New HIPAA audits raise the bar on compliance teams

New audit protocol

The Health and Human Services Office for Civil Rights (OCR) has launched the second phase of its HIPAA Audit Program. Now, both covered entities and business associates are subject to the audits. The process will include RFI’s, desk audits, and for a select number of entities, on-site audits.

In preparation for the phase 2 audits, OCR has updated the audit protocol. This new protocol dwarfs the previous release, with over 1,000 audit inquiry line items. The sheer volume of audit inquiries will be monumentally time consuming for an entity’s IT and Security teams. Consider this one inquiry:

Obtain and review documentation demonstrating the records of information system activities that were reviewed such as audit logs, access reports, and security incident tracking reports. Evaluate and determine if information system records were reviewed in a timely manner and that the review was conducted and certified by appropriate personnel. 

To continue reading this article…

Start your monthly or annual subscription to HIT Leaders & News today!

A monthly Standard subscription to all our regular news articles costs only $12.00 per month, or $144.00 for an annual Standard subscription.

Already a subscriber? Log in


HIPAA, OCR, Office for Civil Rights, Proficio, SIEM


Please follow and ‘Like’ us


©2021 HIT Leaders and News, a GO Digital Media publication. All rights reserved.