The Phase 2 audit program for HIPAA compliance is under way. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that it had launched the Phase 2 audits to examine and assess how covered entities and their business associates are adhering to the HIPAA Privacy, Security, and Breach Notification Rules. OCR will survey a relatively small sample of entities using both remote desk and onsite audits, and aims to use the results of Phase 2 to improve HIPAA compliance.

Covered entities and business associates would be well served to prepare for these audits now. Please read the full advisory here for more information about the Phase 2 HIPAA audits and how your organization or health plan can prepare.