|Having trouble seeing this email. View it online.|
Get Ready for the OCR's Second-Phase Audits
The Department of Health and Human Services' Office of Civil Rights (OCR) has begun its second phase of audits to gauge covered entities' compliance with HIPAA's security and privacy requirements.
HIPAA-covered entities will have their compliance efforts put to the test and Business Associates will not escape. They too will be assessed using the HIPAA Privacy, Security and Breach Notification Rules.
Here are some things you need should the OCR come knocking at your door:
- A documented risk assessment.
- Written policies and procedures that address the privacy and security standards and any vulnerabilities that were found during the risk assessment.
- A written incident response plan for responding to breaches of unsecured Protected Health Information (PHI).
- A security plan for mobile devices and storage media and/or a Bring Your Own Device (BYOD) policy regarding your staff's personal mobile devices.
- A documented training program for new workforce members and periodically for all of your staff.
- A compliant Notice of Privacy Practices for patient review.
- Appropriate agreements with your business associates.
Read More:An MSSP Can Help You Stay HIPAA CompliantYou Need a Risk Assessment to be HIPAA CompliantIMPACT ANALYSIS from a Compliance Attorney: Second phase audits of patient-privacy compliance starting under U.S. health agency
Save the Date
Lunch and Learn: Understanding the Sensitive Healthcare Data You Keep
Join Sword & Shield Vice President of Services Fred Cobb for lunch at the Crown Plaza, Salon B in downtown Knoxville and discover how to easily locate sensitive data throughout your network so that your organization can successfully maintain a high level of security and meet compliance requirements.Register Here →Webinar: Zero to Fully Managed
Can a Managed Security Services Provider (MSSP) help you protect your business while keeping your bottom line in check?
Join Sword & Shield Director of Managed Security Services Brent Cantrell on Tuesday, March 8 from 1 to 2 p.m. as he discusses how to become "Zero to Fully Managed."Register Here →