Preparing for HIPAA Phase II Audits: It’s All About the Documentation

Price: $224 OnDemand


Sign up today for an entire year of unlimited access to relevant, timely professional learning courses, including webinars, eLearning courses and OnDemand offerings, and keep your professional credits up to date. All for just $399.

Learn more about the subscription!



The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is about to begin Phase II of its HIPAA audits of covered entities and business associates. All businesses subject to HIPAA regulation would be well-served to prepare for this new round of audits by performing a check-up of their HIPAA compliance programs, especially with respect to documentation.

This presentation will review key risk areas that OCR is likely to focus on in the Phase II audits, for both covered entities and business associates. It will also highlight areas where HIPAA compliance programs often fall short or fail to address emerging security and privacy risks. Even if your organization is not selected for a Phase II audit, the process of preparing for one can be a valuable exercise to ensure that your HIPAA compliance program is on the right track.

Educational Objectives:
• Learn what OCR will be looking for in the Phase II audits.
• Find out about key risk areas affecting HIPAA covered entities and business associates.
• Understand how to ensure that your policies, procedures and documentation will pass muster if audited.
• Discover the mechanics of how Phase II audits will be conducted.

Who would benefit most from attending this program?
Compliance professionals and attorneys for HIPAA covered entities and business associates; privacy officers; all companies that provide services, directly or indirectly, to the healthcare industry.



Reece Hirsch is a partner in the San Francisco office of Morgan Lewis and co-head of the firm's Privacy and Cybersecurity Practice. He advises clients from all sectors of the healthcare industry on HIPAA and healthcare privacy and security matters, including development of compliance programs and related policies and procedures, security breach response, due diligence and contracting matters. Mr. Hirsch has been named an Outstanding Healthcare Information Technology Attorney by Nightingale's. He serves on the editorial advisory boards of Bloomberg BNA's Health Law Reporter, Healthcare Informatics and Briefings on HIPAA. He has also served on two advisory groups to the California Office of Privacy Protection charged with developing recommended practices related to security breach response and medical identity theft.

Mr. Hirsch earned a J.D. from the University of Southern California Law School and a B.S. from Northwestern University. He is admitted to practice in California. Mr. Hirsch is a member of the American Health Lawyers Association; the Health Law Section of the American Bar Association; the California Society for Healthcare Attorneys; the Healthcare Financial Management Association; the International Association of Privacy Professionals; the Society of Professionals in Healthcare; and the Advisory Group of the California Office of Privacy Protection.