Most providers aren’t ready for HIPAA audits

December 7, 2011 by
Filed under: Compliance, In This Week's E-Newsletter 

The federal government has begun auditing healthcare organizations to find HIPAA violations – however, a new survey shows most providers aren’t ready.

As part of HITECH Act, the Office for Civil Rights (OCR), the government agency responsible for enforcing HIPAA, was charged with conducting random audits beginning in the fall of this year and lasting until next December.

However, just 17% of healthcare organizations say they’re fully prepared for a HIPAA audit, according to a recent survey from healthcare research firm HCPro.

In better news, 70% of respondents said their organizations are “somewhat” prepared.

With the audits already underway, what should that majority of providers do to make sure they’re ready?

According to the OCR, audits will typically last 30 days, during which auditors will interview key personnel and observe processes and operations.

To get ready for an audit, the OCR recommends healthcare organizations:

  1. make sure risk assessments are up to date
  2. ensure that senior management understands and supports the organization’s risk mitigation strategies
  3. make sure compliance training for staff is up to date
  4. review internal privacy policies and the disciplinary measures that are taken when they’re violated
  5. review or develop an incident response plan, and
  6. conduct an internal audit.

Related posts:

  1. Survey: ICD-10 delay won’t help providers get ready
  2. HHS publishes new HIPAA rules
  3. Nearly 80% of payers aren’t ready for ICD-10
  4. Nearly 80% of payers aren’t ready for ICD-10
  5. First HIPAA fine for breach of less than 500 records announced

Tags: , , ,

Comments





Below are a few free resources you may find useful.