Back in July, the HHS Office for Civil Rights announced that Phase 2 of the HIPAAAudit program “has officially kicked into high gear.” But did OCR’s emails end up in your spam folder?
OCR has selected 167 health plans, healthcare providers, and healthcare clearinghouses to participate in the covered entity (CE) portion of the desk audits. Emails went out to selected CEs on July 11. Although OCR sent these emails to the contact addresses verified during the pre-audit phase, they may have been incorrectly classified as spam in the recipient’s email service, OCR warns.
Do this: OCR is urging CEs and Bas selected for the audits to monitor their spam filtering and junk mail folders for emails from OSOCRAudit@hhs.gov.
And on July 27, OCR released new guidance on the HIPAAdesk audits. The desk audits will require selected entities to submit documentation of their compliance with requirements for the Notice of Privacy Practices (NPP), access, breach notification, risk analysis, and risk management standards.
OCR held a webinar on July 13 for CEs selected to participate in the desk audits. In the webinar, OCR staff walked through the processes those CEs can expect for the audit. (Desk audits of business associates (BAs) will begin this Fall.)
Following the webinar, OCR created three targeted guidance documents (go to www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/index.html) in response to questions received.
The guidance documents include a question-andanswer listing, an explanation of the specific audit document submission requests and associated audit protocol, and the slides used in the webinar.