2016 HIPAA Audits Are Underway – What You Need To Know

The HHS Office for Civil Rights (OCR) has begun its second phase of HIPAA audits of covered entities and their business associates, in order to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules.

While the OCR is determining which covered entities and business associates will be included in this round of audits, there are some vital things you need to do to prepare your company for a HIPAA audit.

If you are a covered entity or a business associate – you could be audited, and so far it was suggested that more than 200 desk and on-site audits should be completed by the end of this year. The OCR expects to include a wide range of entities in the audits; also, even if you are just selected as a business associate of a covered entity that is selected, you could be audited as well.

The selection will happen randomly from a pool of audit candidates, and they will be notified via email. Covered entities are advised to check junk or spam folders for OCR emails. If you are selected, you will have 10 days to respond and submit the requested information.

Preparing for a HIPAA audit is crucial, and there are many things you can do to ensure compliance with HIPAA, as well as numerous consultants and organizations to help you achieve that.

 The most important thing is to conduct a thorough risk analysis, bridge any gaps, and ensure you stay compliant.

As part of the analysis, consider all the ways that PHI is sent electronically and make sure it is protected.  One of the best ways to ensure this is through encryption of email, but also think of other ways protected health information (PHI) is being transmitted.

If you have mobile applications that are sending PHI, systems generated or automated notifications to patients, business associates, insurers, etc. that contain PHI, or if you send large files containing PHI electronically – take steps to make sure they are secured and protected.

Remember, encrypting email and other data transmitted across the Internet is a must if you want to be compliant, so make sure you are implementing a mechanism to encrypt electronic PHI whenever appropriate.

Now, is your practice compliant, and your technology fully reliable, protected and up to standards?

Compass Network Group can help your practice achieve compliance and work with you and your staff to maintain industry regulations and standards.

 If you were wondering how to prepare your company for a HIPAA audit, we hope this article has helped. And, you can rest assured Compass Network Group is here to offer the most efficient solution to you.

If you are interested in more information on protecting your organization against HIPAA violations, audits and fines, and seek solutions for preparing for a HIPAA audit, contact Compass Network Group today.