Phase 2 of OCR’s HIPAA audit program is currently underway. OCR has begun to obtain and verify contact information to identify covered entities and business associates of various types and determine which are appropriate to be included in potential auditee pools. Communications from OCR will be sent via email and may be incorrectly classified as spam. If your entity’s spam filtering and virus protection are automatically enabled, OCR expects you to check your junk or spam email folder for emails from OCR; OSOCRAudit@hhs.gov.
HIPAA compliance experts at EHR 2.0 offer OCR audit advisory services to guide you in this process if you receive this email from OCR. Our Online-Do-It-Yourself HIPAA compliance toolkit is a great resource to help your organisation stay compliant.
Phase 2 HIPAA audit to do list:
- All HIPAA covered entites and business associates should ensure to add OSOCRAudit@hhs.gov email address to your contact list.
- Ensure that your organizations primary contact information is correct with OCR.
- Check your junk and spam folder periodically to avoid missing any email from OSOCRAudit@hhs.gov.
- Action items listed in the email should be taken within 14 days of receiving.
- Failure to respond does not product your organisation from being in the audit pool.
Latest posts by EHR 2.0 (see all)
- HIPAA Complaint Process Infographic Released by HHS - July 15, 2019
- New HHS Fact Sheet on Direct Liability of Business Associates under HIPAA - June 5, 2019
- California Consumer Privacy Act of 2018 – Bill Text - April 4, 2019