Earlier this year, the Office for Civil Rights (OCR) in the Department of Health and Human Services announced that its Phase Two audits would begin in 2016. Now, covered entities are feeling the heat, as all covered entities selected for a desk audit have been notified. Those selected for the desk audits should have received their letters Monday, July 11. These desk audits cover specific requirements from the Privacy, Security and Breach Notification Rules, including a covered entity’s Notice of Privacy Practices, breach notification, and risk analysis. Given just ten days to respond, all documentation is due to OCR by July 22, 2016.
OCR also confirmed that audits of business associates would begin in the fall. According to OCR, all desk audits should be completed by December 2016, with a third round of onsite audits to follow.
In our June 8, 2016 post, we outlined several key ways to prepare for an audit. OCR has been very active recently, administering these audits and reaching settlements with covered entities and business associates alike for serious HIPAA violations. With respect to HIPAA compliance, now is the time to ensure you can take the heat without getting burned.
Please click here for previous posts on our Health Care Data Aware Blog.
Join us on Thursday, Aug. 4 for a seminar/webinar on “HIPAA Compliance: The Current Audit and Enforcement Environment.”
This free program will feature Iliana L. Peters, J.D., LL.M., Senior Advisor for HIPAA Compliance and Enforcement at the HHS Office for Civil Rights, and members of Williams Mullen’s Health Care Practice.
For more information and to register, please click here.