OCR changes HIPAA Audit Requirements

BREAKING NEWS...

The OCR updates HIPAA Audit Requirements

The OCR which enforces HIPAA regulations has made some dramatic changes to the HIPAA audit requirements by adding the Health Industry Cybersecurity Practices (HICP).What is HICP you ask?  Take a listen to Rob and Dawn on this weeks POD as they breakdown what this means and how it affect you and your business.What does this mean for you & your business?  Our team is already working on updating our HIPAA Audit Platform so that you are in compliance with the new requirements.Below are the 4 key updates and changes which is reflective in the new HIPAA Security Risk Audit:1. The HICP Main Document has been updated to renew our call to action to secure patient safety and includes new cybersecurity strategies such as Zero Trust and Defense in Depth. It also now includes a section on the importance of workplace training and awareness and provides guidance on why each role in a HPH organization is important to keeping patients safe from cyber threats.2. The threat E-mail Phishing is now expanded as Social Engineering. While the definitions between both editions are similar, social engineering threats encompass more than just email phishing! Some new items addressed by this new threat: Smishing, Whaling, Business E-mail Compromise, and more!3. Cybersecurity Practice on Network Connected Medical Devices has been fully updated. This section has been thoroughly updated with new subpractices to ensure the protection of the growing use of network connected medical devices in the HPH sector.4. Cybersecurity Practice has been updated from Cybersecurity Policies to Cybersecurity Oversight and Governances. Now, this section will not only include relevant policies your organization needs, but also provides guidance on governance and oversight structures each organization should have in place to assess and monitor their cybersecurity program.-The VanRein Team