OCR staff briefs providers on what to expect when Phase 2 audits begins

Unofficially… OCR hopes to begin the audit process by the end of 2014 or the beginning of 2015. in this second round of HIPAA compliance audits. OCR will look at covered entities and business associates’ risk analysis and risk management (the Security Rule), the content and timeliness of breach notifications (the Breach Notification Rule) and the notice of privacy practices and access rights (the Privacy Rule). The agency will focus on the risk to the data, not the risk to the impacted individual.

Read the article here

Social tagging: > >

Comments are closed.