Header graphic for print
HealtHITech Law HIPAA, HITECH and Beyond

Tag Archives: Audit

OCR Alert: Phishing Email Disguised as Official OCR Audit Communication

Posted in OCR Audits

On November 28, 2016, the Office for Civil Rights (OCR) issued an alert to providers and business associates monitoring their email for OCR audit communications. According to OCR, a phishing email disguised as an official communication from the Department of Health and Human Services (HHS) and claiming to be signed by OCR’s director Jocelyn Samuels… Continue Reading

Phase 2 of HIPAA Audits Set to Begin

Posted in OCR Audits

On Monday, the Office for Civil Rights (OCR) announced the long-awaited launch of Phase 2 of its HIPAA Audit Program.  OCR is required by the Health Information Technology for Economic and Clinical Health (HITECH) Act to establish a permanent compliance audit program for HIPAA covered entities and their business associates. OCR completed the first phase of testing for the… Continue Reading

OCR TO BEGIN SECOND ROUND OF HIPAA AUDITS

Posted in Enforcement, OCR Audits

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has announced that it is gearing up for its second round of HIPAA compliance audits later this year.  The HIPAA Audit Program is authorized under Section 13411 of the HITECH Act and is intended to assess compliance with the HIPAA Privacy, Security,… Continue Reading

OIG Report Criticizes HIPAA Oversight

Posted in OCR Audits, Security

The HHS Office of Civil Rights (“OCR”) has failed to comply with the HITECH Act’s mandate to audit HIPAA covered entities and business associates, according to a recent report published by the HHS Office of Inspector General (“OIG”). The OIG said that OCR “had not assessed the risks, established priorities, or implemented controls for its HITECH requirement… Continue Reading

OCR Presents Preliminary HIPAA Audit Findings

Posted in Enforcement

OCR’s Audit Program, which began in December 2011, is part of HHS’ efforts under HITECH to assess HIPAA compliance by covered entities, identify best practices, and discover risks and vulnerabilities in protecting the privacy and security of PHI which may not have come to light through OCR’s complaint investigation and compliance reviews. OCR has repeatedly stated that… Continue Reading