The government has assured covered entities and business associates alike that despite the delay, Phase 2 HIPAA audits are coming in 2015.
OCR initially conducted pilot audits, which were comprehensive onsite audits.
Now, OCR is moving into Phase 2 Audits. These audits will be conducted by OCR internal staff, as opposed to the outside contractors.
Your practice might be contacted by the OCR, regarding a pre-audit survey. These surveys will likely be used to group covered entities into “levels” for the selection process.
What’s the big deal?
The OCR is getting even more serious this time.
If your practice is selected for a HIPAA audit, expect to turn over a list of all of your business associates.
And be warned, OCR has stated that entities will have only two weeks to respond to data requests.
OCR has also stated that all information must be current as of the date of the request.
Don’t panic, just get prepared.
We help our clients have tools in place so that if they are contacted, they will be able to turn over records quickly and efficiently.
One key part is being able to show OCR how you have implemented your HIPAA risk assessment policies and procedures. Simply having policies and procedures is not enough to avoid fines and penalties.
How can my practice avoid fines and penalties?
The best way is to get your practice prepared now. You can start by:
- Reviewing your practice’s HIPAA compliance;
- Conducting a thorough HIPAA Risk Assessment;
- Sorting through all vendors, and identifying those that are HIPAA business associates;
- Updating your inventory, policies and procedures, business associate agreements, and notices of privacy practices; and
- Implementing your policies and procedures.
Business associates can also expect to be audited by OCR in 2015.
All practices are at risk of an OCR HIPAA audit, make sure your practice is ready.
In our next blog post, we will keep you informed of related issues. To get this important information delivered directly to your mail box, click here to Subscribe
Do you need help preparing for a possible OCR audit, and getting compliant with HIPAA regulations? We can help. To contact us about your HIPAA compliance, preparing for an OCR audit, or your other legal needs: CLICK HERE.
P.S. If you or your patients are interested in consumer healthcare issues, check out myhealthspin.com.