ELEVATE YOUR HIPAA COMPLIANCE: Explore Our Enhanced Toolkit Today
Access Toolkit
Purchase Toolkit
Back to Blog

OCR Desk Audits are Beginning

Keep an eye on your spam box. On Monday, July 11, 2016, selected covered entities began receiving notification letters for Phase Two of OCR’s HIPAA audit program which involve desk audits. Communications from the Office for Civil Rights (OCR) are being sent by email and may erroneously be marked as spam; there is no forgiveness for missing the mail on this one.

According to the U.S. Department of Health & Human Services (HHS), if your entity’s spam filtering and virus protection are automatically enabled, OCR expects you to check your junk or spam folder for emails from OSOCRAudit, then move them out and open them.

These first set of desk audits will examine compliance with specific requirements of the Privacy, Security, or Breach Notification Rules and auditees will be notified of the subject(s) of their audit in a document request letter.

Pay careful attention to when a response is required. One PrivaPlan client who received the July 11th email shared that their notification indicated they have 10 days to submit their information, which is right in line with what everyone is being told. OCR expects covered entities that are the subject of an audit to submit requested information via OCR’s secure portal within 10 business days of the date on the information request.

According to OCR, after these documents are received, the auditor will review the information submitted and provide the auditee with draft findings.  Auditees will have 10 business days to review and return any written comments to the auditor. The auditor will then complete a final audit report for each entity within 30 business days after the auditee’s response.

A second round of desk audits of business associates will be done in the fall. The OCR plans on completing all desk audits by the end of this calendar year.

“If you receive an email regarding the audits and are unsure how to respond or need guidance, please let PrivaPlan know,” says David Ginsberg, PrivaPlan Associates, Inc., CEO. “We have affordable resources for you.”

Contact our HIPAA experts. We’re here to help.

You can reach us at info@privaplan.com or call 877-218-7707.

Related Posts

Recent Posts

Categories
Tags
AI Articles artificial intelligence Blog board Breach business associate CISO cyber risk cybersecurity cybersecurity awareness training electronic medical records email breach executive order Federal HIPAA Changes Final Rule health care health privacy HIPAA hipaa compliance HIPAA Training Meaningful Use Medicare multi-factor authentication OCR ONC passwords PHI phishing Policies & Procedures policies and procedures Privacy Quotes Ransomware Security Security Risk Analysis security training Service Technology Testimonials toolkit Training Materials two-step authentication website analytics website trackers

Get Started Today

Email us at info@privaplan.com or submit the form below:

Sign Up for Updates

Contact PrivaPlan

Telephone Sales & Support
505-466-1432  or
Toll Free: 1-877-218-7707
Fax: 505-466-3942

E-Mail Sales & Support
Customer Support: support@PrivaPlan.com
Sales: orders@PrivaPlan.com

Mailing Address:
PrivaPlan
5 Caliente Rd, Ste 3,
Santa Fe, NM 87508

© 2024 PrivaPlan Associates, Inc, all rights reserved.

FOLLOW US

Linkedin Envelope

Access PrivaPlan Toolkit

Click here to access

Access CMA-PrivaPlan Toolkit

Click here to access

Sign up for updates

  • Be Proactive In Compliance

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.