By BLR Legal Editor Jennifer Carsen, JD
As a part of its continued efforts to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) has begun a round of audits of covered entities and their business associates.
These audits, like other OCR enforcement tools, are designed to help OCR to identify best practices and proactively uncover and address risks and vulnerabilities to protected health information (PHI).
The 2016 audit process begins with verification of an entity’s address and contact information. An e-mail is being sent to covered entities and business associates requesting that contact information be provided to OCR in a timely manner.