HIPAA Audits are coming in 2016 and How to Prepare
Last year the Office of Inspector General of the U.S. Department of Health and Human Services (HHS) announced that the HHS Office of Civil Rights (OCR) audits would begin early in 2016. Periodic random audits will assess HIPAA compliance to strengthen enforcement efforts and improve operations and efficiency.
What specific information does the audit pertain to?
The audit will be focusing on OCR protocols, HIPPA privacy, and “potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information” (U.S. Department of Health & Human Services). Specifically, the audit will investigate the handling of private patient information and records, how the information is tracked, maintained, and whether the information is secure.
Who will be affected?
Health care providers, insurers, clearinghouses, and business associates can be subject to an audit. All are required to disclose any breaches of clients’ protected health information. The audits also examine compliance with regard to privacy and physical security of patient health information.
How to prepare
To ensure that compliance is met, review HIPAA policies regarding confidentiality, proper procedures for collecting, maintaining and storing patient information, also known as “identifiers,” with all staff and employees.
Identifiers include information such as a patient’s name, address, all elements of dates (date of birth, admission, discharge, death, age, etc.), contact information, identification numbers such as Social Security and account numbers, even photographs of the patient. Click here for a more comprehensive list of identifiers.
What if security is breached?
A security breach is defined as an unauthorized use or disclosure under the HIPAA Privacy Rule that compromises the security or privacy of personal health information. Have a plan in place to deal with a security breach. Pimsy HIPPA Audits
Basic risk assessment and breach protocols include: individual notice to the patient(s), media notice, notice to the HHS Secretary, and notification by a business associate.
Preparation is key
Preparing in advance for the possibility of an HIPAA audit will make the process much easier in the event that you are audited. Furthermore, training staff in compliance improves the processes by which patient information is collected and maintained. Finally, doing well on the audit will earn your business high rankings and save time and money.
Vermont Medical Malpractice Defense Attorneys
The attorneys at Cleary Shahi & Aicher are experienced in handling medical and professional malpractice, commercial litigation, employment matters, and more. If you are in need of information or representation regarding noncompliance, call Cleary Shahi & Aicher at 802-775-8800 today or contact us online.