HIPAA “Phase 2” Audits: Are You Ready?

Marvin "Bucky" Swift • May 4, 2015

The Civil Rights Office of the Department of Health and Human Services announced a “Phase 2” audit program in the Fall of 2014.  That audit program was delayed due to funding issues, but appears to be back on schedule for 2015.  These Phase 2 audits are expected to be more in depth and focused on reviewing procedures and documentation related to the areas of HIPAA security and privacy risk management, breach notification and Notice of Privacy Practices.  Although the early Phase 2 audits are expected to target Covered Entities (employers sponsoring self-insured group health plans), Health Care Providers and Clearinghouses, the audits are also expected to expand to include HIPAA Business Associates.

What should you do to prepare for a Phase 2 HIPAA audit?  Entities may wish to take the following steps:

  • Conduct an internal audit (DHS issued audit guidelines in 2012 and a Covered Entity may use them to conduct its internal privacy and security analyses);
  • Implement and/or update your HIPAA Privacy and Security Policies;
  • Appoint a HIPAA Privacy Officer and a Security Officer (and ensure those Officers understand their responsibilities);
  • Train employees who have access to Protected Health Information (“PHI”) on privacy and security rules; and
  • Limit access to PHI (both physically and electronically) only to those employees authorized to access it.

If you have any questions about the Phase 2 audits, please do not hesitate to contact any of the attorneys in the Employee Benefits and Executive Compensation Practice Group at Snell & Wilmer.

Employee burnout: what it is and how to prevent it

By Mardy Gould May 24, 2024
Employee burnout has become an epidemic in today’s modern workplace. So much so that the World Health Organization (WHO) officially recognizes it as an “occupational phenomenon.”1 While many used to consider mounting workplace stress an individual employee problem, these days, it’s become an employer’s responsibility to prevent burnout before it hurts productivity and business performance—not to mention your employees’ physical and mental health. Luckily, you can prevent burnout from affecting your workforce in several ways. This article will explore the causes and signs of employee burnout and the steps you can take to create a positive work environment where employees feel safe from toxic stress levels.

Form 720 and PCORI fee FAQs

By Mardy Gould May 23, 2024
If you're a small business owner, you may have heard of the acronym PCORI and the fees that come with it. But what is PCORI, and how does it apply to your organization? Under the Affordable Care Act (ACA), sponsors of self-insured health plans must pay a fee to fund the federal Patient-Centered Outcomes Research Institute (PCORI). PCORI is an independent organization the ACA created to conduct research to help healthcare consumers make better decisions for their specific needs and outcomes. It also performs research related to clinical effectiveness. Employers offering a self-insured medical reimbursement health plan, such as a health reimbursement arrangement (HRA), must pay this fee by July 31 each year via Form 7201. This fee was initially set to expire in 2019, but Congress extended it through September 30, 20292, due to the Further Consolidated Appropriations Act of 20203.
More Posts