7 steps to pass, or better yet avoid, an OCR security audit

The U.S. Department Health and Human Services’ Office for Civil Rights (OCR) is responsible for enforcing compliance with HIPAA security and privacy regulations. OCR conducts audits triggered by patient complaints or reported breaches. Healthcare organizations can avoid or pass OCR audits by educating staff, designating a security officer, reviewing policies and procedures, performing security risk analysis, working with vendors, creating a risk management plan, reviewing business associate agreements, and providing regular HIPAA training.