Phase 2 of HIPAA Audits will Target Healthcare Industry’s Business Partners

Phase 2 of HIPAA Audits will Target Healthcare Industry’s Business Partners

  Are your Policies and Procedures up-to-date?

A new round of federal privacy and security audits will target the business associates of healthcare providers, insurers and other HIPAA-covered entities along with the entities themselves, according to the Office for Civil Rights at HHS. This round is a continuation of Phase 1 HHS’s efforts to assess HIPPA Privacy compliance.
As part of Phase 2, HHS OCR  will review policies and procedures and ensure standardization and implementation specified under the Privacy, Security, and Breach Notification Rules. HHS’ Office for Civil Rights has started sending out e-mails to obtain and verify contact information for covered entities and business associates of various types for possible inclusion in the pool of potential audit subjects.
A new provision in the 2009 stimulus law placed the businesses that do data handling, processing and analysis in healthcare on the same legal footing as the hospitals, physicians, insurance companies and claims clearinghouses for which they work.


While this round of audits won’t affect the Healthcare facilities directly since they are Covered Entities and this round of audits is focusing on the Business Associates, it is important for Hospitals and Clinics to note that OCR is now starting to take a more thorough look at Policies and Procedures in general.


For more information and resources on Business Associate Best Practices, or to schedule a Mock Privacy Audit and review of your existing Policies and Procedures, please contact Patrick Yount at


To learn more about OCR’s Phase 2 Audit program Click Here


Leave a reply

Your email address will not be published. Required fields are marked *