JOIN NOW | Print Page | Contact Us | Sign In
News & Press: Latest News

OCR Launches Phase 2 of HIPAA Audit Program

Thursday, March 24, 2016  
Posted by: Caitlin Price
Share |

As a part of its continued efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the HHS Office for Civil Rights (OCR) has begun its next phase of audits of covered entities and their business associates. Audits are an important compliance tool for OCR that supplements OCR’s other enforcement tools, such as complaint investigations and compliance reviews. These tools enable OCR to identify best practices and proactively uncover and address risks and vulnerabilities to protected health information (PHI).


  • Audits will be primarily desk audits, although some on-sites will be conducted
  • Email being sent to entities for verification; OCR will then send a pre-audit questionnaire to entity
  • If entity does NOT respond to OCR's verification email, OCR will use publically available information about entity to create its audit subject pool
  • If your entity's spam filtering and virus protection are enabled, OCR expects entities to check their junk or spam folders in case OCR emails are classified as spam
  • Audit protocol will be updated to reflect the HIPAA Omnibus Rulemaking and can be used by organizations to conduct their own internal self-audits as part of their HIPAA compliance activities

Read the full news release courtesy of AllMeds Specialty Practice Services.


2400 Ardmore Blvd., Suite 302
Pittsburgh, PA 15221
Phone: 412-243-5156
Fax: 412-243-5160

Privacy Statement