News & Resources

Publications & Media

“OCR Launches Mobile App, Promises Access Guidance and Promises Audits Coming Soon”

Safe and Sound By Jennifer J. Hennessy, Rachel H. Bryers, and Samuel A. Magnuson

The Office for Civil Rights (“OCR”) has been busy lately, having recently launched a mobile application; promised a late October release of informal guidance on individuals’ right to access their medical records and promised that Phase Two of the HIPAA audits will be starting shortly. Following are the high points; read our Health Law Alert for a detailed discussion.

OCR Invites Questions/Input from Mobile App Developers
The OCR has launched a platform to gain feedback on the types of guidance mobile app developers need on the HIPAA regulations. Users can access the platform to provide input on issues, submit questions about HIPAA, present a use case, participate in peer discussions, and vote on topics / use cases.

For more on mobile apps, attend our November 3, 2015 webinar: “Regulatory Compliance for Health Care Mobile Apps: There’s Not an App for That . . . But There Is a Webinar.

OCR to Clarify Individual’s Rights
The OCR announced that it will soon issue informal guidance which will clarify individuals’ rights to access their health records under HIPAA, likely in the form of FAQs. The majority of the currently existing access FAQs on the OCR’s website related to access address issues other than an individual’s right to access his/her own records (e.g., personal representatives accessing the record).

Phase Two of HIPAA Audits Coming Soon
The OCR Director indicated that a vendor has been chosen to perform the (previously postponed) second phase of HIPAA compliance audits, and that these audits may begin soon. Phase One of the audits was conducted in 2011 and 2012, focused only on covered entities, and required those audited covered entities to provide documentation of their privacy and security compliance efforts. The OCR conducted a site visit for all of those Phase One audits.

The Phase Two audits will focus on monitoring compliance with the HIPAA Privacy, Security and Breach Notification Standards, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The Phase Two audits are expected to cover both covered entities and business associates. We will update you when the OCR releases further information on commencement of the Phase Two audits.