Phase 2 of HIPAA Audit Program Launches

Below is a release from the Office for Civil Rights (OCR) regarding the 2016 Phase 2 HIPAA Audit Program. If you have any questions regarding HIPAA Privacy, please consult one of the attorneys from Barrett McNagny's Health Care Group

As a part of its continued efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the HHS Office for Civil Rights (OCR) has begun its next phase of audits of covered entities and their business associates. 

Audits are an important compliance tool for OCR that supplements OCR's other enforcement tools, such as complaint investigations and compliance reviews. These tools enable OCR to identify best practices and proactively uncover and address risks and vulnerabilities to protected health information (PHI). In its 2016 Phase 2 HIPAA Audit Program, OCR will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. These audits will primarily be desk audits, although some on-site audits will be conducted. 

The 2016 audit process begins with verification of an entity's address and contact information. An email is being sent to covered entities and business associates requesting that contact information be provided to OCR in a timely manner. OCR will then transmit a pre-audit questionnaire to gather data about the size, type, and operations of potential auditees; this data will be used with other information to create potential audit subject pools. If an entity does not respond to OCR's request to verify its contact information or pre-audit questionnaire, OCR will use publically available information about the entity to create its audit subject pool. Therefore an entity that does not respond to OCR may still be selected for an audit or subject to a compliance review. 

Communications from OCR will be sent via email and may be incorrectly classified as spam. If your entity's spam filtering and virus protection are automatically enabled, we expect entities to check their junk or spam email folder for emails from OCR. The audit program is developing on pace and OCR is committed to transparency about the process. OCR will post updated audit protocols on its website closer to conducting the 2016 audits. The audit protocol will be updated to reflect the HIPAA Omnibus Rulemaking and can be used as a tool by organizations to conduct their own internal self-audits as part of their HIPAA compliance activities. OCR's audits will enhance industry awareness of compliance obligations and enable OCR to better target technical assistance regarding problems identified through the audits. Through the information gleaned from the audits, OCR will develop tools and guidance to assist the industry in compliance self-evaluation and in preventing breaches. We will evaluate the results and procedures used in our phase 2 audits to develop our permanent audit program. 

To learn more about OCR's Phase 2 Audit program, please visit our website.

Barrett McNagny LLP

Legal Disclaimer

The information contained in the Barrett McNagny LLP website is for informational purposes only and should not be considered legal advice on any subject matter. Furthermore, the information contained on our website may not reflect the most current legal developments. You should not act upon this information without consulting legal counsel.

Your transmission and receipt of information on the Barrett McNagny LLP website, or sending an e-mail to one of our attorneys or staff, will not create an attorney-client relationship between you and Barrett McNagny LLP. If you need legal advice and want to establish an attorney-client relationship with Barrett McNagny LLP, please contact one of our attorneys by telephone, email, or other means of communication, and allow the attorney to confirm that the firm does not represent other persons or entities involved in the matter and that the firm is willing to accept representation. Until such confirmation is provided by one of our attorneys, you should not transmit information to us that you consider confidential. If you do provide information to us, and no attorney-client relationship is established, the information will not be considered confidential or privileged, and our receipt of such information will not preclude us from representing another client in a matter adverse to you.

Any links to other websites are not intended to be referrals or endorsements of those sites.

Privacy Policy

Terms of Use

ADA Compliance

Transparency Cover Rule: Machine-Readable Files

Contact Us
Hello,
My name is
 
and I am a(n)
seeking legal counsel in the area of 
.
Please
me at
as soon as you can.

Thank you for contacting us!

A representative will be in touch with you shortly.

An attorney-client relationship will NOT be formed merely by sending an email to Barrett McNagny, LLP or to any of its attorneys. Please do not send any information specific to your legal needs until you obtain approval from a Barrett McNagny, LLP attorney, as the content of such email will not be considered confidential or privileged. By sending us an email, you confirm your understanding of this notification. If you agree, you may use the e-mail links on this page to contact an attorney. By providing your mobile number, you consent to receive text messages from Barrett McNagny regarding your case and related services. Please note that standard message and data rates may apply.
YesNo