July 19, 2016 — HHS OCR (Office for Civil Rights) has started the next phase of HIPAA Compliance audits, according to a recent notification. The HHS OCR hhs.gov notification explains that this new audit phase will review the compliance of both covered entities and business associates in regards to HIPAA regulations on “Privacy, Security, and Breach Notification Rules.”
“The 2016 Phase 2 HIPAA Audit Program will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the privacy, Security, and Breach Notification Rules.”
Every covered entity and business associate is eligible for an audit. This includes covered “individual and organizational providers of health services; health plans of all sizes and functions; health care clearinghouses; and a range of business associates of these entities.” The notification will arrive via email. According to the hhs.gov notification,
“covered entities received notification letters Monday, July 11, 2016. Business associate audits will commence in the fall.”
Covered entities and business associates alike must be sure to white-list the email address from which the notification of audit is coming from. The email address is OSOCRAudit@hhs.gov .
If your systems identify the message as spam and filters it to your junk email folder, it will not be considered adequate defense for not being fully cooperative and prepared.
If you have not received your notification and you are unsure whether you are a covered entity or business associate, click the link below for full explanation and information. For questions on how to become compliant please contact Techni-Core at (256) 704-0234 ext. 203.