OCR Launches Phase 2 HIPAA Audits via Email Destined for Your Spam Folder

This week the Office for Civil Rights (OCR) announced that it has begun the next phase of HIPAA compliance audits. The Phase 2 audits are being rolled out in three steps.


Step 1 is entity verification by email.  The OCR will email covered entities and business associates to verify their addresses and contact information.  The OCR cautioned that these emails may be incorrectly categorized as spam and expects covered entities and business associates to check their junk mail or spam folders for emails from the OCR.  Entities that fail to respond may still be selected for an audit or compliance review as the OCR will use publically available information about the entity to create its audit subject pool.  Learn more about Phase 2 HIPAA Audits here.


Sarah Cronan Spurlock and Dustyn B. Jones are with Stites & Harbison, PLLC.