Preparing For Stage 2 HIPAA Audits

Main Street Medical




Preparing For Stage 2 HIPAA Audits


Phase 2 HIPAA audits have begun, and it is no longer a matter of when the audits will take place, but whether your organization is ready for it.


The second phase of audits for compliance with HIPAA privacy, security and breach notification rules was launched on March 21 of this year by the HHS Office for Civil Rights (OCR). While the pilot audits were focused solely on covered entities, Phase 2 of the audit will address covered entities as well as their business associates.


The Phase 2 audits will consist of both, desk audits and onsite audits, the majority of those being desk audits, with the focus on high noncompliance instances in Phase 1 of the audit. The OCR will utilize their experiences from the Phase 1 audits to develop enhanced protocols that will be implemented in the second round of audits.


The changes that are implemented will have a significant effect of many organizations. Many current checklists, informational texts, and even software do not reflect the changes to the new HIPAA protocol, which clarifies many of the gray areas heretofore unaddressed by the law.


While Phase 1 of the audit program contained only 169 total protocols and included 115 covered entities, Phase 2 contains 180 enhanced protocols, as well as making every covered business entity and business associate capable of being audited. As Phase 2 of the audits are characterized as “primarily a compliance improvement activity,” violations can result in enforcement action, and, in some cases, potentially be released to the public via the Freedom of Information Act.


Ensuring that your organization is HIPAA compliant is crucial to passing the audit, and Main Street Medical’s consulting services can help to ensure that your business is fully prepared for Phase 2 of the HIPAA audit. Our consulting team will train your staff on the current rules and regulations of HIPAA privacy and security, as well as conduct an on-site review to determine if your particular practice has implemented the necessary steps to pass a HIPAA Risk Assessment. Following a review, you will receive a summary of our findings, as well as a plan to help get your business where it needs to be.


Don’t let 2016 be your wake-up call. Contact Main Street Medical today and let us help address your organization’s HIPAA needs.