INARF Associate Member Hall, Render, Killian, Heath & Lyman has shared that the HHS Office for Civil Rights (OCR) announced on March 21, 2016 that it has begun its next phase of Health Insurance Portability and Accountability Act (HIPAA) audits of covered entities and business associates. The 2016 audit process begins with verification of an entity's address and contact information. Emails are being sent to covered entities and business associates requesting that contact information be provided to OCR in a timely manner.
The audit will consist of three phases, including a small desk audit and then a more in-depth desk audit. The in-depth desk audit will examine compliance with the various HIPAA security, privacy, and breach notification rules. The final phase will include a more general audit examining broad HIPAA compliance across all aspects of the healthcare organization. Additional information about the audit process can be found in OCR’s Q&A document. Hall Render has posted detailed information about the audit process in their blog.
Members who have questions about the audit process can contact Hall, Render, Killian, Heath & Lyman for assistance and additional information.