[fusion_builder_container hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” hundred_percent_height_center_content=”yes” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” video_preview_image=”” border_size=”” border_color=”” border_style=”solid”][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ spacing=”” center_content=”no” link=”” target=”_self” min_height=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”left top” background_repeat=”no-repeat” hover_type=”none” border_size=”0″ border_color=”” border_style=”solid” border_position=”all” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” dimension_margin=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=”” last=”no”][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” class=”” id=””]

The US Department of Health and Human Services, Office for Civil Rights (OCR) has without fanfare updated its comprehensive audit protocol, making substantive changes to inquiries to demonstrate how an organization applies it workforce sanctions policy and more broadly, compliance with the Breach Notification Rule. Released in 2016 for use by HIPAA covered entities and business associates to prepare for the Phase 2 Audit Program, the Audit Protocol is now used by health care organizations, as well as OCR’s own investigators, to evaluate an organization’s compliance with the privacy, security and breach notification rules.

What are the Changes?

A survey of the more substantive changes:

Privacy Rule

Sanctions Policy

Breach Notification Rule

What Action Should Organizations Take?

Healthcare provider practices, health plan administrators and business associates should prepare now so they’re ready if they are selected for a compliance review:

CynergisTek has updated its toolkit to reflect the latest changes to the OCR Audit Protocol. Please contact us to receive a copy.