HIPAA audits are coming, and a lot of unprepared providers are going to be caught with their pants down.
The audit mandate, an extension of the HITECH Act, means that any provider subject to HIPAA standards is also subject to a potential audit of their privacy, security, and breach notification statuses. If you’re interested in viewing the audit protocol, it’s available here, but we’ve put together this article to help inform and prepare you around a some essential audit points:
- What your HIPAA program should look like today
- What’s coming down the HIPAA pipeline in 2016
- OIG’s take on the current HIPAA environment
- Advice on how to prepare for Phase 2 HIPAA Audits
Why Audits Matter
Of course, all responsible providers are looking to stay on top of HIPAA requirements to avoid trouble when going through an audit, but as threats to patient information grow, government compliance will likely be the least of your worries.
A recent study that tracks and measures observable software security practices across 12 core areas recently included healthcare in its industry list. Healthcare came out on bottom, falling short on all 12 core areas measured. This might not be quite as alarming if the industry weren’t struggling with a multi-billion dollar threat that’s so serious, millions are impacted by just one breach and even Congress is considering getting involved.
On top of that, patients are beginning to understand exactly how big a deal their own informational security is. The Ponemon Institute released its fifth annual study on medical identity theft earlier this year (with the support of Kaiser Permanente and The Medical Identity Fraud Alliance, and its findings reveal a patient population that is willing to make major healthcare decisions based on security risk.
Click here to read the full article.
November 23, 2015 By Megan Williams, referralMD