OCR Launches Phase 2 HIPAA Audits for Covered Entities and Business Associates: Are You Ready?

Developing, Ensuring and Documenting HIPAA and HITECH Privacy and Security Compliance; Lessons Learned From Phase 1

Recording of a 90-minute CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, May 17, 2016

Recorded event now available

or call 1-800-926-7926
Course Materials

This CLE course will provide guidance for healthcare counsel on the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) Phase 2 HIPAA audits, including preparing for OCR audits, conducting self-audits, and minimizing the risks of HIPAA noncompliance.


On Mar. 21, 2016, OCR announced it officially launched its much-anticipated Phase 2 HIPAA audit program. This announcement comes on the heels of multi-million dollar settlements with Minnesota and New York healthcare organizations, respectively, thereby demonstrating OCR’s emphasis on HIPAA enforcement.

OCR will conduct both desk audits as well as on-site reviews of both covered entities and business associates. Desk audits are to be completed by Dec. 2016. Noncompliance with the HIPAA standards or failure to fully cooperate in the audits could result in the imposition of civil monetary penalties.

Healthcare counsel and privacy and security professionals must understand the scope and process for the Phase 2 audits to fully prepare covered entity and business associate clients for an audit. They should also guide clients in identifying and eliminating gaps in HIPAA compliance.

Listen as our authoritative panel of healthcare attorneys discusses lessons learned from past audits, OCR Phase 2 audit scope and timeline, and how to prepare for audits using a risk-based approach. The panel will also offer best practices to identify risks of noncompliance and minimize said risks.



  1. Phase 2 HIPAA audits
    1. Scope
    2. Timeliness
    3. Audit process
    4. Lessons learned from past audits
  2. Preparing for an OCR audit
  3. Conducting a self-audit
    1. Policies addressing privacy
    2. Security of PHI
    3. Reporting procedures
  4. Best practices for identifying and minimizing risks of noncompliance


The panel will review these and other key issues:

  • What are the practical lessons from OCR’s Phase 1 audits?
  • What steps should covered entities and business associates take to prepare for OCR audits?
  • What practices should covered entities and business associates employ to successfully navigate a Phase 2 audit?


Bruce D. Armon
Bruce D. Armon

Saul Ewing Arnstein & Lehr

Mr. Armon is Chair of his firm's Health Care Practice and concentrates his practice in corporate...  |  Read More

Karilynn Bayus
Karilynn Bayus

Vice Chair, Health Care Practice Group
Saul Ewing

Ms. Bayus represents and counsels health care entities and providers in transactional, regulatory and...  |  Read More

Cohen, Samuel
Samuel C. Cohen

Arent Fox

Mr. Cohen's practice focuses on counseling clients regarding compliance with health care fraud and abuse laws, with...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video