Are you looking down the barrel of a HIPAA audit? It’s good to know that such an audit isn’t there to intimidate you, even though it might seem that way. The truth is that HIPAA is there for a purpose, and buttoning up violations can do a lot of good, not to mention saving you a lot of money in fines. Getting you through such an ordeal is the purpose of this article.
Whether it’s getting an approved HIPAA fax service or securing other proactive protection functions, there are many ways to ace an audit, Below are ten suggestions for doing just that, but don’t dawdle. You have only ten days to respond.
1. Set Up Policies and Procedures.
HIPAA requires that adequate policies and procedures be set up for PHI. Unfortunately, unless those policies are known to everyone, nobody will have standards to keep. Clear boundaries need to be set up and maintained.
2. Focus on PHI.
At the heart of all HIPAA regulations is PHI, regardless of the people or technology involved. Once PHI can be assured, passing an audit is almost a sure thing.
3. Conduct Risk Assessments.
Any entity covered by HIPAA should have a plan to determine the possibility of health data breaches. Further, these assessments should encompass what should be done in the event of an incident.
4. Have an Incident Response Plan.
At the root of all possible information, breaches are humans. Thus, all covered entities should have a plan in place to implement if and when an incident happens.
5. Know Your Users.
As if having a lot of technology available to share information isn’t bad enough, the number of users given access to PHI makes it even more likely that a breach will happen. When an agency knows who its users are, chances are better than PHI will encounter fewer problems.
6. Identify High-Risk Assets.
Even if an asset is non-technical, it should be considered a possible threat to PHI. In the case of technical assets, the risk is even higher. Knowing what those assets are and how to assess the threats they present will go a long way to protecting an agency.
7. Be Careful with Business Associate Agreements (BAAs).
Internal clients aren’t the only handlers of PHI. BAAs also present their risk potential that is best dealt with by using BAAs. Make sure external contacts are held accountable with an up to date BAA.
8. Keep Training Up to Date.
Insiders commit a whopping 58 percent of PHI breaches. Make sure all staff members know what the boundaries of HIPAA are and that they comply with them.
9. Keep logs up to date.
Whether it be training logs or practically any other, make sure your records are kept updated. Saying so doesn’t make it so. You need to be able to prove training and other requirements are kept.
10. Plan Ahead.
A huge part of passing a HIPAA audit is having plans in place for something to happen. Having those plans in place can go a long way to passing an audit.
HIPAA audits can be a hugely stressful time for your agency. Unfortunately, they usually happen during times when stress is already high. You can minimize the impact of a HIPAA audit by ensuring that these ten items are carefully implemented.