With the first round of HIPPA Audits behind us, the Office of Civil Rights (OCR) indicated back in March that it would finally launch the long-awaited round 2 of HIPAA audits in 2016.

The Purpose of Audits
Audits are done in order to further enforce regulations to ensure that practices are remaining fully compliant. HIPAA compliance is extremely important to enforce, due to the delicacy with which Protected Health Information (PHI) is needs to be handled. Therefore; the audits become a tool for maintaining privacy of such information, and ensuring that the right policies are put into place to continue to protect this sensitive data.

While it is clearly important to remain compliant so as to avoid penalties for failing to adhere to HIPAA regulations, it is equally as important to understand the value of keeping private health care information secure. With so many threats to patient information in this age of technology, it has become extremely difficult to safeguard against identity theft and other threats to PHI.

The Cost of a Data Breach
The Ponemon Institute released its fifth annual study on medical identity theft earlier this year which states, “The majority of medical identity theft victims will find themselves paying around $13,500 to resolve their identity theft-related issues (in payments to insurance companies, providers, and obtaining legal counsel and access to identity service providers.)” Not only is your sensitive and private health information at risk, but a data breach can also result in a host of financial issues as well.

For this reason, OCR isn’t the only one paying attention to how well you’re protecting PHI. Your patients are making decisions about where to go for health care based on your performance in these areas as well, so it’s in your best interest to work on improving your HIPAA compliance procedures on every level.

How to Prepare Your Practice for HIPAA Audits

  • Review Practice Documentation
  • Get Familiar with your Business Associates
  • Enforce HIPAA Compliance at all Times
  • Only Email PHI if Encrypted
  • Invest in Updated Computer Security
  • Share Only What is Requested

Click here to read the full article.

November 14, 2016 By Jim Johnson, HITECH Answers