Phase 2 Audits Coming Soon… is your practice ready?

The government has assured covered entities and business associates alike that despite the delay, Phase 2 HIPAA audits are coming in 2015.

OCR initially conducted pilot audits, which were comprehensive onsite audits.

Now, OCR is moving into Phase 2 Audits. These audits will be conducted by OCR internal staff, as opposed to the outside contractors.

Your practice might be contacted by the OCR, regarding a pre-audit survey. These surveys will likely be used to group covered entities into “levels” for the selection process.

What’s the big deal?

The OCR is getting even more serious this time.

If your practice is selected for a HIPAA audit, expect to turn over a list of all of your business associates.

And be warned, OCR has stated that entities will have only two weeks to respond to data requests.

OCR has also stated that all information must be current as of the date of the request.

Don’t panic, just get prepared.

We help our clients have tools in place so that if they are contacted, they will be able to turn over records quickly and efficiently.

One key part is being able to show OCR how you have implemented your HIPAA risk assessment policies and procedures. Simply having policies and procedures is not enough to avoid fines and penalties.

How can my practice avoid fines and penalties?

The best way is to get your practice prepared now. You can start by:

  1. Reviewing your practice’s HIPAA compliance;
  2. Conducting a thorough HIPAA Risk Assessment;
  3. Sorting through all vendors, and identifying those that are HIPAA business associates;
  4. Updating your inventory, policies and procedures, business associate agreements, and notices of privacy practices; and
  5. Implementing your policies and procedures.

Business associates can also expect to be audited by OCR in 2015.

All practices are at risk of an OCR HIPAA audit, make sure your practice is ready.

In our next blog post, we will keep you informed of related issues.  To get this important information delivered directly to your mail box, 

Do you need help preparing for a possible OCR audit, and getting compliant with HIPAA regulations?  We can help. To contact us about your HIPAA compliance, preparing for an OCR audit, or your other legal needs:  CLICK HERE.

P.S. If you or your patients are interested in consumer healthcare issues, check out

Related Posts


Recent Posts

Getting Remarried? Here’s What You Need to Know
March 21, 2024
What is the Biggest Threat to Healthcare?
January 30, 2024
How Can I Simplify Estate Planning?
January 11, 2024
I Have a Trust. Now What?
December 7, 2023
Breaking: Corewell Health Breach
December 5, 2023


Subscribe to Our Newsletter

Subscribe and get your FREE copy of Easy Guide to HIPAA Risk Assessments

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment. (an $8.99 value)

Thank you for subscribing to the Rickard & Associates healthcare blog. You'll receive a confirmation email shortly. After verifying your subscription request, you'll be sent to the "Easy Guide to HIPAA Risk Assessments" download page.