Jennifer L. Rathburn quoted in article “Latest Round of OCR HIPAA Audits Not a Reason for Panic”HealthIT Security 07/25/16
Below is an excerpt:
For the Breach Notification Rule, the timeliness of notification and the content within the notification will be investigated.
“It should be no surprise to any covered entity that they’re also focusing in on whether a covered entity has completed a risk analysis and whether they have really taken the results of that and integrated it into their risk management process,” Rathburn explained. “Many of the most recent enforcement actions the OCR has taken have been related to a not completed risk analysis or properly incorporating vulnerabilities and risks into the risk management process.”