The Second Phase of HIPAA Audits Begin, with Special Focus on Providers' Business Associates

During the week of March 20, 2016, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that the second phase of HIPAA audits will focus on healthcare providers as well as business associates.

OCR reported that the second round of audits, which began on Monday, March 21, 2016, will include two hundred (200) desk and onsite audits. The main focus of the desk audits will be policies and procedures relating to security and privacy risk management, breach notifications, and notices of privacy practices. This phase of audits were originally expected to begin last year.

The first phase of the HIPAA audits were conducted as a pilot program back in 2011 and 2012, and only focused on Healthcare providers. The second phase of the audits will cover providers as well as their business associates and contractors.

“The audits present an opportunity to examine mechanisms for compliance, identify best practices, discover risk and vulnerabilities that may have not come to light through the OCR's compliant investigations and compliance reviews, and enable us to get out in front of problems before they result in breaches", OCR officials stated in a fact sheet.

For more information regarding The Second Phase of HIPAA audits, you can visit