HIPAA’s HITECH amendment mandates the Department of Health and Human Services (HHS) to conduct audits of covered entities’ compliance with HIPAA Privacy and Security Rules (Previously Reported in BAS News May 24, 2012).
Consider these 5 suggestions to help prepare for a potential HHS audit.
1. Privacy and Security Officials: Shore up your HIPAA Compliance Team. Make sure that Privacy and Security Officials are identified in your policies and procedures and that they understand what is expected of the role.
2. Risk Assessments: Conduct regular Risk Assessments to determine where your Policies and Procedures could be enhanced. This was one of HHS’s compliance failure findings in a recent corrective action settlement.
3. Policy and Procedure Review: Conduct regular reviews of every HIPAA Privacy and Security Policy and Procedure to ensure compliance with the latest regulations and to incorporate changes in your policies, based on your Risk Assessment. Make sure that the documents reflect the actual processes being followed by your staff. Document any processes that have been implemented but are not written down.
4. Training: Conduct regular training for your staff or engage BAS to provide HIPAA training for you (Contact your account manager or PR@basusa.com for more information). Be sure to keep a record of who attended the meetings and a copy of the material presented.
5. Self Audit: Hold yourself accountable to your own standards. Can you demonstrate compliance with your policies, with training records and minutes from risk analysis meetings, etc.? It is important to be able to show the work your organization has done to maintain or enhance HIPAA compliance.
Regular attention to your HIPAA Privacy and Security processes can keep your compliance on track and reduce audit anxiety. Contact PR@basusa.com if you would like more information about how BAS can help.