Phase two HIPAA audits have begun

Featured image

Share this article

paubox hipaa

Phase Two of the Office of Civil Right’s (OCR) HIPAA audit program, which started about four months ago, is in full swing with some covered entities having received notification letters this past Monday.

167 organizations now know they will be participating in the desk audit portion of the audit program. The desk audits will examine the selected entities’ compliance with HIPAA Privacy, Security, and Breach Notification Rules.

What is a desk audit?

Desk audits are one of the ways the OCR can assess HIPAA compliance and see if there are any risks or vulnerabilities to compliance programs and processes that may be in place. It’s during desk audits that an organizations documents are reviewed for compliance with the following requirements of the HIPAA Rules:

  • Privacy Rule
    • Notice of Privacy Practices & Content Requirements
    • Provision of Notice – Electronic Notice
    • Right to Access
  • Breach Notification Rule
    • Timeliness of Notification
    • Content of Notification
  • Security Rule
    • Security Management Process – Risk Analysis
    • Security Management Process – Risk Management

The OCR selected these requirements after their pilot audits and history of enforcement showed they were frequent areas of noncompliance.

What’s next for HIPAA audits?

After the desk audits are completed, some covered entities will be subject to an onsite audit. Onsite audits can take 3-5 days and are more comprehensive than desk audits, covering a wider range of requirements.

After audits are completed, OCR will review and analyze information collected and provide audit reports. The audit reports won’t clearly identify the audited covered entities, but records can be requested under the Freedom of Information Act. If audit reports reveal any serious compliance issues, then OCR can investigate further via a compliance review.

For more information, visit the OCR HIPAA audit website.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Hoala Greevy

Founder of Paubox. Kayak fishing when I can. Native Hawaiian CEO.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022