HIPAA Phase 2 audits about to begin

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will soon begin a second phase of audits (Phase 2 Audits) of compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy, security and breach notification standards (HIPAA Standards) as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Unlike the pilot audits during 2011 and 2012 (Phase 1 Audits), which focused on covered entities, OCR will conduct Phase 2 Audits of both covered entities and business associates. The Phase 2 Audit Program will focus on areas of greater risk to the security of protected health information (PHI) and pervasive noncompliance based on OCR’s Phase I Audit findings and observations, rather than a comprehensive review of all of the HIPAA Standards. The Phase 2 Audits are also intended to identify best practices and uncover risks and vulnerabilities that OCR has not identified through other enforcement activities. OCR will use the Phase 2 Audit findings to identify technical assistance that it should develop for covered entities and business associates. In circumstances where an audit reveals a serious compliance concern, OCR may initiate a compliance review of the audited organization that could lead to civil money penalties.

About the Author

Reed Tinsley CPA

This article is written by Reed Tinsley, a Houston, TX-based CPA with over 30 years of experience advising physicians and medical practices across Texas and the United States. Reed holds certifications as a Certified Valuation Analyst (CVA), Certified Healthcare Business Consultant (CHBC), and Certified Financial Planner (CFP), specializing exclusively in the healthcare sector. He is a published author, nationally recognized speaker, and trusted advisor to physicians on accounting & tax, practice management, and financial planning. Schedule a Free Consultation.