Open Recommendations
Recommendation Number | Significant Recommendation | Recommended Questioned Costs | Recommended Funds for Better Use | Additional Details | |
---|---|---|---|---|---|
25-A-18-015.01 | No | $0 | $0 | ||
We recommend that the Office for Civil Rights expand the scope of its HIPAA audits to assess compliance with physical and technical safeguards from the Security Rule. | |||||
25-A-18-015.02 | No | $0 | $0 | ||
We recommend that the Office for Civil Rights document and implement standards and guidance for ensuring that deficiencies identified during the HIPAA audits are corrected in a timely manner. | |||||
25-A-18-015.03 | No | $0 | $0 | ||
We recommend that the Office for Civil Rights define and document criteria for determining whether a compliance issue identified during a HIPAA audit should result in OCR initiating a compliance review. | |||||
25-A-18-015.04 | No | $0 | $0 | ||
We recommend that the Office for Civil Rights define metrics for monitoring the effectiveness of OCR's HIPAA audits at improving audited entities' protections over ePHI and periodically review whether these metrics should be refined. |