The HHS Office for Civil Rights (OCR) has begun the second phase of audits of covered entities and their business associates. Covered entities take into account employers with self-insured group health plans. Both covered entities and their business associates should review their policies and documentation to ensure proper compliance with current HIPAA regulations. Audits by the government will include both (1) “desk audits,” which are remote audits and (2) on-site audits. The agencies announced the beginning of Phase 2 of the audit program on March 21, 2016. Read more here.
Two recent settlements with the OCR further reinforce the importance of obtaining proper Business Associate Agreements (BAAs) with the appropriate business associates (BAs) In both cases, the liable organization had failed to enter into BAAs with the respective BAs. The OCR conducted investigations and subsequently entered into settlements totaling $2.3 million. Read more here and here.