Audit Issues by Area:
- Conduct Risk Analysis (17)
- Grant Modify User Access (17)
- Incident Response (11)
- Contingency Planning (34)
- Media Reuse and Destruction (18)
- Encryption (10)
- User Activity Monitoring (46)
- Authenticatin/Integrity (19)
- Physical Access (9)
- Policies and Procedures
- Priority HIPAA Compliance Programs
- Conduct of Risk Assessment
- Managing third party risks
NEXT STEPS based on the reviews:
- Conduct a robust review & assessment
- Determine Lines of Business affected by HIPAA
- Map/Flow PHI movement within your organization, as well as flows to/from third parties
- Find all of your PHI
- See guidance available on OCR web site
The full slide deck from the presentation is in the attached link.
http://csrc.nist.gov/news_events/hiipaa_june2012/day2/day2-2_lsanches_ocr-audit.pdf?goback=%2Egde_2473393_member_124101464
More information about the Audit Program can be found here: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html
No comments:
Post a Comment