The American Health Information Management Association (AHIMA) has released its External HIPAA Audit Readiness Toolkit to assist organizations in preparing for the upcoming Health Insurance Portability and Accountability Act (HIPAA) Phase 2 audits. The toolkit includes Phase 2 aspects for covered entities, business associates and includes tips in meeting responsibilities.
The HHS Office for Civil Rights (OCR) Phase 2 Audits began last year as an overall part of maintaining health information privacy, security and breach notification regulations.
The toolkit addresses the following topics:
- Introduction to legal requirements in HIPAA audits.
- The entire OCR HIPAA Audit process.
- A guide containing preparation information on audits and the expansion of the HIPAA Audit Protocol.
- Checklists on HIPAA audit steps, forms, policies and procedures.
- List of OCR documents requested.
- A master policy template for privacy and security compliance programs.
“Phase 2 audits are broader and require a more detailed level of compliance with HIPAA privacy, security and breach notification requirements,” said AHIMA CEO Lynne Thomas Gordon, MBA, RHIA. “This toolkit can serve as a comprehensive resource to help healthcare organizations and health information management professionals prepare for audits.”