The Office for Civil Rights (OCR) recently announced its intention to begin its second round of HIPAA audits. Slated to begin in 2016, the initiative will include both on-site and desk audits and will focus on areas of poor compliance found in initial audits. Audits will cover hospitals, healthcare providers, health plans and businesses. This round of compliance audits will include 200-300 limited scope desk audits to create a sample base of covered entities to ensure HIPAA Privacy, Security & Breach Notification Rules compliance.
Even though the sample will be small, nothing can be quite as terrifying as the word “audit.” However, we are here to support your preparation. Below you will find 3 steps you can take today to prepare for any potential audit.
- Prepare now in case your organization is selected. Leadership and management should speak with staff members to review policies, procedures, and guidelines that support HIPAA and HITECH standards. Collect data beforehand and assign an area to keep materials to provide to OCR if necessary.
- Review targeted topics. From the way patients access and obtain their data to breach notification policies, the OCR will cover a wide range of functions. However, the OCR has provided a detailed list of topics on their website.
- Educate your staff and leadership on your preparation for an OCR audit. Be sure your staff is aware of the information relevant to the OCR audit, including the communication sent from OCR. Ensure your leadership and C-suite is prepared for the new OCR compliance measurement standards, as well.
OCR will look into security, privacy, and breach notification rules. They will analyze risk, safeguards, and implementations, especially those associated with electronic health records and device encryption. Now is the time, before audits begin, to assess risk, prepare staff, and review policies. At Keystone IT, we are experts in healthcare regulations and OCR audit topics. Contact us today for help with OCR HIPAA audit preparation.