Office of Inspector General: OCR should strengthen its oversight of covered entities’ compliance with the HIPAA privacy standards.

OIG has recently completed a study of OCR’s HIPAA audit program and published the following recommendations:
(1) OCR should fully implement a permanent audit program
(2) OCR should maintain complete documentation of corrective action
(3) OCR should develop an efficient method in its case-tracking system to search for and track covered entities
(4) OCR should develop a policy requiring OCR staff to check whether covered entities have been previously investigated
(5) OCR should continue to expand outreach and education efforts to covered entities. OCR concurred with all five recommendations and described its activities to address them.

OCR’s chief Jocelyn Samuels has concurred with all the recommendations of OIG.

For the complete report please visit our Slideshare page:



Share this in :
The following two tabs change content below.
Our mission is to assist healthcare organizations and business associates in the development, design, and implementation of practices to secure IT systems and comply with HIPAA/HITECH privacy, security, breach and enforcement rules by protecting patient health information.