OCR HIPAA Audit Resources For Healthcare Providers
HIPAA Audit Resources for OCR Audit of Health Care Providers
HIPAA Information For Covered Entities
Office of Civil Rights (OCR) HIPAA Notification Page
Patient Safety Confidentiality (PSQIA)
Sample Business Associates Contract
Things To Do Before a HIPAA Audit is announced
Before you even have notice that you may be the subject of a HIPAA audits, you should be certain that your HIPAA “ducks” are in a row. Taking last minute action when an audit is announced will not be nearly as effective as demonstrating that you have had a long term committment to HIPAA compliance. Here are a few things that you should do now, before you are the subject of an audit. This list is not meant to me all inclusive.
- Review all policies and procedures that are required in order to comply with HIPAA. Consider an external review by an independent party.
- Document a plan of correction if deficiencies are identified and document the correction process.
- Designate departmental individuals who are responsible for HIPAA issues and prepare them to address the process of implementation in their area of responsibility.
- Conduct a thourough risk analysis in accordance with OCR risk assessment guidance (referenced below).
- Assure that your compliance training program is up to date and that employees have signed off on receiving required training. Corret any discovered deficiencies in training.
- Audit every outside vendor and contracting party and make certain that there is an appropriate Business Associates Agreement in place.
Major Issues Arising In First Round of HIPAA Audits
- Patient record request review process, specifically denial process;
- Providers failing to provide patients with access to their records;
- Insufficient or non-existant policies and procedures;
- Inproper use of information relating to decedents;
- Disclosure of intformation to personal representatives;
- Risk Assessment process; and
- Difficulties with Business Associate Agreements.
HIPAA’s Security Rule requires that covered entities periodically conduct a risk analysis. The OCR has issued guidance on conducting such an analysis. In the event of an audit, the results of your audit are likely to be requested. A review of your HIPAA policies should be conducted on an annual basis. Any deficiencies should be identified and addressed in a corrective action plan. Carefully document your review and the process you use to correct any identified deficiencies. OCR Audist Guidelines
Random Posts
Loading…

Tags: HIPAA, HIPAA Audit, OCR Audit, Office of Civil Rights