Murtha Means More

March 29, 2016 - Health Care and Long-Term Care Groups News: The HIPAA Phase 2 Audits Have Arrived

By: Daniel J. Kagan

The Department of Health and Human Services Office of Civil Rights (OCR) has commenced the long-anticipated HIPAA phase 2 audits, and with it may come an uptick in HIPAA enforcement efforts. All providers and business associates, both large and small, are eligible to be chosen for a desk and/or onsite audit. OCR’s audits will focus on a thorough review of the policies and procedures each entity has adopted and implemented to meet the Privacy, Security and Breach Notification rules. If serious compliance issues are uncovered during the audit, OCR may initiate a compliance review for further investigation, which carries the possibility of financial penalties. OCR plans to post updated audit protocols on its website before it begins to conduct the desk audits.

To kick-off the process, OCR has e-mailed letters to entities to verify address and contact information and to answer a pre-audit screening questionnaire. Privacy officers should make sure to check their spam folders, as not responding to this initial letter will not exempt you from OCR’s audit. A sample letter can be found here and more information regarding the Phase 2 Audits can be found on OCR’s website.


If you have any questions regarding HIPAA audits or any other health law topic, please contact:
Dena M. Castricone at (203) 772-7767 or
Stephanie Sprague Sobkowiak at (203) 772-7782 or
Heather O. Berchem at (203) 772-7728 or
Daniel J. Kagan at (203) 772-7726 or

PDF FileView as PDF

Back to Home Print Page Email Page
Bookmark and Share
Follow Us
Facebook Linkedin Twitter