HIPAA audit phase 2 is coming, are you prepared?

Featured image

Share this article

HIPAA compliant email by Paubox, HIPAA phase 2 audits

HIPAA audit phase 2 is coming, are you ready for it?

Under the 2009 Healthcare Information Technology for Economic and Clinical Health Act (HITECH), the Office of Civil Rights (OCR) is required to conduct HIPAA compliance audits of covered entities and business associates. The second phase of this audit is expected to start as early as Fall 2015 or early 2016.

What to expect from phase 2

Unlike the phase 1 audits which only focused on covered entities, the phase 2 audits will assess both covered entities and business associates. In February of 2014, the OCR sent out requests for data from 800 covered entities and 400 business associates. The type of data that the OCR is requesting includes the number of patient visits or insured lives,  use of electronic information, revenue, and many more. Of these requests, the OCR intends on auditing approximately  150 covered entities and 50 business associates.

The focus of the phase 2 audits will revolve around areas of noncompliance revealed in phase 1: risk analysis, risk management, and breach reporting.  Ultimately, the goal of the phase 2 audits is to identify best practices, areas of vulnerabilities, and using the results of the audit to provide technical assistance to covered entities and business associates.

Tips on preparing for phase 2 audits

If you are one of the few healthcare entities that have been unfortunately selected to be audited, Paubox has outlined a few tips to help you prepare.

  • Make sure that all communications from the OCR are directed to people who is in charge of handling the audit within your organization. Considering that the turnaround time for a response to the request is only 10 days, you do not want to be get caught off-guard because the requests did not go to the right people.
  • If not done already, conduct a risk assessment and retain all documentation. Make sure that all of your documents in relation to HIPAA is organized, updated, and kept in a central location.
  • For covered entities, make a list of all your business associates, the services they provide, and their contact information.
  • Review your facility security plans, disaster recovery plans, notices of privacy, and business associate agreements.
  • Ensure that you have a breach notification system in place that is compliant with breach notification standards.
  • Confirm that all of your employees have been properly trained in regards to HIPAA and that this training is documented.
  • Encrypt, Encrypt, Encrypt! Make sure that all of your information systems and software that is responsible for transmitting protected health information (PHI) is encrypted. Otherwise, you’ll have to provide the risk analysis justifying your decision to not use encryption.

Considering the financial repercussions and media scrutiny, it is imperative that all covered entities and business associates take steps to prepare for this audit, whether they get audited or not.

Paubox can help make sure you’re protecting PHI by providing seamless HIPAA compliant email encryption services.

Try Paubox Email Suite for FREE today.

 

Author Photo

About the author

Phuong Tran

Phuong Tran is a Carnegie Mellon University-Heinz College graduate with a degree in healthcare policy and management. In his spare time he enjoys discovering new restaurants and playing basketball.

Read more by Phuong Tran

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022