The Office of Civil Rights (OCR) recently announced it would begin Phase 2 of its Health Insurance Portability and Accountability Act (HIPAA) audit program in early 2016. The announcement came in response to a Department of Health and Human Services Office of Inspector (OIG) report recommending that OCR strengthen its oversight of HIPAA privacy standards compliance. During Phase 2, the OCR will test the efficacy of the combination of policy desk reviews and on-site reviews, targeting specific common areas of non-compliance. Phase 2 of the audits will also be expanded to include HIPAA business associates. The OCR will prepare for Phase 2 by updating audit protocols, refining the pool of potential audit subjects, and updating its electronic document management and investigations tracking system.
The announcement is available as Appendix C to the OIG report at:
Department of Health and Human Services Office of Inspector General. “OCR Should Strengthen Its Oversight of Covered Entities’ Compliance With the HIPAA Privacy Standards – Appendix C – Agency Comments.” OEI-09-10-00510. 29 Sept. 2015.
Make sure your organization has all of the recommended elements of an effective compliance program. Learn about our Essential Compliance Program Tools Package today.