OCR Launches Phase 2 of HIPAA Audit Program
Thursday, March 24, 2016
Posted by: Caitlin Price
As a part of its continued efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the HHS Office for Civil Rights (OCR) has begun its next phase of audits of covered entities and their business associates. Audits are an important compliance tool for OCR that supplements OCR’s other enforcement tools, such as complaint investigations and compliance reviews. These tools enable OCR to identify best practices and proactively uncover and address risks and vulnerabilities to protected health information (PHI).
- Audits will be primarily desk audits, although some on-sites will be conducted
- Email being sent to entities for verification; OCR will then send a pre-audit questionnaire to entity
- If entity does NOT respond to OCR's verification email, OCR will use publically available information about entity to create its audit subject pool
- If your entity's spam filtering and virus protection are enabled, OCR expects entities to check their junk or spam folders in case OCR emails are classified as spam
- Audit protocol will be updated to reflect the HIPAA Omnibus Rulemaking and can be used by organizations to conduct their own internal self-audits as part of their HIPAA compliance activities
Read the full news release courtesy of AllMeds Specialty Practice Services.