HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



OCR delays phase two HIPAA audits

Email This Post Print This Post

chklist_paperOCR Director Jocelyn Samuels recently stated that audit procedures for phase two HIPAA audits have yet to be finalized, delaying the start date of the audits, according to lexology.com. OCR originally planned to begin phase two audits in fall 2014.

Unlike phase one, the second phase of HIPAA privacy, security, and breach notification audits will likely be desk-based, which means OCR will not conduct on-site audits of covered entities (CE) and business associates (BA) unless resources are available. OCR representatives confirmed during a panel at the 2014 AHIMA Convention and Exhibit September 30, 2014, that the agency had begun its process of randomly selecting CE for the next round of audits, but had not sent notifications to facilities yet. At minimum, it will include large and small hospitals, dental practices, health insurance companies, and health plans in its pool of organizations that may be selected for an audit. BA audits are expected to begin after CE audits are underway, according to the panel.

Visit the OCR audit program website for the latest on HIPAA audits.

Categories : OCR

Leave a Reply