Surviving a HIPAA Audit
Failing a HIPAA (Health Insurance Portability and Accountability Act) audit has never been something a company wants to face. The Office for Civil Rights (OCR) recently spoke on how seriously any organization concerned with HIPAA compliance should be.
1,200 HIPAA audit letters were sent out last year, many of them to small practices and organizations, which tend to be more lax in their compliance. Organizations receiving HIPAA audit letters have up to two weeks to reply with the requested documentation. If you receive one of these and have worked hard to maintain your compliance, you'll probably be fine. It's not, however, nearly enough time if you've been negligent in your HIPAA compliance obligations.
Many of the audits focused on areas that were common weaknesses in audit tests in previous years. In particular, many organizations did not address unencrypted data and had no security risk analysis. They also lacked good policies and procedures.
One common weaknesses in years past has involved business associates being unaware about their own HIPAA obligations. New electronic record requirements aren't being followed yet either. Encryption is a huge deal and is mentioned several dozen times. These are areas of focus for HIPAA audits and are ones any practice should make sure they've got a good handle on.
The OCR has been securing contractors and lawyers in this effort. They mean business.
If you're a practice or organization that needs to adhere to HIPAA compliance, especially if you're not a large one, it is imperative that you are ready to answer a HIPAA audit. Petronella Technology Group is an expert in helping with HIPAA compliance. If you haven't given more than a cursory glance at your HIPAA compliance in the last few months, you need to call us today at 919-355-5545 or contact us here to start the process of making sure your organization will survive a HIPAA audit.