Next Phase of HHS Office for Civil Rights HIPAA Audits

By Cheryl Camin Murray, Shareholder

03.28.16

On March 21, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that it has begun its phase 2 Health Insurance Portability and Accountability Act (“HIPAA”) audit program.   In 2011 and 2012, OCR conducted a pilot audit program (the phase 1 audit) to assess the controls and processes that 115 covered entities implemented in order to comply with HIPAA.

In the phase 2 audit, the OCR will review policies and procedures implemented by covered entities and business associates to comply with selected standards and requirements of the Privacy, Security, and Breach Notification Rules.  Every covered entity and business associate is eligible for an audit.  Most of these audits will be desk audits.  However, the OCR intends to conduct some on-site audits as well.

The audits are designed for OCR to uncover and address risks and vulnerabilities to protected health information.  The intent of the audits is to increase awareness of the HIPAA compliance obligations and to enable OCR to better target technical assistance regarding issues identified through the audits.  In addition, OCR will develop tools and guidance to assist covered entities and business associates with their compliance self-evaluations and in the prevention of breaches.  However, should an audit reveal significant compliance issues, then OCR may conduct a compliance review and further investigate the matter.

OCR published on its website a summary of the phase 2 audit program and the answers to questions regarding the audit process. This publication may be accessed via this link.  Now is the time to confirm that your HIPAA compliance program is up to date.

Contact:
Cheryl Camin Murray | cmurray@winstead.com | 214.745.5142

Disclaimer: Content contained within this news alert provides information on general legal issues and is not intended to provide advice on any specific legal matter or factual situation. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship.  Readers should not act upon this information without seeking professional counsel.                

Media Contact

Stephen Hastings
Director of Communications & Media Relations  
713.650.2485 Direct
832.343.4228 Mobile
shastings@winstead.com

Search Tips:

You may use the wildcard symbol (*) as a root expander.  A search for "anti*" will find not only "anti", but also "anti-trust", "antique", etc.

Entering two terms together in a search field will behave as though an "OR" is being used.  For example, entering "Antique Motorcars" as a Client Name search will find results with either word in the Client Name.

Operators

AND and OR may be used in a search.  Note: they must be capitalized, e.g., "Project AND Finance." 

The + and - sign operators may be used.  The + sign indicates that the term immediately following is required, while the - sign indicates to omit results that contain that term. E.g., "+real -estate" says results must have "real" but not "estate".

To perform an exact phrase search, surround your search phrase with quotation marks.  For example, "Project Finance".

Searches are not case sensitive.

back to top