The Office of Civil Rights (OCR) under the Department of Health and Human Services (HHS), has begun implementing Phase 2 of their HIPAA Audit Program. Under this program, OCR reviews the policies and procedures adopted and employed by covered entities (including physician offices) and their business associates which are intended to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. These analyses are conducted using a comprehensive audit protocol that has been updated to reflect the Omnibus Final Rule.
View the audit protocol, which was updated in April, 2016. Physicians and/or their practice managers should review their HIPAA policies and procedures to ensure they are in line with the updated protocol. The OCR may impose fines for practices that are not in compliance.