HHS has announced that the Office for Civil Rights will be increasing the number of HIPAA privacy and security rule compliance audits that it conducts annually as part of the HITECH Act and the Affordable Care Act mandates. It is now increasingly important to know how to prepare to pass an audit without incurring sanctions and to know what to do if you’re audited. The following steps will help you maintain HIPAA compliance and assist in making any future HIPAA audits a routine and non-threatening exercise.
- Have Written Policies and Procedures. You should have a written policy and procedures manual for how you handle Protected Health Information (PHI) within your organization.
- Conduct Regular Training. Once you have your policies and procedures in place, it is important to train your staff as to the steps that must be taken to protect PHI within your organization. Good policies and procedures are of little value if your staff is not familiar with those policies and procedures and if they are not trained to carry them out.
- Prepare a Risk Analysis. HIPAA mandates that organizations have a risk analysis and risk management strategy. Be sure that you have looked at HIPAA breach risks that are specific to your organization and that you have documented how you will manage those risks.
- Maintain Good Documentation. You want to maintain records of all training that has been conducted with your staff on HIPAA compliance, detailing the dates of training, the subject matter and the attendees. If there have been any breaches of PHI you will need documentation relating to the breach and the steps taken to notify and address the breach.
While receiving notice of an impending HIPAA audit may cause some initial concern, taking proper steps to develop and carry out HIPAA compliance before an audit occurs will make the actual audit itself a relatively simple exercise. In order to ensure HIPAA compliance you should consult with an attorney who is familiar with this area of law.