HIPAA Compliance Reviews – Audit Protocol

In connection with this second phase of HIPAA audits, OCR released an updated audit protocol that identifies potential areas of audit inquiry. To prepare for a possible HIPAA audit, covered entities and business associates should review their compliance with HIPAA’s Rules and make any necessary changes. OCR’s audit protocol can be used as a guide for self-audits of HIPAA compliance.

Also, even if a health plan or business associate is not selected for a Phase 2 audit, it is still important to remain prepared for a HIPAA compliance review—OCR will likely continue its enforcement efforts after the Phase 2 audits are complete.

Audit Protocol

OCR published an audit protocol to provide clarity on the HIPAA standards that auditors may assess during an audit. OCR first made its HIPAA audit protocol available in 2012 in connection with its pilot audit program. In 2016, OCR released an updated audit protocol, which includes changes made by the HIPAA Omnibus final rule from 2013.

Read more»


The information provided herein is intended solely for the use of our clients. You may not display, reproduce, copy, modify, license, sell or disseminate in any manner any information included herein, without the express permission of the Publisher or Publishers of articles within.

The information provided is for informational purposes only and does not constitute legal advice. The information above contains only a summary of the applicable legal provisions and does not purport to cover every aspect of any particular law, regulation or requirement. Depending on the specific facts of any situation, there may be additional or different requirements. This is to be used only as a guide and not as a definitive description of your compliance obligations.