January 24, 2022

Volume XII, Number 24

Advertisement
Advertisement

January 21, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Office for Civil Rights: Phase Two HIPAA Audits Underway

Today, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) provided an update on its Phase Two HIPAA audit program.

Selected Entities. The Phase Two audit program began a few months ago with the distribution of contract versification letters and screening questionnaires. The audits have now kicked into high gear, as OCR confirmed today that 167 covered entities (health plans, health care providers, and health care clearinghouses) selected for the Phase Two desk audits were notified yesterday (July 11) via email regarding their selection. Selected entities have ten business days (i.e., until July 22) to respond to document requests, including the list of the entity’s business associates. OCR also explained today that it will conduct an audit webinar for selected entities to explain the desk audit process and respond to entity questions.

OCR specified that desk audits of business associates will begin this fall.

Audit Focus. Today OCR also provided notice of the specific compliance requirements that are the focus for the Phase Two desk audits, which were selected by OCR because pilot audits and enforcement activities have identified these provisions as frequent areas of noncompliance:

  • Privacy Rule: (1) Notice of Privacy Practices and consent requirements (45 C.F.R. §§ 164.520(a)(1) and (b)(1)); (2) provision of notice – electronic notice (45 C.F.R. § 164.520(c)(3)); and (3) right to access (45 C.F.R. §§ 164.524(a)(1), (b)(1), (c)(2), (c)(3), (c)(4), (d)(1), and (d)(3)).

  • Breach Notification Rule: (1) timeliness of notification (45 C.F.R. § 164.404(b)) and (2) content of notification (45 C.F.R. § 164.404(c)(1)).

  • Security Rule: (1) security management process – risk analysis (45 C.F.R. § 164.308(a)(1)(ii)(A)) and (2) security management process – risk management (45 C.F.R. § 164.308(a)(1)(ii)(B)).

©2022 von Briesen & Roper, s.cNational Law Review, Volume VI, Number 194
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

von Briesen & Roper’s Health Law Section provides comprehensive legal services to the health care industry nationwide as both general counsel and special project counsel. Our clients include integrated delivery systems, academic medical centers, community hospitals, Catholic-sponsored hospitals, rural and critical access hospitals, imaging centers, physicians and multi-specialty clinics, specialty hospitals, ancillary suppliers, home health agencies, nursing homes, hospices, assisted living facilities, mental health and AODA facilities, DME suppliers, laboratories,...

414-287-1514
Advertisement
Advertisement
Advertisement