Skip to content

HIPAA Audits in Full Swing – Compliance Information

The U.S. Department of Health and Human Services (HHS) is in full swing of Phase 2 of its audit program as part of ongoing efforts to assess HIPAA compliance. In May, HHS sent emails to thousands of covered entities and business associates to initiate the Phase 2 audit process, which consists of the following:

  1. A pre-audit questionnaire email to gather information about size, type, and operations of prospective auditees. The data gathered will be used with other information to create potential audit subject pools. The chosen auditees will have ten days after receipt of the email to gather and send back requested documentation.

Note that if an entity does not respond to OCR’s request to verify its contact information or pre-audit questionnaire, HHS will use publicly available information to create its audit subject pool.

  1. Desk audits of the selected audit targets from the audit pool, including both covered entities and business associates.
  1. Comprehensive onsite audits of selected desk auditees.

According to HHS, the audit process will employ common audit techniques. HHS has posted online an audit program protocol containing general instructions and descriptions of the audit areas to help guide chosen covered entities and business associates.

Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.

Back To Top