SIDEBAR
»
S
I
D
E
B
A
R
«
HIPAA Compliance – Phase 2 Audit FAQs and the Audit Protocol
November 8th, 2016 by aperio

Figuring out the details of whether your business is in compliance with HIPAA is an ongoing challenge. At our last HIPAA related Lunch & Learn event, several of our attendees were looking for information on how HIPAA will be conducting its latest phase of audits – how businesses will be selected to be audited (particularly business associates), when the different types of audits will be conducted, and more. Here are some of the latest answers from the Health and Human Services Office for Civil Rights

 

HIPAA Compliance – FAQs and the Audit Protocol

The OCRs website offers some helpful definitions and answers to frequently asked questions concerning the audit process. A few important highlights include:

 

  • Timing for audits – The Health and Human Services Office for Civil Rights (OCR) began audits for Phase 2 of the HIPAA Audit Program back in March 21, 2016. The OCR states that “Phase 2 is currently underway. Selected covered entities [CE] received notification letters July 11, 2016. Business associate [BA] audits will start in the fall.” The OCR also warns businesses to double check that the emails are not blocked by any spam filters.

 

  • Basis for selecting those who will be audited – The OCR states that for Phase 2, they are “identifying pools of CEs and BAs that represent a wide range of health care providers, health plans, health care clearinghouses, and business associates.” Their plan is to examine a broad spectrum of candidates to allow them to better understand the state of HIPAA compliance across the industry.

 

As far as BAs go, the OCR will be asking CEs who are being audited “to identify their business associates.” They encourage CEs “to prepare a list of each business associate with contact information so that they are able to respond to this request.”

 

  • Different sets of audits – The OCR’s first set of audits will be desk audits of CEs, followed by a second set of desk audits of BAs. The third set of audits will be onsite, with some desk auditees being subjected to onsite audits. (You can take a look at the OCR 2016 HIPAA Desk Audit Guidance on Selected Protocol Elements for additional details.)

 

You can also take a look at the actual audit protocol along with some definitions of terms at the OCR’s website. This lengthy table breaks down the audit protocol according to Audit Type, Section, Key Activity, Established Performance Criteria, and the Audit Inquiry.


5 Responses  
  • send temp mail free writes:
    August 5th, 20241:50 amat

    Temp mail I am truly thankful to the owner of this web site who has shared this fantastic piece of writing at at this place.

          Reply  
  • amherst real estate writes:
    August 25th, 20241:23 pmat

    Real Estate For the reason that the admin of this site is working, no uncertainty very quickly it will be renowned, due to its quality contents.

          Reply  
  • Techno rozen writes:
    August 27th, 20249:01 pmat

    Real Estate I’m often to blogging and i really appreciate your content. The article has actually peaks my interest. I’m going to bookmark your web site and maintain checking for brand spanking new information.

          Reply  
  • Free URL Shortener writes:
    September 1st, 20242:48 amat

    Hey, Jack here. I’m hooked on your website’s content – it’s informative, engaging, and always up-to-date. Thanks for setting the bar high!

          Reply  
  • Blue Techker writes:
    November 7th, 202411:27 pmat

    Blue Techker I really like reading through a post that can make men and women think. Also, thank you for allowing me to comment!

          Reply  


Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>
SIDEBAR
»
S
I
D
E
B
A
R
«
»  Substance:WordPress   »  Style:Ahren Ahimsa