Staying One Step Ahead of OCR Enforcement

Webinar Overview

Presented by Brian Selfridge, Meditology IT Risk Management Partner and Kevin Henry, IT Risk Management Senior Associate on October 11th, 2018

OCR enforcement activity is up.

The 2017 OCR report of Security Risk Analysis Ratings show that 57% of audited organizations scored below average. None of the audited organizations received the highest score in this area. In fact, only 12% scored above the medium range (level 3 on a scale of 1-5). Risk Management Ratings and Privacy areas were also perceived to be weak in meeting compliance requirements.

Clearly there is significant area for improvement in Risk Analysis, Risk Management, and Privacy Controls and Communication.

Listen to this webinar to learn how health organizations are responding to the increased scrutiny by the OCR as evidenced by increased enforcement activity.

The use of Security Risk Registers helps healthcare entities understand security and privacy compliance gaps. This session will provide an overview of what to capture in a Security Risk Register and real examples of how to identify and respond to risks.

Another important tool in addressing OCR requirements is maintaining current Business Associate Inventories. Learn how to effectively track vendor security assessments, reporting, and remediation progress.

Other areas health organizations are pursuing include privacy program and breach notification improvements. Speakers will present specific examples of appropriate processes and sticking points often uncovered in OCR audits.