Health Information Management

Look to the past for a hint of what's ahead with HIPAA audits

HIM-HIPAA Insider, November 8, 2011

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

With potential audits looming, smart healthcare organizations should waste no time ensuring HIPAA compliance, says Bob Chaput, CEO of Clearwater Compliance, a HIPAA-HITECH consulting company based in Nashville. Organizations can learn some lessons from past government audit efforts, he says. 

  • HIPAA compliance is a leadership issue. “This is not a mid-level management issue. This is a C-suite or executive-level issue,” he says. While healthcare organizations are still waiting for the Office for Civil Rights (OCR) to release many of the details of the audit process, covered entities (CE) that undergo reviews may face the risk of fines and public disclosure of any HIPAA violations, Chaput says. Given what’s at stake, the executive suite needs to get behind compliance efforts, he says.
  • Documentation of your compliance efforts is essential. Organizations need up-to-date policies, procedures, documented assessments, and practices as evidence of their good-faith efforts to comply with HIPAA, Chaput says. Documentation is critical. For instance, OCR cited the absence of records related to security awareness and workforce training in its case against the University of California at Los Angeles Health System, he notes. In July, OCR fined the health system $865,500 and required it to enter into a corrective action plan to resolve complaints that workforce members snooped into celebrity patients’ medical records.
  • Remember, the audit is not a “free” risk analysis. “This should not be regarded as your tax dollars coming home to help you identify problems,” Chaput says. Instead, take stock now of your compliance problems and begin to address them, he says. The HIPAA Security Rule requires organizations to conduct a risk analysis. “People should have done this a long time ago,” he says.
Editor’s note: For additional tips, access the article in its entirety in the November issue of Briefings on HIPAA.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular