CynergisTek’s OCR Mock Audit Service

December 5, 2016 Jana Langhorne

Verify Your HIPAA Compliance and Test Your OCR Audit Readiness

CynergisTek offers an OCR Mock Audit service designed to verify healthcare organizations’ compliance with HIPAA Privacy, Security and Breach Notification Rules, and test audit readiness. CynergisTek’s OCR Mock Audit service is engineered to simulate the actual experience of a random audit conducted by the Office of Civil Rights (OCR), and is administered with the same strict approach and document requests as OCR to ensure audit readiness.

OCR has begun the next round of random OCR audits by conducting desk audits of 167 covered entities in the summer of 2016, while business associates began receiving audit notifications in December 2016.

“CynergisTek’s OCR Mock Audit service helped us prepare for the OCR HIPAA audit process immensely,” said Daniel Bowden, chief information security officer at the University of Utah Health Care. “We worked at our own pace to identify and address any gaps that may have been problematic down the line, and received actionable insights from CynergisTek for improving our overall security posture. Today, we feel more confident than ever in our ability to respond to an audit.”

CynergisTek’s OCR Mock Audit helps healthcare organizations – both covered entities and business associates – proactively identify areas for improvement, including gaps in documentation and staff education. The service offers organizations a unique opportunity to experience the same OCR process in real-time, learn the documentation request and review process, and understand the OCR audit protocol. Upon completion, CynergisTek presents its findings and observations in a report that mirrors OCR’s. The end result for healthcare organizations is comprehensive preparedness and better performance in future audits.

“OCR has made no secret of its plans to ramp up its enforcement efforts next year,” said Mac McMillan, CEO of CynergisTek. “As regulatory requirements continue to increase, keeping up has become a much more challenging feat, and healthcare organizations often lack the internal resources and expertise to feel confident in their audit readiness. We’re happy to be offering this service as a value-add and to provide peace-of-mind to our clients that they have a privacy and security partner they can count on.”

CynergisTek participated in several audits during OCR’s pilot program in 2012, supporting its provider clients from the notification process through the formal report of findings. This firsthand experience allows the company to provide healthcare organizations expert guidance on preparation, protocol and what OCR requires of privacy and security programs. “This service is as close to the real thing as you’re going to experience,” said David Holtzman, VP of Compliance at CynergisTek and former OCR Senior HIPAA Policy Advisor. “We placed a lot of importance on making it relevant.”

CynergisTek’s audit services are tailored to meet OCR’s specific standards and are delivered by experienced industry experts. They are designed to provide an independent, thorough assessment of an organization’s audit readiness and overall compliance status. The company’s services offer programmatic, technical and advisory support to help organizations appropriately respond to audits, as well as valuable education that empowers staff to address system vulnerabilities and organizational risk. In addition to its selection of audit services, CynergisTek also offers a variety of consulting services.

Click here for a complete list of CynergisTek’s audit service offerings.

Previous Article
Designating Hybrid Entity Status Under HIPAA in a University Setting
Designating Hybrid Entity Status Under HIPAA in a University Setting

My colleague David Holtzman recently wrote a blog post on the OCR resolution agreement with the University ...

Next Article
OCR Alert: Phishing Email Disguised as an Official OCR Audit Communication
OCR Alert: Phishing Email Disguised as an Official OCR Audit Communication

The Office for Civil Rights (OCR) sent a notice that warns of a phishing email scam. The email is for an au...