Engagements

CRA retained to serve as the OCR-approved assessor under the terms of the CAP

One of the nation’s largest non-profit hospital systems entered into a multi-million dollar settlement and Corrective Action Plan with HHS OCR for potential violations of HIPAA involving PHI. CRA was retained to serve as the OCR-approved assessor under the terms of the CAP, focusing on compliance with policies and procedures related to information security and data privacy. CRA is assisting the hospital system comply with its obligations under the CAP, strengthen the efficacy of its information security and privacy program, and enhance its culture of compliance. 

Related Capabilities