HIPAA Privacy & Security Audits Have Begun!

Has the Affordable Care Act impacted your business yet? If you’re a medical practice or if you have medical practice clients, HIPAA Privacy documents need to be updated.

The OCR (Office for Civil Rights) is responsible for making sure medical practices have implemented the new privacy and security requirements and they’ve begun auditing to see who is complying. Are you compliant?

According to the OCR website, the use of health information technology continues to expand in health care. Although these new technologies provide many opportunities and benefits for consumers, they also pose new risks to consumer privacy. Because of these increased risks, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) include national standards for the privacy of protected health information, the security of electronic protected health information, and breach notification to consumers. HITECH also requires HHS to perform periodic audits of covered entity and business associate compliance with the HIPAA Privacy, Security, and Breach Notification Rules. HHS Office for Civil Rights (OCR) enforces these rules, and in 2011, OCR established a pilot audit program to assess the controls and processes covered entities have implemented to comply with them. Through this program, OCR developed a protocol, or set of instructions, it then used to measure the efforts of 115 covered entities. As part of OCR’s continued commitment to protect health information, the office instituted a formal evaluation of the effectiveness of the pilot audit program.

We can help by either reviewing your current documentation and recommending the necessary updates, or we can put together a new set of compliant documents for your practice, train your staff and leave you with a HIPAA Policy Manual.