May 9, 2016

The Department of Health and Human Services (HHS) has launched the second phase of its HIPAA audit program, which focuses on compliance with HIPAA’s Privacy, Security and Breach Notification Rules.


This phase affects covered entities and business associates. If an audit reveals a serious compliance issue, HHS’ Office for Civil Rights (OCR) may investigate. The entities selected for an audit will have 10 business days to submit the requested information, and another 10 business days to respond to draft findings.


Covered entities and business associates should still prepare for a possible audit by reviewing their compliance with HIPAA’s Privacy, Security and Breach Notification Rules.


Communications from OCR will be sent via email and may be incorrectly classified as spam, so OCR expects covered entities and business associates to check their spam folders for emails from An entity that does not respond to OCR may still be selected for an audit or be subject to a compliance review.     

Please reload

Featured Posts

Open Enrollment Management

September 27, 2019

Please reload

Recent Posts

September 27, 2019

August 8, 2019

January 31, 2019

September 10, 2018

Please reload

Search By Tags
Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square

© 2014 360benefits, Inc.

  • w-facebook
  • Twitter Clean
  • w-linkedin
TEL: 720.204.3019 | EMAIL: