The American Health Information Management Association (AHIMA) published a new toolkit to help healthcare organizations prepare for Health Insurance Portability and Accountability Act (HIPAA) Phase 2 audits.
The External HIPAA Audit Readiness Toolkit addresses key aspects of Phase 2 audits, including helping covered entities and business associates understand their respective requirements. The toolkit also features best practices and tips to meet all the necessary responsibilities.
Started last year, the Department of Health and Human Services' Office for Civil Rights (OCR) Phase 2 Audits include desk and on-site visits.
[Also: On-site HIPAA audits coming in 2017, OCR official says]
"Phase 2 audits are broader and require a more detailed level of compliance with HIPAA privacy, security and breach notification requirements," AHIMA CEO Lynne Thomas Gordon said in a statement. "This toolkit can help healthcare organizations and health information management professionals prepare for audits."
The audit program is part of OCR's overall health information privacy, security and breach notification compliance regulations. Some Phase 2 audits will be conducted on site to examine a broader scope of HIPAA requirements than those addressed during the initial desk audits.
AHIMA's audit readiness toolkit includes an introduction to the legal requirements involved in the HIPAA audits, outlines OCR’s process, and includes an expansion on the HIPAA Audit Protocol.
The toolkit also contains checklists for HIPAA audit steps, forms, policies and procedures, as well as a list of potential documents that OCR could request and a master policy template for the privacy and security compliance program.
The toolkit is free for AHIMA members.
Twitter: @HealthITNews
