WEBINAR REPLAY: Staying One Step Ahead of OCR
Thursday, October 11 at 1PM EST
Presented by Brian Selfridge, Meditology IT Risk Management Partner
and Kevin Henry, Meditology IT Risk Management Manager
OCR enforcement activity is up. The 2017 OCR-issued report of Security Risk Analysis Ratings show that 57% of audited organizations scored below average, and no organizations audited received the highest score in this area.
In fact, only 12% scored above the medium range (level 3 on a scale of 1-5). Risk Management Ratings and Privacy areas were also perceived to be weak in meeting compliance requirements. Clearly there is significant area for improvement in Risk Analysis, Risk Management and Privacy Controls and Communication.
Hear how peer health organizations are responding to the increased scrutiny by the OCR as evidenced by increased enforcement activity:
- The use of Security Risk Registers helps healthcare entities in understanding security and privacy compliance gaps. This session will provider attendees with an overview of what to capture in a Security Risk Register and real examples of how they are used to identify and respond to risks.
- Another important tool in addressing OCR requirements is maintaining current Business Associate Inventories. The speakers will address how effectively track vendor security assessments, reporting and remediation progress.
- Other areas that health entities are pursuing in response to OCR enforcement includes Privacy Program and Breach Notification Improvements. Speakers will present specific examples of appropriate processes and sticking points often uncovered in OCR audits.