OCR delays Phase 2 HIPAA Audits but they are definitely coming!

ocr_logo During a panel discussion at the American Health Information Management Association (AHIMA) 2014 conference on 30 Sep 2014, Geraldine Davis, an Office of Civil Rights (OCR)  announced that the agency is not yet ready to announce the dates of the Phase 2 HIPAA audits. The delay is due to issues with building an online portal that will facilitate submission of documents to the agency. The original date for the audits was the Fall of 2014. It has now been moved to late 2014 or early 2015.

They have already selected a random pool of covered entities for the Phase 2 HIPAA audits but no notifications have been sent out. The selected entities include private medical practices, hospitals and some business associates.

As per Davis, for the Phase 2 audits, OCR will focus on covered entities and business associates’ risk analysis and risk management (the Security Rule), the content and timeliness of breach notifications (the Breach Notification Rule) and the notice of privacy practices and access rights (the Privacy Rule). The agency will focus on the risk to the data, not the risk to the impacted individual.

The delay in OCR phase 2 HIPAA audit was confirmed in the recently concluded NIST HIPAA Conference  as well by Iliana L. Peters, JD, Senior Advisor for HIPAA Compliance and Enforcement, HHS OCR.

Share this in :
  •  
  •  
  •  
  •  
The following two tabs change content below.
Our mission is to assist healthcare organizations and business associates in the development, design, and implementation of practices to secure IT systems and comply with HIPAA/HITECH privacy, security, breach and enforcement rules by protecting patient health information.

Subscribe for Updates

Upcoming Events

  1. Managing the Risks of a Healthcare Data Breach

    April 6 @ 12:00 pm - 1:30 pm