations.
 
Regulating The Future Carrot or Stick ?
Regulating The Future Carrot or Stick ?Regulating The Future Carrot or Stick ?
Regulating The Future Carrot or Stick ?
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
 
Table of Experts: Insights into Cyber Security
Table of Experts: Insights into Cyber SecurityTable of Experts: Insights into Cyber Security
Table of Experts: Insights into Cyber Security
 

More from David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisDavid Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterDavid Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner David Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityDavid Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartDavid Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentDavid Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTDavid Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackDavid Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTDavid Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionDavid Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanDavid Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSDavid Sweigert
 

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

DHHS OCR steps up to increase HIPAA audits of Business Associates

  • 1. Leadership In The News Blog Ostendio Customers Contact Us New OCR HIPAA Audits Planned – Should Digital Health Providers Be Worried? by Grant Elliott , Founder & CEO, Ostendio FEATURES PRICING MARKETPLACE ABOUT US Page 1 of 4New OCR HIPAA Audits Planned - Should Digital Health Providers be worried? | Ostend... 4/7/2014http://ostendio.com/new-ocr-hipaa-audits-planned-digital-health-providers-worried/
  • 2. Last week the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) released its version of a Security Risk Assessment tool to “help guide health care providers in small to medium sized offices”. This comes after their announcement in February to target 12,000 companies for proactive HIPAA audits, a third of which will be Business Associates (BAs). All this activity follows criticism from some quarters that since introducing the Audit Protocols in 2011, the OCR has been largely ineffective at applying them.  With other agencies seemingly stepping in to fill the void, the OCR is under increasing pressure to step up their game and show they are able to effectively police the HIPAA regulations. So who will be affected? When the OCR conducted its first set of audits in 2011 to validate the Audit Protocol it mainly focused on large Covered Entities such as hospitals and health plans.   This time around it has indicated it will be targeting Business Associates as well, but it is probably still safe to assume it will be more focused on larger enterprises rather than small to medium sized businesses.  However, this does not mean SMBs should remain complacent as this exercise is part of a general acceleration of proactive auditing by the OCR and of course don’t forget should any company be guilty of a breach, then they immediately put themselves in the OCR strike zone. Until now, for many small and medium sized business, managing HIPAA compliance has been more of a marketing initiative than a true exercise in managing and protecting sensitive data.  This is not a criticism or a suggestion that these companies are trying to be deceptive, rather that there is an element of denial within the small to medium business community about compliance and a belief that, despite the changes in the law last year, they can continue to fly under the radar. This approach is driven by a lack of understanding about what they need to do to manage compliance. The reality is that while obtaining compliance is a never-ending journey, the first steps are relatively simple. The OCR comes down hardest on companies that have never conducted a risk assessment which is why they have now released their own Risk Assessment tool.  They are making it clear there is no excuse for not completing a risk assessment indicating a preference for companies that know where their vulnerabilities are to those that don’t. Sticking your head in the sand, or assuming that good IT practices are sufficient will only result in a stiffer penalty. It is much better to learn what you need to do and to get started down that path even if you can only do this slowly. As a smaller organization you are not expected to employ the same level of tools or resources to manage compliance but you are expected to know what compliance looks like and to have a plan to achieve it. Despite these recent announcements it is unlikely as a small to medium business that you need to be looking over your shoulder worried about a proactive OCR audit. That day may still come, but in the interim you need to be sure you are taking the appropriate actions just in case you find yourself under the microscope for less random reasons. And that starts by conducting your own Risk Assessment.   You can find more about how to manage your compliance at http://ostendio.com. Page 2 of 4New OCR HIPAA Audits Planned - Should Digital Health Providers be worried? | Ostend... 4/7/2014http://ostendio.com/new-ocr-hipaa-audits-planned-digital-health-providers-worried/
  • 3. Resources: Security 101: Security Risk Analysis – Risk Assessment Compliance 101: MyVCM High Level Risk Assessment RESOURCES Request a Demo Recent Articles In The News Pricing Marketplace COMPANY About Us Ostendio Customers Press Privacy Policy Terms of Use CONNECT WITH US.. Twitter Feed Twitter LinkedIn Facebook Latest tweets RT @WebSecurityNews: Hackers can hijack $100,000 Tesla electric cars with simple password crack, experts warn http://t.co/NCgwMjBYen 5 days ago Follow @Ostendio Page 3 of 4New OCR HIPAA Audits Planned - Should Digital Health Providers be worried? | Ostend... 4/7/2014http://ostendio.com/new-ocr-hipaa-audits-planned-digital-health-providers-worried/
  • 4. © 2014 Ostendio, Inc. All Rights Reserved Page 4 of 4New OCR HIPAA Audits Planned - Should Digital Health Providers be worried? | Ostend... 4/7/2014http://ostendio.com/new-ocr-hipaa-audits-planned-digital-health-providers-worried/