While there have not been significant regulatory changes to HIPAA since 2013, that doesn't mean that compliance can be static. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued guidance in several areas, ranging from an individual's right of access to ransomware to visitor access to treatment areas. Additionally, we have learned further information from OCR desk audits regarding the agency's expectations for documents such as the notice of privacy practices and a patient request for access form. While this guidance does not have the force of law, covered entities and business associates would be well served considering whether to change their policies and procedures accordingly.

In this presentation, you will learn nine areas where your policies, procedures, or compliance documentation are likely outdated if they have not kept up with various OCR guidance documents.