As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on:
(1) their risk analysis and risk management plans under the HIPAA security rule;
(2) the content and timeliness for following the HIPAA breach notification rule; or
(3) the notice of the entity’s privacy practices for health information and patients’… More