OCR HIPAA Audit Program Overview

June 22, 12:00pm, EDT - 1:00pm, EDT


Non-member Price: 
Member Price: 
Student Price: 
OCR HIPAA Audit Program Webinar


An Overview of the OCR HIPAA Audit Program

Session Synopsis:

 In March of 2016, The Office for Civil Rights (OCR) launched the second phase of their Health Insurance Portability and Accountability Act (HIPAA) audit program. This program will increases the number desk audits of both covered entities and business associates. These audits will examine compliance with specific requirements of the Privacy, Security, or Breach Notification Rules and will be completed by the end of December 2016. Whether you are a covered entity or a business associate, you should make sure your practice is complaint with the HIPAA regulations. In this presentation, we will cover:



  • An overview of the OCR HIPAA audit program
  • The details of what practices should expect if they receive an audit letter
  • A discussion on how to best prepare for a possible audit
  • Discussion on other OCR activities that may result in a letter from OCR (e.g., complaints, breaches, etc)
  • A review of the required steps when completing a thorough security risk assessment

Brent Mckune, CPHIMS, CHPS—Senior Project Manager, KY REC

Brent is a Senior Project Manager with the Kentucky REC.  A graduate of the University of Kentucky, with a bachelor’s degree in Decision Science Information Systems, Brent offers more than 16 years of experience in healthcare IT, starting with his role coordinating a centralized health information system for a large, and integrated hospital network.  Brent recently returned to the REC from a System Consultant Senior Analyst/Systems Operations Manager at Xerox Services in Frankfort, KY. Brent’s primary focus at the Kentucky REC is assisting critical access hospitals (CAHs) and rural hospitals (RHs) in achieving meaningful use by providing advanced technical and meaningful use support. Brent has worked with numerous EHR’s in hospital and provider settings in which he provided guidance and best practices for system implementation—while achieving meaningful use. Brent has also served as the KY  REC’s primary lead for a CDC grant aiding in the exchange of systemic therapy data for the Kentucky Cancer Registry (KCR) and the overall development of the Privacy and Security service line. Brent currently carries the AHIMA Certified HIPAA Privacy and Security (CHPS) and HIMSS Certified Professional in Healthcare Information & Management Systems (CPHIMS) certifications.


Chris Reams, MA, CHPS—Director for Research and Business Development, KY REC

Chris Reams is the Director for Research and Business Development at the Kentucky REC.  Chris brings more than 9 years of public health and healthcare experience to the Kentucky REC with previous work as a consultant and program manager in both the public and private sectors. He earned his Master’s in Health Communication from the Johns Hopkins University and a Bachelor’s degree in Conflict Studies from DePauw University. Chris also holds credentialing with AHIMA, Certified in Healthcare Privacy and Security (CHPS). He has provided security and regulatory guidance to clients since 2013.  He frequently lectures on HIPAA Security compliance, breach mitigation strategies, and data safety techniques. In his current capacity, Chris leads the expansion and management of numerous partnerships at the Kentucky REC.  Including work with the KY Cabinet for Health and Family Services to implement state-level strategic plans for Health IT initiatives, the development of health system/primary care partnerships across the Commonwealth, and manages the implementation of a suite of integrated services for 20 FQHCs across the state. Chris also leads and supports numerous grant submissions and responses to funding announcements for the Kentucky REC.