The Long Anticipated HIPAA Audits Are Here!

Miller & Martin PLLC
Contact
LinkedIn
Facebook
X
Send
Embed

Miller & Martin PLLC

Phase 2 HIPAA Audits, which the Department of Health and Human Services' Office of Civil Rights ("OCR") announced had "launched" back in March of this year, have now officially begun. On Monday, July 11, 2016, the first round of 167 covered entities (which include health plans, health care providers and health care clearinghouses) received desk audit letters via e-mail requesting that they submit certain documents evidencing HIPAA compliance through a portal on the OCR website by July 22, 2016.

These desk audit letters were sent from OSOCRAudit@hhs.gov to e-mail addresses provided by covered entities during the pre-audit phase of the program or otherwise recorded by the OCR. Individuals responsible for maintaining these designated e-mail addresses should add OSOCRAudit@hhs.gov to their address book and carefully review not only their inbox, but also their junk e-mail and SPAM folders to determine if any audit information has been received.

Each covered entity selected for a desk audit will receive two communications from OCR. The first e-mail includes the desk audit document request, information about the 10-day timeline for response, and the link to a secure portal for submitting responsive documents. The second e-mail provides information about an upcoming informational webinar for auditees and asks the covered entity to provide a list of its business associates. Desk audits of business associates are scheduled to follow in the fall.

The Phase 2 desk audits are designed to determine whether the covered entity has appropriate documentation demonstrating its compliance with certain requirements of the HIPAA Privacy, Security, and Breach Notification rules. Specifically, the desk audits will ask covered entities to provide documentation of compliant policies governing:

  • The content and electronic provision of the Notice of Privacy Practices;
  • The individual's Right to Access PHI records;
  • The timeliness and content of Breach Notifications; and
  • The covered entity's Security Risk Analysis and general Security Risk Management

These compliance areas were selected by OCR as areas of focus because pilot audit programs and other OCR enforcement activities have identified them as frequent areas of noncompliance.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Miller & Martin PLLC

Written by:

Miller & Martin PLLC
Miller & Martin PLLC
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Miller & Martin PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide