Physician Practice

Phase two HIPAA audits underway

Physician Practice Insider, July 27, 2016

The Office for Civil Rights’ (OCR) phase two HIPAA audits officially began last week when the agency sent more than 160 covered entities (CE) audit notification letters. Phase two was launched in March and the updated phase two audit protocols were released in April.

On July 11, letters were sent via email to 167 CEs informing them they have been selected for desk audits. CEs were sent two emails: a notification letter providing instructions for responding to the document request and a second email requesting a list of the CE’s business associates (BA). CEs will be audited for compliance with certain aspects of either the Privacy Rule, Security Rule, or Breach Notification Rule. Each audit area will require documentation to support only specific limited aspects of compliance.

CEs have until July 22 to respond. Although CEs must still take care to compile correct and complete documentation and pay close attention to the deadline, the document requests appear to be much simpler and more straightforward than some expected after the release of the audit protocols.

OCR’s audit emails also contained information about a July 13 webinar on the desk audit process. The webinar included a Q&A session which helped answer some additional questions about the audits.

This article originally appeared on Medicare Compliance Watch. Click here to read the full article.

Most Popular