The OCR’s Phase 2 Audit Program

The Office for Civil Rights (OCR) newly released the Phase 2 Audit Program. The audit process has started with the release of the rules and protocols. The need for a clear understanding of this new audit program by all Covered Entities (CE) and Business Associates (BA), or for that matter anyone who accesses, uses or discloses Protected Health Information (PHI) is acute. This is because the OCR has the power to review up to 180 different areas of the HIPAA privacy, security and breach rules.

Even if an organization is not selected for an OCR audit, it is important to be prepared, because any privacy or security complaint could trigger the same types of questions and requests for documentation as during the investigation.

A learning session on the program

A webinar that is being organized by MentorHealth, a leading provider of professional education for the healthcare industry, will review the detailed processes the OCR will use for the audits, and offer examples of the protocols. The speaker at this webinar, Kelly McLendon, a Health Information Management expert with over 36 years in the field, will show participants how to be prepared for an OCR audit.

All details of the OCR audit program

Kelly will offer understanding of the various aspects of this topic, such as how the Phase 2 audit program builds upon the 2012 Pilot audit program, details about the sites to be selected for an audit, how to spot initial indicators that an audit may be eminent, timeframes for sites being audited, examples of privacy, security and breach audit protocols, continued analysis of the protocols to bring the audience the latest information about the questions and required documents OCR are using in the audits, and how to prepare a compliance program for an OCR audit or investigation by reducing overall privacy and security risk.

Kelly will cover the following areas at this webinar:

• History of the OCR audit programs
• The processes and rules surrounding the 2016 OCR audit program
• Examples of privacy, security and breach audit protocols
• Steps to take in preparation for an OCR audit

This session is highly useful to personnel such as Privacy Officers, Security Officers, Compliance Officers, HIM Managers, Practice Managers, CIO, General Counsel and Physicians.