Tags: Health Lawyer

HIPAA Audits: What to do if you're selected

HHS has announced that the Office for Civil Rights will be increasing the number of HIPAA privacy and security rule compliance audits that it conducts annually as part of the HITECH Act and the Affordable Care Act mandates.  It is now increasingly important to know how to prepare to pass an audit without incurring sanctions and to know what to do if you’re audited.  The following steps will help you maintain HIPAA compliance and assist in making any future HIPAA audits a routine and non-threatening exercise. 

  1. Have Written Policies and Procedures.  You should have a written policy and procedures manual for how you handle Protected Health Information (PHI) within your organization. 
  2. Conduct Regular Training.  Once you have your policies and procedures in place, it is important to train your staff as to the steps that must be taken to protect PHI within your organization.  Good policies and procedures are of little value if your staff is not familiar with those policies and procedures and if they are not trained to carry them out.
  3. Prepare a Risk Analysis.  HIPAA mandates that organizations have a risk analysis and risk management strategy.  Be sure that you have looked at HIPAA breach risks that are specific to your organization and that you have documented how you will manage those risks.
  4. Maintain Good Documentation.  You want to maintain records of all training that has been conducted with your staff on HIPAA compliance, detailing the dates of training, the subject matter and the attendees.  If there have been any breaches of PHI you will need documentation relating to the breach and the steps taken to notify and address the breach.

While receiving notice of an impending HIPAA audit may cause some initial concern, taking proper steps to develop and carry out HIPAA compliance before an audit occurs will make the actual audit itself a relatively simple exercise.  In order to ensure HIPAA compliance you should consult with an attorney who is familiar with this area of law.

For more articles and topics like this, continue to follow the Health Lawyer on Your Side blog or click below to contact the Goosmann Law Firm with any questions or concerns.



Subscribe Our Blog

DISCLAIMER: The information in this blog post (“post”) is provided for general informational purposes only, and may not reflect the current law in your jurisdiction. By visiting this website, blog, or post you understand that there is no attorney client relationship between you and the Goosmann Law Firm attorneys and website publisher. No information contained in this post should be construed as legal advice from Goosmann Law Firm, PLC, or the individual author, nor is it intended to be a substitute for legal counsel on any subject matter. No reader of this post should act or refrain from acting on the basis of any information included in, or accessible through, this Post without seeking the appropriate legal or other professional advice on the particular facts and circumstances at issue from a lawyer licensed in the recipient’s state, country or other appropriate licensing jurisdiction.