Second Phase of HIPAA Audits Shifts into High Gear


Daniel Gottlieb contended that the HHS Office for Civil Rights Phase 2 audit program focuses more on data security risks to protected health information and on pervasive non-compliance, rather reviewing compliance with all HIPAA privacy standards. “In circumstances where an audit reveals a serious compliance concern, OCR may initiate a compliance review of the audited organization that could lead to civil money penalties,” said Mr. Gottlieb.