April 29, 2016

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released an updated audit protocol that health plan sponsors and business associates can use to prepare for Phase 2 of the HIPAA audit program.



The OCR audit protocol is organized around modules, each representing separate elements of privacy, security and breach notification. The protocol identifies approximately 180 areas for potential audit inquiry.

The updated OCR audit protocol identifies “key activities” (HIPAA standards) and provides information on the legal requirements for each standard, as well as potential audit inquiries related to the HIPAA requirements. More information about the audit protocol can be found here.


HIPAA’s Security Risk Assessment (SRA) Tool can also be used to perform and document an organization’s security risk analysis. The SRA Tool can be downloaded here.


Even if your organization is not selected for a Phase 2 audit, it is important to self-audit your business to ensure compliance, since the OCR will likely continue its enforcement efforts after Phase 2 audits are complete.

Please reload

Featured Posts

Open Enrollment Management

September 27, 2019

Please reload

Recent Posts

September 27, 2019

August 8, 2019

January 31, 2019

September 10, 2018

Please reload

Search By Tags
Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square

© 2014 360benefits, Inc.

  • w-facebook
  • Twitter Clean
  • w-linkedin
TEL: 720.204.3019 | EMAIL: support@360benefitsonline.com