New Compliance Challenge Preparing for OCR Audits

Lisa Shuman | October 2008

Many health care organizations have placed Health Insurance Portability and Accountability Act (HIPAA) privacy under the compliance officer.  HIPAA security normally is found with information technology. In any case, whether the compliance officer has any operational management of HIPAA or not, he or she does have oversight responsibility to ensure that his or her organization is in compliance with current regulatory requirements. For many, this represents a new and difficult challenge. The purpose of this article to assist meeting this challenge.

About the Author

Ms. Shuman assists health care organizations to develop, implement and evaluate their compliance programs and HIPAA privacy programs. Ms. Shuman specializes in our firm’s HIPAA Privacy services, including leading privacy investigations, breach risk assessments, breach notification letters, breach reporting to the Office for Civil Rights and corrective actions plans. She specializes in serving as Interim Privacy Officer for large health care systems, managed care organizations, comprehensive cancer center and health care business associate.