The US Department of Health and Human Services’ Office for Civil Rights (OCR) is gearing up for the second phase of Health Insurance Portability and Accountability Act (HIPAA) audits. As reported in trade press, a government official announced that the audits may be rolled out shortly. The OCR has chosen a vendor to conduct the audits and has started verifying contact information for potential auditees.

We will continue to monitor for a written announcement and/or guidance from the OCR. In the meantime, HIPAA-covered entities should review (and update as necessary) their policies and procedures and make sure that their workforce members are trained to comply with HIPAA’s privacy and security rule requirements.