Physical Site Audit

Many providers and other covered entities are under the mistaken impression that much of these audits will be accomplished through documentation of how the organization is minimizing technical, administrative and physical risks. Those who have received incentive funds may expect to be required to provide documentation detailing how meaningful measures are being implemented, especially meaningful use core measure 15 which is concerned with security risk assessment intended to safeguard ePHI.

Many specialists such as IT techs among others who are specifically responsible for maintaining day to day operations that are necessary to ensure HIPAA compliance, may also presume that the regular reports created from a compilation of data are sufficient for HIPAA audits. The assumption of many of these individuals who aren’t up to date on how compliance will be monitored is that documentation will be provided for the Office of Civil Rights (OCR) to review with site visits occurring only if serious and/or numerous risks are identified

In reality, similar to an IRS audit, HIPAA audits are conducted on site and in person. You and all those who work for the organization will be asked to account for various aspects of HIPAA compliance through demonstrations and explanations of how risk is managed. Auditors will assess your level of compliance through regular site visits and interview key personnel to assess an organization’s compliance with HIPAA / HITECH policies and procedures. They will also assess operations and processes required under the Omnibus final rule by having appropriate personnel demonstrate various components of the HIPAA compliance system.

Once the auditors have completed the visit, the organization will be provided with a report detailing the various assessment areas and whether you are compliant with each specific regulation required under the HIPAA Privacy and Security Rules. You will have a chance to raise concerns about the auditors findings and present corrective remediation plans to reduce any risks identified in the report to a reasonable level.

There are several actions you can take In order to make sure you are ready for a site visit conducted by HIPAA auditors.

Review Privacy and Security Rules- Make sure that everyone in the organization is aware of what is required, and specifically that key personnel responsible for monitoring and maintaining certain regulations are fully educated as to these functions, are performing them appropriately and can discuss their responsibilities and explain what role these play in overall HIPAA compliance.

Consult the OCR Website- The OCR keeps their HIPAA compliance site up to date. Here you can find the most recent reports, guidelines, recommendations and areas that will be focused on during an audit. The site provides specific examples of real HIPAA breaches and identified risks discovered during site visits to various organizations along with the ways they were remedied.

Be Proactive- Make sure to apply and incorporate what you have learned from detailed reviews of the HIPAA rules and the OCR website into your current policies and procedures.

Develop Policies that are Lacking- If you learn of any HIPAA requirements for which you don’t have a corresponding policy, make sure to develop one and implement appropriate standards for applying, monitoring and maintaining it as soon as possible.

The bottom line is the more risks you can identify and address prior to a site visit, the easier the process will be on you and the OCR compliance auditors. These efforts will also help you avoid a formal HIPAA review which will be implemented when covered entities are found to have numerous risks with a high probability of resulting in a unauthorized disclosure of ePHI or other breaches. This, in turn, can result in large fines and/or the loss of incentive funds. For more information please click here

Author’s Bio:

This Article is written by John Smith about the HIPAA audits will begin to ensure covered entities and business associates are following HIPAA regulations.

Now that September has arrived and the omnibus final rule will be fully implemented, HIPAA audits will begin to ensure covered entities and business associates are following HIPAA regulations. In addition, if risks are identified that are considered to be above what the auditors view as reasonable, you could be fined if an acceptable remediation plan is not quickly developed, put in place and demonstrated. If, at this point, you work in health care and find yourself asking, "What is HIPAA?" consider yourself in trouble.

Many providers and other covered entities are under the mistaken impression that much of these audits will be accomplished through documentation of how the organization is minimizing technical, administrative and physical risks. Those who have received incentive funds may expect to be required to provide documentation detailing how meaningful measures are being implemented, especially meaningful use core measure 15 which is concerned with security risk assessment intended to safeguard ePHI.

Many specialists such as IT techs among others who are specifically responsible for maintaining day to day operations that are necessary to ensure HIPAA compliance, may also presume that the regular reports created from a compilation of data are sufficient for HIPAA audits. The assumption of many of these individuals who aren’t up to date on how compliance will be monitored is that documentation will be provided for the Office of Civil Rights (OCR) to review with site visits occurring only if serious and/or numerous risks are identified

In reality, similar to an IRS audit, HIPAA audits are conducted on site and in person. You and all those who work for the organization will be asked to account for various aspects of HIPAA compliance through demonstrations and explanations of how risk is managed. Auditors will assess your level of compliance through regular site visits and interview key personnel to assess an organization’s compliance with HIPAA / HITECH policies and procedures. They will also assess operations and processes required under the Omnibus final rule by having appropriate personnel demonstrate various components of the HIPAA compliance system.

Once the auditors have completed the visit, the organization will be provided with a report detailing the various assessment areas and whether you are compliant with each specific regulation required under the HIPAA Privacy and Security Rules. You will have a chance to raise concerns about the auditors findings and present corrective remediation plans to reduce any risks identified in the report to a reasonable level.

There are several actions you can take In order to make sure you are ready for a site visit conducted by HIPAA auditors.

Review Privacy and Security Rules- Make sure that everyone in the organization is aware of what is required, and specifically that key personnel responsible for monitoring and maintaining certain regulations are fully educated as to these functions, are performing them appropriately and can discuss their responsibilities and explain what role these play in overall HIPAA compliance.

Consult the OCR Website- The OCR keeps their HIPAA compliance site up to date. Here you can find the most recent reports, guidelines, recommendations and areas that will be focused on during an audit. The site provides specific examples of real HIPAA breaches and identified risks discovered during site visits to various organizations along with the ways they were remedied.

Be Proactive- Make sure to apply and incorporate what you have learned from detailed reviews of the HIPAA rules and the OCR website into your current policies and procedures.

Develop Policies that are Lacking- If you learn of any HIPAA requirements for which you don’t have a corresponding policy, make sure to develop one and implement appropriate standards for applying, monitoring and maintaining it as soon as possible.

The bottom line is the more risks you can identify and address prior to a site visit, the easier the process will be on you and the OCR compliance auditors. These efforts will also help you avoid a formal HIPAA review which will be implemented when covered entities are found to have numerous risks with a high probability of resulting in a unauthorized disclosure of ePHI or other breaches. This, in turn, can result in large fines and/or the loss of incentive funds. For more information please click here

Author’s Bio:

This Article is written by John Smith about the HIPAA audits will begin to ensure covered entities and business associates are following HIPAA regulations.

Related Articles - hipaa audits, compliance hipaa, hipaa compliance software,

Email this Article to a Friend! Receive Articles like this one direct to your email box! Subscribe for free today!