The OCR recently issued three guidance documents in response to questions received from covered entities currently under audit: (1) a list of all Q&As received from audited entities; (2) a table showing the documents OCR requested for each audit protocol and the Q&As associated with that audit protocol; and (3) slides from an OCR webinar for audited entities. The OCR is currently auditing covered entities, such as employer-sponsored group health plans, for compliance with HIPAA’s privacy and security rules. This new guidance should be helpful to plan sponsors, as well as to HIPAA Privacy and Security Officials, in their ongoing HIPAA compliance efforts.

View the three guidance documents.