Is your office ready for a HIPAA audit? It is vital for a company and its employees to remain compliant with the Health Insurance Portability and Accountability Act (HIPAA), as it is illegal to violate these regulations, which results in heavy fines.
HIPAA covers entities such as physicians, insurance providers, clinics, doctor’s offices, dentist offices, pharmacies, nursing homes, and other entities in the healthcare industry.
The Health and Human Services Office also manages HIPAA for Civil Rights (OCR) and conducts HIPAA audits.
Here are 5 things to do to prepare for a HIPAA audit
- Conduct Regular Risk Assessments
A company must assess or write up a documented security risk analysis (SRA) that will apply to the whole company.
A documented security risk analysis must identify threats, weaknesses, high-risk technical resources that require protection, and current security measures being used.
A general rule for a company that requires compliance with HIPAA regulations is to document everything inside the company, including any solutions to recent security breaches.
- Ensure all Employees are Trained and Certified
This aspect of compliance with HIPAA is considered the most important.
When a HIPAA audit is conducted, it requires all employees to be certifiably trained to ensure compliance with HIPAA regulations. Many services offer HIPAA and OSHA compliance training to make this process quicker and easier.
At MedPro, we offer HIPAA and OSHA compliance training at an affordable price to almost any company or customer in the healthcare industry. If any current employee is not certified risk of failing the HIPAA audit, which results in heavy fines of up to $25,000.
- Track Compliance with your Policies and Procedures
Reviewing the existing policies being implanted is essential when preparing for an audit, as the OCR will look for documentation of the current policies and a schedule for implementing these policies and procedures.
Therefore, all employees should be familiar with the company’s policies and procedures in general, but especially before a HIPAA audit is conducted.
- Track and Store Business Associate Agreements (BAAS)
It is helpful for any companies that work with yours to have up-to-date and protected information regarding the relationship between the two companies.
For the other business or third-party firms your company works with, it is necessary to create a list of your company’s vendors and suppliers before the audit and the security and precautions in place in the agreement.
This guarantees that all partners are on the same page and helps ensure safety when getting audited by the OCR.
- Write up a Disaster Recovery Plan
A Disaster Recovery Plan is essential to a company as it helps avoid any economic, political, or environmental issues and will minimize the negative impact that any disaster would cause.
There are many factors to consider when writing up a Disaster Recovery plan, including evaluating the potential threats that could result in catastrophe, recent upgrades, backup of all company data to the cloud or another protective source, and the timeline of recovery from the disaster.
In addition, having a Disaster Recovery Plan helps ensure that the company will remain compliant when any disruption occurs.