Your practice may not be one of the 350 organizations targeted by the upcoming HIPAA compliance audit, but that is no reason not to investigate into the services that can help you stay on track.
Healthcare Info Security recently featured a piece that used the advice of attorney Adam Greene to parse out what companies can expect and what to do to make the process easier. Here are some of the points that medical organizations might want to remember when it comes to these audits:
- Know the different areas being assessed: Not all of the audits will focus on the same thing, Greene says: among the 350 different audits, about 150 health organizations will be targeted for the HIPAA security rule. The rest will address privacy and data breach notification compliance.
- Get your information in order: "OCR [the Office of Civil Rights] has indicated they are not going to do follow-up questions...so you want your policies and procedures to tell a good story of your compliance," Greene says. "You won't have the same opportunity as [in the pilot program] to explain things to the auditors." In other words, all relevant information should be easy to access and ready for practices to present.
- Be prepared for a fast-paced process: In addition to not making live site assessments this time, Health IT Security quotes from an unnamed representative of the OCR, who says the intention behind these audits will be to move fast, especially since fewer organizations are being looked at.
By installing HIPAA compliance software now, your practice can keep up-to-date with the healthcare industry's standard of organization and the type of response that these auditors will respect. The lessons that the government learns from this experience may be applied to future audits, so it's good to be aware of them.