Feds Launch Phase 2 of HIPAA Compliance Audits

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has launched Phase 2 of its HIPAA audit program. FCi Federal will be conducting the audits for OCR. The new round of audits will assess physicians' compliance with HIPAA's patient privacy provisions.

According to a March 21, 2016, Law360 article, after emailing physicians and business associates to verify their contact information, OCR will create a "pool of audit targets," including physicians, health plans, health care clearinghouses, and business associates. "Serious compliance issues" could lead to further investigation resulting in violators paying financial penalties and agreeing to strengthen HIPAA compliance.  

"It was not immediately clear how many audits the OCR intends to conduct," the Law360 article stated. "The agency did say that most of the reviews will be remote 'desk audits,' although some in-person audits will take place. All the desk audits will be finished by the end of 2016, according to the OCR."

Here are some steps you can take toward HIPAA compliance:

  • Adopt comprehensive privacy policies and procedures that are up to date and specific to your practice.
  • Carefully train everyone on your staff, especially new hires, according to your policies and procedures.
  • Perform a risk analysis on your practice's data security, and set up reasonable safeguards as necessary.
  • Develop a risk management plan to ensure ongoing security.
  • When staff violate practice policies and procedures, take appropriate action, and document it.   

TMA has tools to help you comply with HIPAA: 

Action, April 1, 2016

Last Updated On

May 30, 2019

Related Content