The second phase of audits for compliance with Health Insurance Portability and Accountability Act (HIPAA) regulations is underway. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) selected a total of 167 health plans, health care providers and health care clearinghouses to be audited.

Selected physician practices would have received an email from OCR on July 11. The email may be incorrectly classified as spam, so check your spam and junk folders to make sure you didn't miss it.

The 2016 phase 2 HIPAA audit program is a key part of OCR’s health information privacy, security and breach notification compliance activities. The audit program allows OCR to assess covered entity compliance with the HIPAA regulations.

The phase 2 audit places more attention on areas of greater risk to the security of protected health information and on pervasive non-compliance, based on OCR’s phase 1 audit findings and observations, rather than a comprehensive review of all of the HIPAA standards.

OCR said that physicians selected for audits should view them as a tool to identify best practices and discover risks and vulnerabilities, not as an enforcement activity. The ultimate goal of the audits, the agency said, is to help OCR provide better guidance to the health care community.

If your practice has been selected for an audit, you will need to submit the requested documentation and any written comments demonstrating your compliance with the following HIPAA requirements to OCR by July 22. The final audit report will be completed within 30 days of your response and OCR will share a copy of the final report with you.

For more information about the audit, click here.