Sign in

OCR Desk Audits are beginning

By: Lisa Marlin

July 12, 2016

Keep an eye on your spam box. On Monday, July 11, 2016, selected covered entities began receiving notification letters for Phase Two of OCR’s HIPAA audit program which involve desk audits. Communications from the Office for Civil Rights (OCR) are being sent by email and may erroneously be marked as spam; there is no forgiveness for missing the mail on this one.

According to the U.S. Department of Health & Human Services (HHS), if your entity’s spam filtering and virus protection are automatically enabled, OCR expects you to check your junk or spam folder for emails from OSOCRAudit, then move them out and open them.

These first set of desk audits will examine compliance with specific requirements of the Privacy, Security, or Breach Notification Rules and auditees will be notified of the subject(s) of their audit in a document request letter.  

Pay careful attention to when a response is required. One PrivaPlan client who received the July 11th email shared that their notification indicated they have 10 days to submit their information, which is right in line with what everyone is being told. OCR expects covered entities that are the subject of an audit to submit requested information via OCR’s secure portal within 10 business days of the date on the information request. 

According to OCR, after these documents are received, the auditor will review the information submitted and provide the auditee with draft findings.  Auditees will have 10 business days to review and return any written comments to the auditor. The auditor will then complete a final audit report for each entity within 30 business days after the auditee’s response.  

A second round of desk audits of business associates will be done in the fall. The OCR plans on completing all desk audits by the end of this calendar year.

“If you receive an email regarding the audits and are unsure how to respond or need guidance, please let PrivaPlan know,” says David Ginsberg, PrivaPlan Associates, Inc., CEO. “We have affordable resources for you.”

Contact our HIPAA experts. We’re here to help.

You can reach us at info@privaplan.com or call 877-218-7707.