Prepare for a Potential HIPAA Inspection
In November 2011, the Office for Civil Rights began conducting HIPAA compliance audits. With fines for non-compliance often topping $1 million, it's vital that your company is prepared:
Ensure all your HIPAA-related policies and procedures are updated and compliant. Also think about other documentation an auditor may request, so that you can prepare it now.
- If you haven't already, identify all vendors that handle protected health information and negotiate business associate agreements with each.
- Covered entities are required to periodically conduct a formal risk analysis. If you haven't done one in the past year, do one now and document the entire process in case of an audit.
- Covered entities are also required to formally evaluate their program to ensure HIPAA compliance and compliance with recent changes such as the HITECH Act. If you haven't done this type of evaluation, do so now, document the process, and make changes to your policies and procedures as necessary.
- Make sure your employees are properly trained on HIPAA-related requirements and practices.
- An auditor will ask which individuals in your company can speak to each aspect of HIPAA implementation. Identify these subject matter experts and ensure they are properly trained.
- Explain the importance of timeliness to whoever may receive the initial audit communications—deadlines are generally short.
- You may also consider consulting with an attorney to ensure your company is complying with all HIPAA provisions and not at risk of crippling fines for noncompliance.
If you need assistance with preparing for a compliance audit, we have many employee benefit tools available to help you. Please contact us at email@example.com to get started.
Kathy Mitchell is our resident HIPAA expert. She has extensive experience in training employers and personnel responsible for privacy and security compliance. Kathy will be presenting a breakout session on HIPAA at the upcoming 2012 Oklahoma Human Resources State Conference and Expo on April 26th in Tulsa, OK. For more info: http://www.okhrconference.com/session_detail.php?event_id=109