How to Prepare for a HIPAA Audit

Comments · 25 Views

HIPAA audits have become a critical aspect of ensuring that covered entities and business associates comply with the standards of the Health Insurance Portability and Accountability Act (HIPAA).

 

Phase 2 of these audits has recently resumed, with a particular focus on healthcare providers, hospitals, and associated businesses such as IT firms, lawyers, and billing companies.

What Is a HIPAA Audit?

A HIPAA audit is an assessment process conducted to verify if a healthcare provider, health plan, or their business associates comply with the required privacy and security standards. These audits are conducted by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In recent audits, a company known as FCI Federal was awarded a million-dollar contract to conduct these reviews.

What Is Being Audited?

During a HIPAA audit, organizations must submit their HIPAA compliance plans. The audits may be desk audits, where organizations have 10-14 days to submit their documentation. Auditors focus on both current and historical compliance efforts, meaning that even if an organization has only recently implemented HIPAA compliance, they could still be held accountable for past deficiencies.

Key Areas of Review

  1. Compliance Plan: Ensure that your organization has a robust HIPAA compliance plan in place that outlines how PHI (Protected Health Information) is handled.

  2. Historical Compliance: Organizations must provide evidence that they have consistently updated their policies and procedures to comply with HIPAA standards over time. This includes documentation of any policy updates and actions taken to rectify past compliance gaps.

Penalties for Non-Compliance

HIPAA audits can result in significant penalties for non-compliance. Even if an organization is found to be compliant today, they may face fines for any previous deficiencies. These penalties can be financially debilitating, highlighting the importance of maintaining a thorough and consistent compliance plan.

Conclusion

Preparing for a HIPAA audit requires a detailed understanding of both current and historical compliance obligations. Entities subject to HIPAA audits must ensure their policies are up to date, have proper documentation, and maintain a history of compliance to avoid penalties. As the Phase 2 audits continue, it is crucial for all healthcare-related businesses to be proactive in their compliance efforts.

 
Comments