{"id":2586,"date":"2013-08-21T00:00:00","date_gmt":"2013-08-21T00:00:00","guid":{"rendered":"http:\/\/otava.test\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/"},"modified":"2013-08-21T00:00:00","modified_gmt":"2013-08-21T00:00:00","slug":"get-ready-for-hipaa-audits-with-encryption-a-risk-analysis","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/","title":{"rendered":"Get Ready for HIPAA Audits with Encryption & A Risk Analysis"},"content":{"rendered":"

Remember the pilot HIPAA audit program conducted by the OCR (Office for Civil Rights) last year? HealthCareInfoSecurity.com reports on the findings, as revealed in an interview with an OCR attorney. About 44 percent had issues with their uses and disclosures of PHI, while 20 percent had problems with their notice of privacy practices.<\/p>\n

Of the technical, physical and administrative areas of the HIPAA rule, a surprisingly large amount had issues with the administrative security<\/a> area. Nearly half had problems with their policies and procedures<\/a>, and 26 percent had issues with staff training<\/a>.<\/p>\n

\"Encryption\"<\/a>The OCR pointed out that nearly every covered entity found to be in compliance had one thing in common: they fully implemented addressable, or optional, specifications, for example – encryption<\/a><\/strong>. Another recommendation is to conduct a comprehensive risk analysis that evaluates all systems as they change frequently with IT infrastructure updates – of the providers audited, nearly 80 percent did not have a complete risk assessment.<\/p>\n

The permanent and revised HIPAA audit program will resume in fiscal year 2014 (October) with updates from their initial pilot program, and as the HIPAA omnibus rule dictates, will include business associates and covered entities alike in the scope. But instead of expanding the amount of requirements they\u2019ll be testing organizations against, they will be streamlining and using a smaller scope\/set of the various HIPAA rules in order to reach more covered entities and business associates.<\/p>\n

Another update the OCR is working on is a revised version of their current pre-HITECH audit protocol; once updated, they will announce it on their website. As Sept. 23 creeps up, the deadline for non-compliant covered entities and business associates to get in compliance with the current audit protocol, organizations will need to keep in mind that that protocol will likely change within the next year.<\/p>\n

Since compliance, and in particular, evolving regulatory standards require ongoing maintenance, it\u2019s important to stay updated on your vendor compliance dates – ask them the date of their last audit and request a copy of their HIPAA Report on Compliance (HROC). As the OCR recommends, one way to prepare for an audit is to review their protocol on their website that includes criteria and audit procedures for each requirement. View the Audit Program Protocol here.<\/a> And read more about how the protocol came to be in The HIPAA Police Are On Their Way!<\/a><\/em><\/p>\n

Learn more about the addressable but highly recommended requirement – encryption – in our upcoming webinar, Removing the ‘Cryptic’ from ‘Encryption’ – HIPAA and the Meaning of Secure PHI<\/a><\/strong><\/em>, on September 17 @2PM ET.<\/p>\n

\"HIPAA<\/a>Get in compliance with the latest technology and strategic design of a HIPAA compliant IT stack.<\/p>\n

View a diagram of a\u00a0HIPAA compliant data center<\/a>\u00a0IT infrastructure and learn about contractual requirements, benefits and risks of data center outsourcing, and vendor selection criteria in our\u00a0HIPAA Compliant Hosting White Paper<\/a>.<\/strong><\/p>\n

Related Articles:
\nHIPAA Encryption in the Cloud: Don\u2019t Sacrifice Performance for Security<\/a><\/strong><\/em>
\nEarlier this year, OCR (Office for Civil Rights) Director Leon Rodriguez was quoted on the topic of HIPAA encryption: \u201c\u2026regardless of size, covered entities must take action and will be held accountable for safeguarding their patients\u2019 health information. Encryption is an \u2026 Continue reading \u2192<\/a><\/p>\n

Cloud Security Report: Only 27 Percent Rely on Encrypted Cloud<\/a><\/strong><\/em>
\nA report released by the Ponemon Institute in Traverse City, Michigan reveals that nearly 74 percent of cloud consumers believe the cloud provider is the most responsible for protecting their data, while an alarming 63 percent of respondents aren\u2019t even \u2026 Continue reading \u2192<\/a><\/p>\n

References:
\nPreparing for HIPAA Compliance Audits<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Remember the pilot HIPAA audit program conducted by the OCR (Office for Civil Rights) last year? HealthCareInfoSecurity.com reports on the findings, as revealed in an interview with an OCR attorney. About 44 percent had issues with their uses and disclosures of PHI, while 20 percent had problems with their notice of privacy practices. Of the technical, physical and administrative areas of the HIPAA rule, a surprisingly large amount had issues with the administrative security area. Nearly half had problems with their policies and procedures, and 26 percent had issues with staff training. The OCR pointed out that nearly every covered entity found to be in compliance had one thing in common: they fully implemented addressable, or optional, specifications, for example – encryption. Another recommendation is to conduct a comprehensive risk analysis that evaluates all systems as they change frequently with IT infrastructure updates – of the providers audited, nearly 80 percent did not have a complete risk assessment. The permanent and revised HIPAA audit program will resume in fiscal year 2014 (October) with updates from their initial pilot program, and as the HIPAA omnibus rule dictates, will include business associates and covered entities alike in the scope. But instead of…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2586","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nGet Ready for HIPAA Audits with Encryption & A Risk Analysis | OTAVA<\/title>\n<meta name=\"description\" content=\"The permanent and revised HIPAA audit program will resume with updates tol include business associates and covered entities alike in the scope.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Get Ready for HIPAA Audits with Encryption & A Risk Analysis\" \/>\n<meta property=\"og:description\" content=\"The permanent and revised HIPAA audit program will resume with updates tol include business associates and covered entities alike in the scope.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-08-21T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/data-encryption.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Get Ready for HIPAA Audits with Encryption & A Risk Analysis\",\"datePublished\":\"2013-08-21T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/\"},\"wordCount\":596,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/data-encryption.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/\",\"url\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/\",\"name\":\"Get Ready for HIPAA Audits with Encryption & A Risk Analysis | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/data-encryption.png\",\"datePublished\":\"2013-08-21T00:00:00+00:00\",\"description\":\"The permanent and revised HIPAA audit program will resume with updates tol include business associates and covered entities alike in the scope.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#primaryimage\",\"url\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/data-encryption.png\",\"contentUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/data-encryption.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Get Ready for HIPAA Audits with Encryption & A Risk Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Get Ready for HIPAA Audits with Encryption & A Risk Analysis | OTAVA","description":"The permanent and revised HIPAA audit program will resume with updates tol include business associates and covered entities alike in the scope.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/","og_locale":"en_US","og_type":"article","og_title":"Get Ready for HIPAA Audits with Encryption & A Risk Analysis","og_description":"The permanent and revised HIPAA audit program will resume with updates tol include business associates and covered entities alike in the scope.","og_url":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/","og_site_name":"OTAVA","article_published_time":"2013-08-21T00:00:00+00:00","og_image":[{"url":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/data-encryption.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Get Ready for HIPAA Audits with Encryption & A Risk Analysis","datePublished":"2013-08-21T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/"},"wordCount":596,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/data-encryption.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/","url":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/","name":"Get Ready for HIPAA Audits with Encryption & A Risk Analysis | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/data-encryption.png","datePublished":"2013-08-21T00:00:00+00:00","description":"The permanent and revised HIPAA audit program will resume with updates tol include business associates and covered entities alike in the scope.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#primaryimage","url":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/data-encryption.png","contentUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/data-encryption.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/get-ready-for-hipaa-audits-with-encryption-a-risk-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Get Ready for HIPAA Audits with Encryption & A Risk Analysis"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2586"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2586\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2586"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}