Office for Civil Rights: Phase Two HIPAA Audits Underway
Tuesday, July 12, 2016

Today, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) provided an update on its Phase Two HIPAA audit program.

Selected Entities. The Phase Two audit program began a few months ago with the distribution of contract versification letters and screening questionnaires. The audits have now kicked into high gear, as OCR confirmed today that 167 covered entities (health plans, health care providers, and health care clearinghouses) selected for the Phase Two desk audits were notified yesterday (July 11) via email regarding their selection. Selected entities have ten business days (i.e., until July 22) to respond to document requests, including the list of the entity’s business associates. OCR also explained today that it will conduct an audit webinar for selected entities to explain the desk audit process and respond to entity questions.

OCR specified that desk audits of business associates will begin this fall.

Audit Focus. Today OCR also provided notice of the specific compliance requirements that are the focus for the Phase Two desk audits, which were selected by OCR because pilot audits and enforcement activities have identified these provisions as frequent areas of noncompliance:

  • Privacy Rule: (1) Notice of Privacy Practices and consent requirements (45 C.F.R. §§ 164.520(a)(1) and (b)(1)); (2) provision of notice – electronic notice (45 C.F.R. § 164.520(c)(3)); and (3) right to access (45 C.F.R. §§ 164.524(a)(1), (b)(1), (c)(2), (c)(3), (c)(4), (d)(1), and (d)(3)).

  • Breach Notification Rule: (1) timeliness of notification (45 C.F.R. § 164.404(b)) and (2) content of notification (45 C.F.R. § 164.404(c)(1)).

  • Security Rule: (1) security management process – risk analysis (45 C.F.R. § 164.308(a)(1)(ii)(A)) and (2) security management process – risk management (45 C.F.R. § 164.308(a)(1)(ii)(B)).

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins