HIPAA Audits on the Way: Is Your Practice Ready?
The U.S. Office for Civil Rights of the Department of Health and Human Services will soon be starting to conduct random HIPAA audits. These audits will target health care facilities, including physician practices. Under review is each facility’s regular and consistent use of HIPAA safeguards to ensure patient privacy and security. Additionally, the OCR will be on the lookout for practices in place for security breach notifications and policy and procedure training.
Health care practices found to be non-compliant with these laws can face hefty fines and other penalties. Despite these risks, only 32 percent of medical practices are aware of these looming audits, an alarming statistic for health care facilities.
To be sure your practice is compliant, there are a few requirements that must be met. The very first is creating a compliance plan. Though this may seem like an obvious necessity to some, only 58 percent of facilities polled in a survey by NeuMD reported that they had a plan, 23 percent said they did not, and nearly one-third had no idea if they did or not. It is incredibly important for all members of a health care provider’s staff to be on the same page when it comes to HIPAA compliance. Now is the time to develop a compliance plan that addresses how patient information is secured, stored, and sent.
Additionally, each security and privacy officer must have his or her responsibilities clearly outlined to ensure a thorough and efficient compliance plan. Further, there should be regular and updated compliance training that allows all employees to understand their responsibilities and stay abreast of changes in the law.
While compliance plans are vitally important, they cannot always protect against a privacy breach. These breaches happen, unfortunately, more often than many realize and can be the result of unencrypted health information or computer hacking. A health care practice is well advised to adopt and implement a policy to handle HIPAA security breaches. To stay on top of these risks, a practice should conduct regular risk analyses that show in what where their PHI may be insecure.
If you would like to know more about complying with HIPAA regulations, meet with the skilled New Jersey, New York, and Pennsylvania health care attorneys at Buttaci Leardi & Werner, LLC.
- Posted on: Feb 9 2015