Security and Breach Notification Standards Archives

Security and Breach Notification Standards

Phase 2 HIPAA Audits Are Underway

by Anthony A. Bongiorno | May 5, 2016 | Health and Welfare Plans, Privacy and Data Security

The US Department of Health and Human Services Office for Civil Rights (OCR) will soon begin a second phase of audits for compliance with HIPAA privacy, security and breach notification standards as required by the HITECH Act. In this second phase, OCR will audit both covered entities and their business associates, unlike the pilot audits of 2011 and 2012, which focused on covered entities alone. This On the Subject details practical steps that covered entities, including employer-sponsored group health plans, and their business associates can take to prepare for a potential audit.

Read the full article.

OCR Launches Phase 2 HIPAA Audit Program with Pre-Audit Screening Surveys

by Edward G. Zacharias, Daniel F. Gottlieb and Ryan S. Higgins | May 26, 2015 | Health and Welfare Plans, Privacy and Data Security

HIPAA covered entities have reported that the HHS Office for Civil Rights recently sent pre-audit screening surveys to a pool of covered entities that may be selected for the previously delayed second phase of HIPAA compliance audits. This On the Subject describes the phase two audit program and identifies steps that covered entities and business associates should take to prepare for these audits.

Read the full article.