Sample OCR HIPAA Audit Address Verification Email

HIPAA Audit phase 2Phase 2 of OCR’s HIPAA audit program is currently underway.   OCR has begun to obtain and verify contact information to identify covered entities and business associates of various types and determine which are appropriate to be included in potential auditee pools.  Communications from OCR will be sent via email and may be incorrectly classified as spam. If your entity’s spam filtering and virus protection are automatically enabled, OCR expects you to check your junk or spam email folder for emails from OCR;

HIPAA compliance experts at EHR 2.0 offer OCR audit advisory services to guide you in this process if you receive this email from OCR. Our Online-Do-It-Yourself HIPAA compliance toolkit is a great resource to help your organisation stay compliant.

Phase 2 HIPAA audit to do list:

  • All HIPAA covered entites and business associates should ensure to add email address  to your contact list.
  • Ensure that your organizations primary contact information is correct with OCR.
  • Check your junk and spam folder periodically to avoid missing any email from
  • Action items listed in the email should be taken within 14 days of receiving.
  • Failure to respond does not product your organisation from being in the audit pool.

Sample OCR’s HIPAA audit address verification email


Share this in :
The following two tabs change content below.
Our mission is to assist healthcare organizations and business associates in the development, design, and implementation of practices to secure IT systems and comply with HIPAA/HITECH privacy, security, breach and enforcement rules by protecting patient health information.