MTS Transcription Services
1-800-670-2809
How to Prepare for the Next Round of HIPAA Audits Unlike the pilot audit program held in 2011-12, the US Department of Health and Human Services (USDHHS) is now getting back with a firmer and revised Health Insurance Portability and Accountability (HIPAA) Act audit program in 2014. Periodic audits are conducted to ensure that HIPAA covered healthcare entities and business associates such as medical transcription service providers, electronic health information exchanges and data transmission providers are complying with the HIPAA Privacy, Security Rules and Breach Notification standards. The HHS Office for Civil Rights (OCR) has published a notice in the Federal Register requesting comments on its plan to survey potential audit candidates and is accepting comments through April 25, 2014. As an initial step in the new round of audits, the OCR intends to survey a total of approximately 800 covered entities and 400 business associates to determine the group of entities that will be subject to the first round of audits under the permanent audit program.
MTS Transcription Services
1-800-670-2809
HIPAA Audit Process To facilitate the audit process, OCR has developed a set of instructions - the “Audit Protocol� that is designed to measure entities’ compliance efforts. The complete copy of the audit protocol is available at the official website of HHS. To prepare for an HIPAA Audit, it is important for entities to understand the audit process. OCR has also explained that an HIPAA Audit is not an investigation, instead, audits are intended to be random, and are designed to test and improve compliance across all provider types. The audit will commence with a letter from OCR and conclude with the issuance of a report from the contractor to OCR. If the audit indicates serious compliance issues, an assessment will be done whether to open a separate compliance review in such cases. For the last few years, OCR has demonstrated an increased willingness to levy heavy fines against entities for noncompliance and the practice may continue through the current audit program. Since the HHS Office for Civil Rights (OCR) can demand an audit on short notice, all entities need to be aware of the kind of information that they need to provide in order to avoid matters that could lead to severe penalties.
MTS Transcription Services
1-800-670-2809
Tips to Prepare For The 2014 Audits o
o
o
Create operating controls: Covered entities should work with business associates to create a business associate agreement and develop a list of security needs and requirements. The controls will depend on the services provided. For instance a healthcare provider relying on a medical transcription outsourcing company needs to ensure the company follows standard security measures to protect the patient data. Ensure persistent system availability: It's crucial that covered entities always have access to their business associates' data even in case of power failure. Transcription companies should make sure to have backup internet service and power as part of security requirements. Have documented controls in place: It is ideal that the covered entity puts together a list of ‘security requirements’ based on the type of service that is being provided by that service provider. Healthcare entities should also classify information as those that fall under HIPAA and those that do not.
Consider the above mentioned tips when preparing for an HIPAA audit.