Get Live Chat Request a Callback Get live demo

← Back

7 steps to pass, or better yet avoid, an OCR security audit


Troy Young, chief technology officer at AdvancedMD and a cybersecurity expert, offers IT and infosec professionals some useful advice to help manage the potential of HIPAA audits.

for auditing and enforcing compliance with the HIPAA security and privacy regulations, as well as the additional rules and clarifications contained in HITECH.

OCR enforces privacy and security rules through compliance audits, education and outreach, and subsequent fines or mitigation expenses. OCR also works with the Department of Justice on possible criminal violations.

An OCR audit usually is triggered by one of two events: Either a complaint has been filed against the practice by a patient or an internal whistleblower, or the practice has reported a breach to OCR.

“Breaches affecting 500 individuals or more must be reported to OCR, in addition to other reporting requirements,” explained Troy Young, chief technology officer at AdvancedMD, a medical office platform vendor.

“However, there’s no direct correlation between the magnitude of a breach and OCR’s fine,” said Young, who recently completed a master’s degree in cybersecurity from Utah Valley University.

Continue reading the article featured in Health IT News.

Topic: Uncategorized

Other Resources Related to This Topic


2023 Fall Release On-Demand Webinar

We’re excited to share the new features and many enhancements to our practice management, EHR,...


What You Should Know About Medicaid Redetermination

In this recorded webinar you’ll learn how to redetermine the eligibility of your client’s Medicaid...


Experts answer your HIPAA compliance and 405(d) questions

In this recorded webinar, we’ll highlight changes to HIPAA regulations and highlight best cybersecurity practices....

“The money I have invested in AdvancedMD is miniscule compared to the return. I have never been more efficient – ever – in my professional life as I am now.”

Jed Shay, MD
The Pain Care Center

Read the story  ›

“[Our] patients are very well-educated and well-informed, and they want to see results quickly. The practice has to run extremely efficiently and be accessible to them. The nice thing about [AdvancedMD] is it has allowed me to be more efficient both in and out of the office. Now I don’t have to come back into the office, which is great for my family and everything else. It saves me a lot of time – probably an hour a day on the three days I work in the second office.”

Keith Berkowitz, MD
Center for Balanced Health

Read the story  ›
Estaban Lavato, MD - La Loma Medical Center

“The best thing I ever did in private practice was getting AdvancedMD—it has liberated me.”

Estaban Lavato, MD
La Loma Medical Center

“Having integrated practice management and EHR is absolutely wonderful, you don’t have to flip back and forth between systems—all of your information is at hand when needed.”

Raju Raval, MD

Read the story  ›