What to expect in a HIPAA Audit?

Posted September 10, 2013 by John_smiths

Organize all relevant documentation into a logical order. You don’t want to be searching for documents in different offices under the watchful eye of an auditor.

Feature News

Super Locksmith Tampa Bay

ElastiSense Sensor Technology Revolutionizes Heavy Vehicle Safety with Cutting-Edge Displacement Sensing Technology

Haute Vue launches new Blog of things to do on the French Riviera

What Is the Average Cost of Pool Heater Repair Services in Markham

Need help with your leaking pool heater? Vaughan Pool Heater Repair

Don't Miss Out: Brand Battles Pre-Launch - The Future of Gaming and Advertising!

Transforming the Landscape: The Impact & Future of AI on the Construction Industry

Organization- Organize all relevant documentation into a logical order. You don’t want to be searching for documents in different offices under the watchful eye of an auditor. Make several copies for the auditors and an extra one so anyone asked to explain a document will have a copy to reference. A table of contents also makes it easier for everyone to find each document, which is often difficult under stressful circumstances.

Senior Management Involvement- Make sure to include senior management in the process as often as possible. The auditors will want to interview the CIO, Medical or Clinical Director, Chief Counsel and Medical Records Director among others. Make sure they are prepared for the interview and are aware when it is occurring well ahead of time.

Breach Notification- During the interviews several employees will likely be asked to explain the breach notification rule and demonstrate how it is applied in that particular organization.

Internal Sanctions- Be able to explain and discuss your sanctions policy for internal privacy infractions and failure to adhere to policies and procedures. Display forms used for documenting violations, corrective action, outcome of corrections and sanctions issued. Provide copies of past examples where sanctions were issued in accordance with the policy in your policy and procedure manual.

Meaningful Use Criteria

If you are one of the covered entities that received Meaningful Use incentive money, you may be audited to determine your compliance with these criteria. There are 20 meaningful use core measures related to the security of ePHI and you must demonstrate compliance with at least 15 to obtain and keep the incentive funds.

Meaningful use core measure 15 is often the measure most focused on, as it is the one most often misunderstood. In essence, this core measure requires you to perform a risk assessment and immediately begin remediation of any risks discovered. You don’t have to complete the correction prior to the audit, but you have to prove you are in the process.

Covered entities seem to have the greatest difficulty keeping up with ongoing documentation. Discovering existing risks to ePHI and having begun or even completed remediation will not earn you a check mark on the auditors rating form. You must also have complete documentation describing how the risk assessment was performed, including the metrics and methods utilized, the specific software program or system utilized and proof that your software is the most recent version available. Additionally, you are responsible for updating organization policies and procedures to reflect the risks discovered and remediation necessary to correct them. Finally, make certain you have a company-wide method of circulating these updates in a secure manner.

While only 10 percent of covered entities who have received incentive money will be audited for meaningful use compliance, if you are one of them and are found to be non-compliant, you will be required to return all of the money you received. If you are found non-compliant with the meaningful use criteria and judged to be exercising willful neglect, you could also be charged with fraud.

The good news is, if you have followed the guidelines provided above, in particular those regarding risk analysis documentation, you should have meaningful use core measure 15 covered.

Overall, the greater number of vulnerabilities, threats, and risks you have identified and remediated, the more diligent the organization will appear in terms of maintaining HIPAA compliance. Additionally, remember that over-documenting is better than under-documenting when it comes to audits. Even if the auditors identify minor infractions during the review, if you are able to discuss a plausible remediation plan with the auditors and implement it by the deadline you will not likely be cited and both the organization and HIPAA auditors will be satisfied with the results.
Business Address:
The Compliancy Group LLC.
55 Broadway Unit 684
Greenlawn, NY 11740
Contact No: 855 854 4722
Fax: 631 731 1643
E-Mail:[email protected]
Web: www.compliancy-group.com
###

-- END ---

DisclaimerReport Abuse

Contact Email	[email protected]
Issued By	hipaa compliance software
Website	compliance hipaa
Phone	855 854 4722
Business Address	55 Broadway Unit 684 Greenlawn, NY 11740
Country	United States
Categories	Computers
Tags	compliance hipaa , hipaa compliance software
Last Updated	September 10, 2013

D-List Realeases its New Single and Music Video

Leave your home with good Carpenters Norwich

“Bless the Bees” Number One on Amazon Kindle Store for Conservation and Environment

Tips to Buy and Wear a Salwar Kameez Properly

Sell Your Music on Most Secure Social Networking Site - Goodiies

SpeechTrans Releases Video Chat Translation in their iPhone App, SpeechTrans Ultimate

Pro Movers, A Miami Moving Company, Specializes In Local And Long-Distance Moving Services

10K Fundraising Launched to Kick Start Production of Web Series Men Dilemmas

Wexford University includes Continuing Education Courses in Advanced Anatomy and Physiology

Viking Range Announces New Promotional Event Through 2013