OCR has Initiated Phase 2 HIPAA Audits
April 12, 2016 10:52 AM
The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has announced Phase 2 of their Health Insurance Portability and Accountability Act (HIPAA) Audit Program.
Phase 2 audits are currently under way and begin with verification of an entity’s address and contact information. An email is being sent to covered entities and business associates requesting that contact information be provided to OCR. OCR will then transmit a pre-audit questionnaire to gather data about the size, type, and operations of potential auditees; this data will be used with other information to create potential audit subject pools.
OCR will review the policies and procedures used by covered entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. OCR anticipates that the audits will primarily be desk audits, although some on-site audits will be conducted.
OCR maintains that the audits are primarily a compliance improvement activity. From the results of the audits, the OCR will be better able to guide compliance efforts with particular aspects of the HIPAA Rules. Generally, OCR will use the audit reports to determine what types of technical assistance should be developed and what types of corrective action would be most helpful. OCR will develop tools and guidance to assist the industry in compliance self-evaluation and in preventing breaches.
For more information on the HIPAA audits click here.