WASHINGTON, DC – The Health and Human Services Office for Civil Rights (OCR) updated it's Phase 2 Audit Protocols last month after more than two years.
The OCR is the agency that ensures those individuals who receive services from HHS-conducted or -funded programs can access and trust the privacy and security of their health information.
The last update to Phase 2 Audit Protocols was in April of 2016. A majority of the changes last month appear in the "Breach" section of the Audit Protocols. Some of the changes relate to the specific steps OCR Auditors should take when performing their work. Below is an example of the changes found in the Protocols.
April 2016 - Audit Inquiry - Content of Notification
"Obtain a list of breaches, if any, that occurred in the previous calendar year. Obtain and review a copy of a single written notice sent to affected individuals for each breach incident in the previous calendar year. For the first five breach incidents that occurred in the previous calendar year, obtain and evaluate documentation related to the required content in the written notices sent to affected individuals."
July 2018 - Audit Inquiry - Content of Notification
"Obtain and review a list of breaches, if any, in the specified period and documentation of written notices sent to affected individuals for each breach. Use sampling methodologies to select notifications sent to individuals to be reviewed and verify that the notices include the elements required by §164.404(c).
The revised Audit Inquiry, as noted above is more stringent than those published in 2016. Compliance officers previously could examine just the first five breaches in a 12-month period. Now the OCR Auditors must use a statistical model to identify which breach notifications to analyze.
If you are interested in learning more please feel free to contact us at Info@SunHawkConsulting.com
SunHawk Consulting serves the needs of company Boards of Directors, internal & external legal counsel, management and employees, special committees, bankruptcy trustees and receivers, and government agencies. SunHawk's Professionals have Over 300 Years of professional experience and combined have:
Over 300 Years of professional experience
1,100 corruption / forensic accounting / fraud investigations spanning 19 countries
200 Privacy / Cyber breach / HIPAA investigations
Testified before the United States Senate Finance Committee
Reported investigative or audit findings to:
Centers for Medicare and Medicaid Services (CMS)
Securities and Exchange Commission’s (SEC)
Former Regulators and Enforcement Professionals:
Assistant Inspector General at HHS OIG
Medicaid Program Manager, AHCA, Florida
Presented over 100 trainings to Professional Associations
To Learn more please visit www.SunHawkConsulting.com