It’s been a long time coming, but according to OCR, the phase 2 HIPAA audits are expected to begin in Spring 2016, so you’ll need to make sure your organization is prepared.
With a high number of breaches occurring in the last two years being attributed to a lack of encryption, employee negligence and cyber attacks, the phase 2 audits are likely to focus on these areas, as well as on HIPAA standards that were sources of high numbers of non-compliance in the phase 1 audits.
As well as covered entities, phase 2 audits will also be conducted on business associates of covered entities, such as health plan providers, billing companies and medical supply companies.
To ensure that you are prepared for a potential phase 2 audit, covered entities and business associates may find our downloadable checklist useful.