Breaking Compliance News Blog

OCR Publishes Preliminary Results of its Phase 2 HIPAA Audits

Posted by Margaret Scavotto, JD, CHC on 10/5/17 7:05 AM

Find me on:

phase 2.jpg

The OCR recently released an update on Phase 2 of its HIPAA audit program. Updates include:

  • Desk audits for 166 covered entities are complete
  • Desk audits for 41 business associates are underway
  • After the desk audits are finished, on-site audits will begin

The OCR scores entities on their HIPAA compliance on a scale of 1 (in compliance) to 5 (no serious evidence of compliance). Results were mixed:

  • For timeliness of breach notification, 65% of covered entities received a 1 score (the highest score)
  • For content of breach notification, only 14% of covered entities scored a 1
  • For content of notice of privacy practices, only 2% of covered entities scored a 1!
  • Covered entities did better with the provision of notice of privacy practices: 57% received a 1 score
  • Only 1% of covered entities scored a 1 for right of access
  • ZERO covered entities received a score of 1 for their HIPAA security risk analysis
  • For Security risk management, 1% of covered entities earned a 1 score

 What scores would your organization receive?

You can read the OCR’s findings, and its desk audit protocol, here: https://www.nist.gov/sites/default/files/documents////sanches_0.pdf

MCS Sig Aug 2017.jpg

HIPAA on a budget:  Get HIPAA compliant with MPA's  HIPAA Tool Kit

Topics: HIPAA

    Privacy Policy           Terms of Use