Road to HIPAA Compliance: Preparing for Phase 2 HIPAA Compliance

by KirkpatrickPrice / December 9th, 2015

How Can You Prepare Your Organization for Phase 2 HIPAA Audits?

This webinar covers an overview of what to expect as we shift to a new phase of proactive supervision and how to prepare for an onsite audit from the OCR. 

First, let’s look at the background of the OCR Period Audit Process and Enforcement Action:

  • 2009: HITECH requires periodic audits of covered entities and business associates
  • 2011/2012: Phase 1 Audits began
  • 2013: Evaluation period, where they reviewed the results of Phase 1 Audits
  • 2014: Phase 2 Audits originally scheduled to begin, but because of delays, that date was not met

From the Phase 1 Audits, we learned:

  • 65% of findings were from the Security Rule
  • 7% Administrative Safeguards
  • 54% Technical Safeguards
  • 76% Physical Safeguards
  • 81% of findings were from Healthcare Providers
  • 66% of findings were from Level 4 entities
  • Trends moving forward into 2015/2016
  • Emphasis on risk analysis
  • Theft of electronic media
  • Attorneys General actions

A few examples that we cover in this webinar are from Anchorage Community Mental Health Services, which was fined $150,000 to settle findings, and Cignet, on which the HHS imposed a $4.3 million Civil Money Penalty. As your organization prepares for Phase 2 Audits, we recommend learning about the updated audit protocol, online portal for data collections, desk audits, and the HSS. Listen to the full webinar to learn details on these topics.

How can KirkpatrickPrice help? We are here to provide a roadmap to your organization. If you’re unsure of where to start, we recommend beginning with a risk assessment. We have very experienced risk assessment practices and can help you walk through that process. We can assist you in policy and procedure review, identify any gaps, and make recommendations. We have an audit approach that is modeled on the HIPAA Audit Protocol, which is published by the DHHS. We have expert personnel; when you work with KirkpatrickPrice, you’re working with someone who is certified in data security, IT governance, and information security. We also have a web-based portal experience; it could be beneficial for your organization to go through an audit with an audit partner before going through the audit with some type of supervisory organization, like the OCR. Contact us today to speak to an expert.