Washington, D.C. partner Peter Blenkinsop was recently quoted in a Medical Economics article titled, “What to do if you are notified of a HIPAA onsite audit.”
Phase 2 of the Health Insurance Portability and Accountability Act (HIPAA) Audit Program is currently underway. The Department of Health and Human Services (HHS) may ask covered entities and business associates to submit documents for a desk audit of their HIPAA compliance. In addition, HHS may also conduct onsite audits.
Peter stated that Phase 2 is primarily designed to address deficiencies found during Phase 1 and help HHS Services understand where there should be more guidance and training.
“One of the primary deficiencies they found in Phase 1 was that many covered entities had not done a thorough risk assessment of their vulnerabilities,” said Peter. “A second area where there were a lot of deficiencies was that of addressable safeguards.”
Although the idea of an audit can make many entities nervous, Peter suggests having brief training for those interacting with the auditors and coaching them on policies and procedures, what to expect, and how to respond.