On March 21, the Office for Civil Rights (OCR) withing the Department of Health and Human Services (HHS) on announced the start of the much anticipated second phase of (Health Insurance Portability and Accountability Act (HIPAA) audits. These will primarily be desk audits and are scheduled to be completed by December. The announcement follows recent criticism of OCR's HIPAA enforcement by the Inspector General, and recent cyber attacks against health care organizations.
The announcement was accompanied by a Q&A document which explains several aspects of the audit process. The audit will consist of three phases, including a small desk audit and then a more in-depth desk audit. The in-depth desk audit will examine compliance with the various HIPAA security, privacy, and breach notification rules. The final phase will include a more general audit examining broad HIPAA compliance across all aspects of the healthcare organization.
ANCOR members are encouraged to purchase the HIPAA Privacy & Security Compliance Resource Manual for ANCOR Private Providers, authored by John Gilliland, II of Gilliland, Maguire & Harper. The manual contains comprehensive information on HIPAA and HITECH requirements, as well as template forms to be used for HIPAA compliance.