HHS Office for Civil Rights sends preliminary surveys for Phase 2 of HIPAA audit program

The U.S. Department of Health and Human Services Office for Civil Rights has sent pre-audit screening surveys to covered entities that could be selected to participate in Phase 2 of the HIPAA audit program, OCR has confirmed to FierceHealthIT.

In an emailed statement, OCR said it has started verifying contact information for covered entities. "Additional information about the audit program is forthcoming," the statement said. "Check our website for updates."

In an article published in the National Law Review earlier this week, attorneys with law firm McDermott Will & Emery said that covered entities reported receiving the surveys; Edward Zacharias, a Boston-based partner with the firm, confirmed the news to FierceHealthIT.

"We have heard from contacts in the industry that at least some people have received the surveys," Zacharias said. "We don't know if OCR plans to send the surveys in phases or if they've all gone out, but certainly some covered entities have received them."

OCR announced last spring that about 350 covered entities would receive data requests for the audits, as well as 50 business associates. That number, according to the NLR article, will be whittled down from a randomly selected pool of between 550 and 800 survey recipients; the survey, the authors write, requests organization and contact information.

Phase 2 of the audit program initially was slated to begin last fall, but those plans were temporarily derailed late last summer as the agency worked to tweak an online portal through which entities could submit information. In March, HHS OCR Director Jocelyn Samuels, speaking at the 23rd National HIPAA Summit, said the second phase of the program was still under development, adding that the portal was still in the process of being set up.

To learn more:
- here's the National Law Review article

Suggested Articles

JLABS executive Kate Merton talks about the JLABS model and Johnson & Johnson’s interest in digital health.

One strategy to address cybersecurity with board leadership is to use the power of storytelling and narrative to make it real, according to a report.

Give patients the option to choose, and they will find the best communication tools for their unique mix of health issues and personal preferences.