It’s been estimated that there will be 200 – 500 healthcare organizations audited this year and into 2017. The key areas that the OCR is expected to scrutinized include:

Does the healthcare organization have policies and procedures in place for notifying patients and the public after a breach?

What are the practice’s protocols for protecting patient data if a breach occurs?

Has the practice performed a thorough analysis of their risk of data breaches or losses?

Are the practice’s business associates in compliance with HIPAA?

What are the practice’s employee’s training policies?

Does the healthcare organization have security officers in place?

What are the mechanisms and procedures for providing patients with health data?

What policies are in place to control employee access to PHI?