ARE YOU READY FOR A HIPAA AUDIT? HIPAA Checkmark
The Office of the Inspector General has mandated “routine” HIPAA audits, inspections that are random rather than triggered by a complaint.
Although the auditors typically give about a 2-week notice, practices are required to submit documentation of policies and procedures in place at the time the practice receives the notice.
Here are some* of the things auditors require:
Written policies and procedures to comply with HIPAA regulations
Documentation of initial and periodic workforce training
Notice of Privacy Practices posted in the office, available to all new patients, and on the practice’s website
Reasonable and appropriate measures to protect patient information – healthcare information and payment information
Security measures to protect confidentiality, availability, and integrity of electronic information
Documentation of periodic audits performed internally or outsourced
A list of business associates that includes software vendors and IT companies
An updated Business Associate Agreement with each one on the business associate list
Physical measures to prevent inappropriate use or disclosure of protected health information
Breach Notification policy and training
Contingency plan (with training) for emergency operations
Termination procedures when a workforce member leaves the practice
* This list is a great place to start, but by no means is it comprehensive or will it ensure that you will not be in violation of HIPAA regulations should you be audited.
If you have questions about how your practice can maintain HIPAA compliance, please contact our HIPAA compliance team via email or call us at 800-635-4040. and ask for the compliance department.
Also check out our Simply HIPAA kit, which contains a customizable HIPAA manual as well as all related training for practice staff and management.