In the wake of several large breaches, OCR is ready to ramp up its oversight of HIPAA compliance as it embarks upon Phase 2 of its HIPAA privacy, security, and breach notification audits. OCR began preparing for this round of audits around the same time that news broke of the second-largest HIPAA breach in the U.S., a hacking incident that affected 4.5 million patients treated at or referred to Tennessee-based Community Health Systems, Inc.
The HIPAA Security Rule requires implementing risk management tools and techniques to adequately and effectively safeguard ePHI. Risk analysis and management provides the foundation for an organization's Security Rule compliance efforts, and reinforces its strategy to protect the confidentiality, integrity, and availability of vital information.