The objectives of this chapter are as follows:

Understand that regulations are requirements that need to be met by the covered entity.

Understand regulations assist in the development of policies.

Understand procedures utilize standards to implement policies.

Understand guidelines are set by procedures.

Determine what is meant by reasonable safeguards to secure electronic protected health information.

Determine what the covered entity should concentrate on in regard to becoming compliant.

Understand the importance of conducting a risk assessment.

Understand the importance of security awareness training.

Determine if the covered entities’ current business associate agreements contain the required elements.

Understand what will be expected from the audit pilot program designed by the Office for Civil Rights (OCR) to conduct compliance assessments on covered entities.

Understand the differences between the SAS 70 and SSAE 16 audits.