Ever since the Department of Health and Human Services’ Office for Civil Rights announced the HIPAA Compliance Audit program last year, companies in the healthcare area have been reviewing their HIPAA privacy rules and making improvements.
At least that’s the hope.
Because the Compliance Audit Program is now underway with hundreds of organizations in the United States scheduled for audits this year.
The whole idea, of course, is to improve compliance to the Health Insurance Portability and Accountability Act’s privacy and security rules. HIPAA compliance requires that appropriate safeguards, including physical safeguards, are in place to protect patients’ health information.
While auditors will look closely at how compliance requirements are being met, they will also identify areas where companies can make improvements. At the same time, when the risk of medical identify theft is high and security policies are not being strictly adhered to you may be at risk to fines and penalties.
What can you do to prepare, whether you’re scheduled for an audit or not?
- Review the lifecycle of all health information created in your organization and document where the information is created, how it’s maintained, and how it’s disposed of.
- Develop a compliance checklist that is reviewed and updated regularly.
- Be sure policies and procedures are documented and are an integral part of new – and on-going – employee training.
- For document destruction, introduce a shred-all policy to ensure all sensitive documents are securely disposed of and permanently destroyed.