What are the chances of being audited by HIPAA?
In 2017 the chances are slim according to the Office of Civil Rights (OCR). The audits that are taking place at present are small in number, and are being used to determine common deficiencies in physician’s practices. Rest assured, this will only serve to identify where the common weak links are in order to better determine where to invest efforts in the future. These limited audits are being used to identify risks and vulnerabilities that the government is not aware of nor likely to learn about from the complaints being filed.
You have ten days to respond to a HIPAA desk audit
The desk audit is the most common tool being used today. Letters are sent to selected practices, and a response is mandatory. HIPAA-covered entities have 10 days to respond to the desk audit. OCR is looking for policies and procedures that address privacy rule controls, breach notification rule controls and security rule controls. Prime topics that are being targeted are records of privacy and security training, as well as business associate agreements that should be in place.
If you do not have a HIPAA compliance program in place, now is a perfect time to start. If it has been some time since you have updated your HIPAA compliance program or if you want to ensure that your current program is complete, a HIPAA Desk Review from KMC University would be a valuable proactive step to take. Click here for more information.