HIPAA Phase 2 Preparedness Tool

HITECH requires the HHS Office for Civil Rights (OCR) to conduct periodic audits of covered entity and business associate compliance with the HIPAA Privacy, Security, and Breach Notification Rules.

Phase 2 of the HIPAA Audit Program is reviewing the policies and procedures of care centers directly related to:

  1. Privacy Rules

  2. Security Rules

  3. Breach Notification Rules

HIPAA has established important national standards for the privacy and security of protected health information. The Health Information Technology for Economic and Clinical Health Act (HITECH) established breach notification requirements to provide greater transparency for individuals whose information may be at risk. OCR is currently implementing phase two of the program, which will audit both, covered entities and business associates. Here is a simple form that we have developed to assist you to evaluate your HIPAA phase 2 preparedness.