The U.S. Health and Human Services (HHS) Office for Civil Rights (OCR) first began conducting HIPAA audits in 2014 and is continuing with phase two this year. The purpose of these audits is to ensure the protection of each individual's personal information. The second phase examines decryption and encryption, facility access controls, and additional high risk areas that have yet to be specified. If your company is being audited, it will receive an audit notification letter from the OCR and should plan for an estimated 30 to 90 day procedure.
With this knowledge, your company can begin to prepare for the assessments to make certain that you are ready.
In addition to these three suggestions, verify that your data software is up to date and that you are performing maximum effort to protect individual's information. Although it appears that a major focus will be on policies and procedures, do not forget about encryption and decryption as well as access controls. Anticipate data questions and inquiries as well; do not solely focus on policies.
The key take-away theme is to be up to date in all aspects of your company policies, software, employee training, etc. Knowing the main focuses of the phase-two audit can help you narrow where to place your attention and bring everything up to compliance standards. Keeping these three tips in mind, you can continue your journey to HIPAA compliance with confidence.