Most Small Practices are Not HIPAA Compliant
Welcome to part one of a three-part Tip of the Week series where we’ll focus on compliance. This week we’ll talk HIPAA…
So you have your Notice of Privacy Practices and a “HIPAA Form” for your patients to sign. Does this mean you will “pass” a HIPAA audit?
The latest news on HIPAA compliance is that the Office for Civil Rights, the agency charged with HIPAA enforcement, is now required to perform periodic audits of covered entities even in the absence of complaints. This is happening right now with pilot study audits that are in full swing. The documentation required by the auditing firm is extensive. A Notice of Privacy Practices and the accompanying acknowledgement form are not even the tip of the iceberg. There is a laundry list of policies and procedures that must be produced in response to an investigation.
Now for the good news. You can view list of probes used by the auditing firm here. Developing policies on your own may be daunting, but it is doable. Of course, you can purchase a HIPAA manual and training that has already been created and customize it for your practice. Customizing typically means editing a few pages and keeping the manual on file either in hard copy or electronically.
If you have questions about this topic or any other issues around the business of medicine, contact us via email or call us at 800-635-4040.