6 steps to surviving a HIPAA audit
The HHS Office for Civil Rights this year will conduct audits of HIPAA covered entities and business associates to assess organizations’ compliance with the privacy, security and breach notification rules. This includes about 200 desk audits and 24 more comprehensive on-site visits, according to Hayes Management Consulting. But there are ways providers can properly prepare, according to Hayes Management.
Prepare and practice
Before OCR knocks at the door, conduct a round of HIPAA compliance audits and risk assessments internally. Review findings, identify vulnerabilities and risks and deploy corrective action protocols promptly. Two-thirds of those audited in the Phase 1 program had not correctly completed a HIPAA risk assessment, Hayes Management says. To impress OCR, show proof of conducting such assessments on a regular schedule.