HIPAA Audit Prep and Breach PreventionAttorney Points to Government Report for Insights
Last year's report from the Department of Health and Human Services' Office of the Inspector General focused on technical vulnerabilities identified in seven audits, McCrystal, a HIPAA compliance expert, explains. These included: vulnerabilities related to wireless access, access control, audit control, integrity control, person or entity authentication and transmission security.
In an interview with HealthcareInfoSecurity, McCrystal reviews the details of the OIG report, written to call attention to a lack of HIPAA enforcement. The report, for example, found that some hospitals had not updated anti-virus software and had audit logging functions disabled.
"We are suggesting to our clients that they understand this report and develop a potential work plan and self-audit mechanism to go through their own operations in light of the findings within the report to see where they may have vulnerabilities," he says.
The Department of Health and Human Services' Office for Civil Rights, which enforces HIPAA, plans to conduct about 150 HIPAA compliance audits in 2012 (see: HIPAA Audits Move Forward).
In the interview, McCrystal also:
McCrystal is a partner in the healthcare group of the law firm Ropes & Gray. He works with healthcare clients on wide variety of regulatory issues, including HIPAA privacy and security rule compliance.