HHS has announced that Phase 2 of the HIPAA Audits has begun. If you remember, Phase 1 had some pretty dismal results. Of the 115 entities audited, only 11% were in full compliance. Last year they sent out pre-selection surveys and as promised, the audits have now begun.

Every healthcare provider needs to make sure that their email software is set to accept email from  OSOCRAudit@hhs.gov. You must respond to the email that they send out -- you cannot use the excuse that it ended up in your Spam or Junk mailboxes and you didn't see it. The simple solution is to add the OCR email address (shown above) to your 'approved sender' list, assuring that you don't miss that important email.

For those not selected for an audit, this doesn't mean that you are off the hook regarding HIPAA. Everyone that is a covered Entity MUST be following HIPAA standards. Are your Policies and Procedures up to date? Have you taken all the appropriate measures to ensure that you are protecting Patient Health Information (PHI)? The OCR is finding weak points in the system and you need to be addressing your own weaknesses as well. If you haven't recently completed your own Risk Assessment, do it now! Doing so will help you determine your own weaknesses, giving you time make necessary adjustments to ensure compliance. Your efforts can help to establish your good faith attempt to comply before you get that email alerting you that an audit is taking place.