The Office of Civil RIghts (“OCR”) recently announced that Phase 2 of the HIPAA audits would be further delayed because the audit portals and project management tools that are needed to initiate the audit process are not ready and available for usage. Phase 2 of the HIPAA audits was initially slated to begin in the fall of 2014 and was subsequently moved to late 2014 or early 2015. Currently, no timeline has been provided as to when the next round of audits will officially begin.
A delay in Phase 2 of the OCR HIPAA Audits does not mean that covered entities and business associates should not continue to make sure they are in compliance with all HIPAA regulations. The potential consequences for failure to comply with HIPAA regulations are significant. While the audit portals are still under development, it is a good time for covered entities to (i) make sure their HIPAA policies and procedures are up to date and meet the latest privacy and security requirements, (ii) create a list of all business associates that provide services to the covered entity, and (iii) conduct an internal risk assessment to identify potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.
Among other things, Parker Poe’s healthcare attorneys advise our healthcare clients about (i) compliance with HIPAA’s privacy requirements as they affect healthcare information, including preparing employee and patient notices, plan policies and procedures, plan amendments and authorization and other forms, and (ii) HIPAA compliance requirements for business associates.