October 22, 2019

October 21, 2019

Subscribe to Latest Legal News and Analysis

OCR Transmits Pre-Audit Screening Surveys to Covered Entities for Phase 2 HIPAA Compliance Audits

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently transmitted HIPAA pre-audit screening surveys to covered entities that may be selected for a second phase of HIPAA compliance audits (Phase 2 Audits). OCR is required to conduct compliance audits of covered entities and business associates under the 2009 Health Information Technology for Economic and Clinical Health Act.

Unlike the pilot audits conducted in 2011 and 2012 (Phase 1 Audits), which focused on covered entities, OCR is conducting Phase 2 Audits of both covered entities and business associates. The Phase 2 Audit program will focus on areas of greater risk to the security of protected health information (PHI) and pervasive non-compliance based on OCR’s Phase I Audit findings and observations, rather than a comprehensive review of all of the HIPAA Standards. The Phase 2 Audits are also intended to identify best practices and uncover risks and vulnerabilities that OCR has not identified through other enforcement activities. OCR will use the Phase 2 Audit findings to identify technical assistance that it should develop for covered entities and business associates. In circumstances where an audit reveals a serious compliance concern, OCR may initiate a compliance review of the audited organization that could lead to civil money penalties.

OCR had previously planned to issue the pre-audit screening surveys in the summer of 2014, but postponed their release until it completed its implementation of a new web portal that will be used for the submission of audit-related materials.

© 2019 McDermott Will & Emery

TRENDING LEGAL ANALYSIS


About this Author

Partner

Ryan S. Higgins is a partner in the law firm of McDermott Will & Emery LLP and is based in the Firm’s Chicago office. He focuses his practice on representing hospitals, health systems, private equity firms and platform companies, and other health care organizations in corporate and transactional matters, including mergers, acquisitions, joint ventures, and management arrangements. He also focuses a significant portion of his practice on representing health care organizations in matters involving health information privacy and security and HIPAA compliance.

312-984-2052
Daniel F. Gottlieb, Health Care Industry Attorney, McDermott Will Emery Law firm
Partner

Daniel Gottlieb is a partner in the law firm of McDermott Will & Emery LLP and is based in the Firm’s Chicago office.  Daniel represents a wide range of health care industry clients, including health care providers, health information technology vendors, pharmaceutical companies, medical device companies, and health plans.  He has extensive experience in advising clients on compliance with federal and state health care laws as well as representing health care industry clients in mergers, acquisitions, joint ventures, and other transactions.

312 984 6471
Edward G. Zacharias, McDermott Will Emery Law firm, Healthcare Industry Attorney
Associate

Edward G. Zacharias is an associate in the law firm of McDermott Will & Emery LLP and is based in the Firm’s Boston office.  Edward provides regulatory and transactional representation to health systems, academic medical centers, physician group practices, HMOs, faculty practice plans, nursing facilities and a variety of other health care clients.  He represents clients in connection with acquisitions, joint ventures, strategic affiliations, conversions to tax exempt status, HIPAA compliance, fraud and abuse and Stark, reimbursement,...

617-535-4018