HIPAA Audit Report
The Audit Mandate
As an extension of the HITECH Act, which became effective on February 18, 2009, the audit mandate exposed health care providers that must adhere to HIPAA regulations to the possibility of being audited for compliance to privacy, security and breach notifications. The second round of HIPAA audits will measure the degree to which not only practices, but also covered entities such as health care providers and insurance …show more content…
For this reason, OCR isn't the only one paying attention to how well you're protecting PHI. Your patients are making decisions about where to go for health care based on your performance in these areas as well, so it's in your best interest to work on improving your HIPAA compliance procedures on every level.
How to Prepare Your Practice for HIPAA Audits
Here are some ways to be prepared for future audits that are inevitably coming down the pike:
1. Review Practice Documentation
In many cases, the second round of audits will be done off-site, and you will be expected to prove your practice's compliance by way of written documentation such as training procedures, memos, and a list of staff duties and policies. Therefore, it will be important to review existing documentation to ensure it is accurate, up-to-date, noted with a history of implementation, and easy for auditors to follow. The less you have to verbally explain and/or provide additional backup for, the easier the whole process will …show more content…
Get Familiar with your Business Associates
Because the second round of audits is centered around business associate compliance, you will need to have a good understanding of the business associates your practice works with regularly. In addition, you should be able to describe how PHI is communicated between your practice and business associates on a regular basis in compliance with HIPAA regulations.
3. Enforce HIPAA Compliance at all Times
Although it's important to enforce HIPAA compliance at any time, it is especially important to reiterate the importance of compliance to your staff at this time. Remind everyone who handles PHI of how to safely work with sensitive patient health data, and the importance of following practice policies. The more HIPAA regulations are enforced, discussed, and training resources are provided, the more likely your operations are to be in 100% compliance.
4. Only Email PHI if Necessary
PHI is at a high risk when emailed, whether internally or externally. If you don't need to send sensitive patient data to a business associate over email, then don't. Encourage staff members to limit email transmission of PHI whenever possible.
5. Invest in Updated Computer