At the end of April, Healthcare IT News sat down with Chris Apgar, an expert in HIPAA compliance, information security and expert privacy, and Mahmood Sher-Jan, vice president of product management at ID Experts, a provider of data breach solutions, to discuss some aspects of a HIPAA audit that healthcare providers should keep in mind.
When healthcare physicians address potential HIPAA violations, they should see an investigation as an opportunity to receive expert advice on their privacy and security regulations, according to Apgar.
"If you're selected and you've completed your risk analysis, you have policies and procedures implemented, and you can show you're making a good-faith effort, look at it as an opportunity for someone to come in, externally, and help your compliance efforts," Apgar told the news source.
Over the last year and a half, the Office of Civil Rights (OCR) has been urging healthcare providers to increase training programs, policy awareness and discussions on incident response and risk analysis. Apgar explains the importance of understanding the culture of compliance, as set by OCR.
Since April of 2005, the Administrative Safeguard section of the rules on HIPAA compliance has required an annual risk analysis from every healthcare provider and Apgar stresses the importance of performing one.
Sher-Jan spoke on the overlap of a healthcare organization undergoing an audit and undergoing an investigation. For example, UCLA Health Systems was audited and, because the organization could not provide proof of training on privacy and security regulations, OCR pushed a further investigation.
Healthcare providers looking to avoid HIPAA violations should speak to a hospital consultant with expertise in privacy and security processes.