Health Information Compliance Alert
Which Comes First: Compliance Or Strategic Risk?
PDF
Question: Should our internal audit focus on compliance or strategic risks?
Answer: “It depends,” answers Susan Ulrey, an internal audit and compliance practice leader for two CPA consulting firms who has conducted more than 100 risk assessments.
“I think that [an] internal audit should focus on compliance,” Ulrey says. “Compliance is a very, very critical part of what we do. We are highly regulated. We have privacy and security issues that we need to be responsible for.”
You can’t get away from compliance — but to add value to your organization, you really need to look at those strategic imperatives, Ulrey notes. You really need to do both; it’s not an either/or situation.
Understand that being compliance-focused is not a negative thing at all, but you still must strike the right balance within your organization of compliance and strategic risk, Ulrey points out.
Health Information Compliance Alert
- Case Study:
Don't Cut Any Corners In Your Security Rule Compliance Practices
The road to a data breach is riddled with (fixable) security potholes. Taking a lax [...] - Learn 7 Big Lessons From HIPAA Breaches
Tip: Don’t forget about physical safeguards for your paper records. Data breaches and exposure of [...] - Risk Assessment:
Understand The 6 Major Risk Categories For Your Risk Assessment
And check out 10 other risk areas that you shouldn’t overlook. You may feel like [...] - Tool:
Use This Cheat-Sheet To Mitigate Your Security Risks
Don’t forget about organizational requirements like business associate contracts. Security Rule compliance may seem overwhelming [...] - Reader Question:
Which Comes First: Compliance Or Strategic Risk?
Question: Should our internal audit focus on compliance or strategic risks? Answer: “It depends,” answers Susan Ulrey, [...] - Reader Question:
Is Sending An Unencrypted Email An Automatic Breach?
Question: If we use unencrypted email to send a message with a patient’s protected health information [...] - Reader Question:
How Can You Make Continuous Monitoring Feasible?
Question: What is the best way to develop a more continuous monitoring approach to our internal [...] - Enforcement News:
When HIPAA Trumps State Law Privacy Claims
Plus: Identity theft hackers could open you up to an investigation by the IRS and [...]