HIPAA AuditsJuly 27, 2016 Garden State FOCUS
Jessica Forbes Olson and Terry A. Lang authored the Garden State FOCUS article, "HIPAA Audits."
On March 21, 2016, the Office of Civil Rights (“OCR”) announced it will launch a second round of HIPAA audits during 2016. As with the first round of audits, in round two OCR will be reviewing compliance with HIPAA Privacy, Security and Breach Notification rules. New for this round, the 2016 audits will focus on covered entities, including health care providers and health insurers, and their business associates.
The round two audits will occur in three phases: desk audits of covered entities, desk audits of business associates, and finally, onsite reviews. It is reported OCR will conduct about 200 total audits; the majority of which will be desk audits.
OCR has already begun the process of identifying the audit pool by contacting covered entities and business associates via email. Health care providers, insurers and their business associates should be on the lookout for automated emails from OCR which are being sent to confirm contact information. A response to the OCR email is required within 14 days. OCRinstructed covered entities and business associates to checktheir spam or junk email folders to verify that emails from OCR are not erroneously identified as spam.