The Department of Health and Human Services is continuing to develop its HIPAA audit program. After conducting trial audits and a second round of audits in 2016, including those of HIPAA business associates, HHS has indicated that the HIPAA audit program will become permanent.
Meanwhile, HHS continues to pump out fines for HIPAA violations with the latest coming down on Memorial Hermann Health System, which in May 2017 agreed to pay $2.4 million and adopt a comprehensive corrective action plan to settle alleged violations of HIPAA relating to unauthorized disclosure of PHI, according to HHS.
HHS is now auditing HIPAA covered entities and business associates even if there have been no complaints or problems reported. Is your organization ready?
What Did HHS’s 2016 Compliance Audit Program Teach Us?
It’s time now for compliance managers, HIPAA and privacy officers and CIOs, as well as medical office managers and healthcare lawyers, to focus on lessons learned from the latest round of audits while HHS is designing the final program. All covered entities may be subject to an audit, and they need to know what kinds of questions they’ll be asked, what information they’ll need to provide, and how to prevent issues that could lead to violations and fines.
Some of the most important things to keep in mind this year include:
- What are the top risk issues that lead to breaches of health information and how might those issues be targets for auditors in 2017?
- What are the contents of the HIPAA audit protocol used in 2016, and what are some methods for using it to build your own compliance plan?
- What documentation needs to be on hand if your organization is selected for an audit in 2017?
- Enforcement regulations and recent changes that increase fines and create new penalty levels
- Documentation requirements and framework of security policies necessary for compliance
- Results of prior HHS audits (and their penalties), including recent actions involving multimillion-dollar fines and settlements
- How to prepare for an audit and respond to an audit request
- Upcoming trends in information security risks
How to Prepare for an Audit in 2017
ProfEdOnDemand recently hosted a live audio conference, “Preparing for HIPAA Audits — Having Documentation Ready to Go and Avoiding Issues,” by compliance consultant Jim Sheldon-Dean, who discussed the HIPAA audit program and how it works, the areas that caused the most issues in the 2012 audits, and the areas that were targeted in the 2016 audits.
Exploring the kind of issues that were most prevalent and the kind of entities that had the most problems, Jim addressed where HIPAA compliance folks need to focus their efforts most today. From the typical risk issues that lead to breaches of health information to the updated HIPAA audit protocol and other questionnaires that can help prepare an organization for a future review, Jim presented the best methods for using the contents of the HIPAA audit protocol to build your own compliance plan and compliance management tool.
To learn more about how to keep your organization out of HIPAA hot water in 2017, visit the event page and order a transcript, DVD or instant download of Jim’s event, or check ProfEdOnDemand’s other offerings in HIPAA compliance.