May 24, 2016
This webinar was previously recorded on May 24, 2016. To access the recorded presentation, please click here.

OCR Audits Are Coming – Is Your Organization Prepared?
May 24, 2016

OCR has finally launched its Phase 2 formal audits of Covered Entities (CEs) and Business Associates (BAs). The first step of an audit will consist of OCR reviewing a CE's policies, procedures, and processes for HIPAA Privacy, Security, and Breach Notification Compliance. If significant noncompliance is uncovered, OCR may probe further with an on-site inspection. Upon notice of an OCR audit, OCR will require CEs and BAs to produce their HIPAA policies, procedures, and other compliance documents within 10 days. If you wait until notice of an audit to shore up your HIPAA policies, procedures and compliance documents, it will be too late. All this occurs under the backdrop of dramatically increased HIPAA enforcement actions by OCR; in the first quarter of 2016 alone, OCR extracted settlements or imposed CMPs in six formal cases ranging from $125,000 to $3.9 million. That is as many settlements as OCR extracted in the entire year of 2015.

How are your HIPAA policies and procedures? Have you ever developed them? Can you find them? Will they pass an OCR review? Has your organization undergone a HIPAA Security Risk Analysis? Has it been updated? An ounce of HIPAA preparation now will save $100,000s in cure later. Polsinelli presents this webinar to explain what to expect from an OCR audit and how to prepare a "HIPAA audit binder" that will put you in a better position to respond to OCR if the agency should come knocking.

  • Know what to expect from an OCR audit
  • What should be in your "HIPAA audit binder"
  • The importance of up-to-date HIPAA Privacy and Security policy and procedures and a Risk Analysis
  • How past incident reports and breach protocols will be treated by an OCR audit, or the suspicions raised if you have none