The Department of Health and Human Services’s Office for Civil Rights (OCR) announced last week that it has launched Phase 2 of its HIPAA Audit Program. Under this Audit Program, OCR will review whether entities subject to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Data Breach Notification regulations are complying with those regulations. OCR has already begun to send initial emails to “covered entities” and “business associates” (defined in the HIPAA regulations) regarding the audits that seek to verify contact information.
Tip: These emails may be incorrectly classified as spam by corporate or email filters. OCR expects covered entities and business associates to check spam and junk email folders for emails from OCR.
Warning: Sophisticated cybercriminals could use the OCR audits as an opportunity to send fake OCR emails (“phishing emails”) in an attempt to trick employees into turning over individual health information or to click on links that download harmful malware into the organization’s computer network. Do not click on links or supply any documentation until Continue reading