Working with OCR Investigators

Ask HIPAA Privacy and Security officers what they dread most and an OCR investigation will be high on their list. The thought of being investigated by a federal agency can be scary for healthcare organizations, said Heather Noonan,senior project manager with ID Experts' data breach response team in Portland, Ore.

Noonan, who has extensive experience working with OCR, recently sat down with an OCR investigator to get tips on how organizations can best deal with the federal agency if investigators come knocking.

Remember that OCR investigators are there to make sure organizations are taking the necessary steps to protect people's PHI, said James Christiansen, chief information security and risk officer at RiskyData in Aliso Viejo, Calif. They are not there to make life difficult for organizations following an incident or breach.