As part of the Phase 2 HIPAA Audit Program, OCR would review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. The best method to ensure complete compliance is for the Risk Assessment to be conducted using the HITRUST Security Framework.
The objective of the HIPAA & HITECH Risk Assessment and Compliance Review is to ensure you’re your organization is in compliance with the HIPAA Privacy, Security and Breach Notification Rules.
Complete the Information Request form
and Audit Serve will contact you to scope out the HIPAA & HITECH Risk Assessment and Compliance Review of your organization and establish a proposal for the engagement.