HIPAA Audits—Don’t Panic, Be Prepared
For many of you out there working in Healthcare or within the Healthcare IT industries, the thought of a HIPAA audit may make you cringe. Dealing with governmental regulations, like those enforced by the Department of Health and Human Services (HHS), tend to be a complex process. However, it’s the responsibility of any business working within the confines of HIPAA to adhere to these regulations and strong preparation tactics can help overcome the complexity.
What do you need to prepare for a HIPAA audit?
First, a key item of note, HIPAA continues to change, and we expect more changes in the future as security threats evolve. The number of audits being performed in 2017 will increase which means more businesses will be audited, and not just those dealing directly with HIPAA. Both Covered Entities (who work directly with PHI and ePHI) and Business Associates (businesses who work with Covered Entities to provide services and products) are subject to investigation. One of the biggest targets for 2017 are business associates using and supplying Cloud services to retain and access ePHI data. For this reason, it is important to know where your data is. The upside? Notices are being sent. Watch for emails from “@hhs.gov” to ensure you don’t miss your warning of an upcoming audit.
How can you start preparing?
- Make sure you have Business Associate Agreements with all your vendors who have access to your data. For example: your email provider, your backup provider, your cloud services vendors (applications and tools), database administrators, network administrators, network support technicians, support providers, etc.
- Have an audit performed on your own terms by an outside provider. Many times, there are big ticket (even small, significant ticket) items that you might not even be aware of. These pre-audits help you clean things up before an actual audit or breach may take place. Then, you know where to focus your resources.
- Keep your documentation up to date and avoid a failed audit. A failed audit performed by HHS can result in fines, high costs, loss of reputation and loss of business.
- Stay informed. We’re hosting a Lunch n’ Learn in March to address the changes and what you can do to get ahead of the curve. Mark your calendar for Wednesday, March 15th.
Don’t Panic, we’re here to help you prepare!
To schedule a “pre-Audit“ for HIPAA, get in touch with SUCCESS or a security audit company for next steps.