The objectives of this chapter are as follows: ■

Understand that regulations are requirements that need to be met by the covered entity.

■

Understand regulations assist in the development of policies.

■

Understand procedures utilize standards to implement policies.

■

Understand guidelines are set by procedures.

■

Determine what is meant by reasonable safeguards to secure electronic protected health information.

■

Determine what the covered entity should concentrate on in regard to becoming compliant.

■

Understand the importance of conducting a risk assessment.

■

Understand the importance of security awareness training.

■

Determine if the covered entities’ current business associate agreements contain the required elements.

■

Understand what will be expected from the audit pilot program designed by the Office for Civil Rights (OCR) to conduct compliance assessments on covered entities.

■

Understand the differences between the SAS 70 and SSAE 16 audits.