Prepare for a HIPAA audit
HIM-HIPAA Insider, September 27, 2011
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
How can organizations begin to prepare for a possible HIPAA audit? Recognize that it's all about protecting patients' PHI, advises Susan McAndrew, JD, deputy director of health information privacy at the Office for Civil Rights (OCR).
"The goal of this audit program, and OCR's investigations and compliance reviews, is to improve compliance with the HIPAA Privacy Rule and Security Rule requirements to better protect and secure the information covered entities hold on behalf of individuals," McAndrew says.
McAndrew recommends the following steps to prepare for an OCR audit:
- Review policies and procedures to ensure they are up to date and comprehensive.
- Review your files and documentation to ensure that appropriate patient information safeguards exist.
- Assess your organization's general management style to determine its effectiveness, specifically with respect to safeguarding information.
- With respect to the Security Rule, review your risk analysis process, risk management plan, incident response plan, emergency backup plan (if any), and breach response plan.
- Conduct regular internal audits. Many organizations have incorporated this approach, which includes a systemic review of operations from a HIPAA perspective, in their compliance programs, McAndrew says. "Self-evaluation should be standard practice," she adds.
- Build and maintain a culture of compliance within your organization. This includes a regular review of policies and procedures to ensure full compliance with HIPAA. OCR strongly recommends this measure for both CEs and BAs.
- Provide regular training sessions for staff members.
- Create an action plan for prompt response to incidents.
"The audit program is a tool for uncovering compliance issues faced by covered entities and best practices for implementation of effective health information privacy and security programs," says McAndrew.
Editor’s note: For more advice, access the article in its entirety in the September issue of Briefings on HIPAA.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
-
The HIPAA Omnibus Rule
Understand the HIPAA Omnibus Rule and what you must do to ensure compliance
-
Patient Privacy Under HIPAA: Keep it to yourself, Third Edition
Provide fundamental HIPAA privacy and security training for new and seasoned staff.
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
Most Popular
- Articles
-
- Note from Hugh
- CMS seeks comment on quality measures
- Note from the instructor: OIG report on usage of financial liability "G" modifiers
- Recent Recovery Auditor activity
- CMS releases new QAPI resources
- HIPAA Q&A: Receiving faxed HEDIS requests
- Remind your workforce members to ’zip their lips’ when it comes to patient privacy
- The week in Medicare updates
- Documentation of medical necessity drives successful RA appeals
- CMS says it's not too late to avoid payment adjustments
- E-mailed
-
- Note from the instructor: OIG report on usage of financial liability "G" modifiers
- Q/A: How do we report therapy G codes and modifiers for multiple therapies?
- HIPAA Q&A: Receiving faxed HEDIS requests
- CMS says it's not too late to avoid payment adjustments
- FDA makes new proposal related to C. diff and other threatening pathogens
- Demand a code for demand myocardial infarction
- Eyes see more ICD-10-CM codes because of laterality
- News: Study shows increase in observation services
- Product of the week: Optimizing PEPPER in the Audit Environment
- Dangers of reporting costs improperly
- Searched