Stage 2 of the Division of Human and Health Services’ OCR HIPAA conformity reviews are now ongoing. Late previous year, protected units were chosen for desk audits as well as the 1st cycle of audits have been finished. These days OCR has started auditing BAs of protected units.
At HIMSS17, Deven McGraw of OCR described that the complete conformity audits, which were originally written for Q1, 2017, are delayed. This gives protected units more time to organize.
The stage 2 HIPAA compliance desk audits were more thorough compared to the first stage of audits carried out in 2011/2012. The desk checks included a broad variety of prerequisites of the HIPAA Security, Privacy, and Breach Notice Laws, even though they just made documents check to show conformity.
The onsite checks will be much more comprehensive and will inspect much more profound into companies’ compliance plans. Not just will protected units be needed to demonstrate auditors’ papers showing conformity with HIPAA Laws, OCR will be exploring for proof of HIPAA in action.
To assist with the audit planning procedure, the American Health Information Management Association (AHIMA) has reorganized its HIPAA check preparedness toolkit. The toolkit may be utilized by protected units to evaluate their conformity efforts and decide whether they have all the needed policies, documentation, and procedures ready to satisfy all Health Insurance Movability and Accountability Law prerequisites.
The new toolkit specifies the legal procedure of the HIPAA conformity audit program, OCR procedures, and now includes the reorganized HIPAA audit procedure utilized by OCR in the second stage of the conformity audits.
The latest toolkit has HIPAA conformity checklists comprising procedures, policies, and documentation that’s likely to be demanded by OCR auditors, along with a main policy template for the security and privacy law conformity plan.
AHIMA has also incorporated best practices and tips that can be accepted by HIPAA- protected units and their BAs to assist them to satisfy all of their duties together with a HIPAA audit planning guidebook.
AHIMA associates can read the HIPAA audit preparedness toolkit free of cost in the HIM Body of Knowledge part of the AHIMA site or through its web storehouse.
The onsite checks might have been postponed, but protected units must make sure they are prepared for an audit. Even when the audits slide into 2018 like hinted by McGraw, OCR still inspects all breaches of over 500 files. In the incident of a data breach, OCR will need proof of conformity with HIPAA Laws and heavy penalties await companies found not to have conformed to the HIPAA Security, Privacy and Breach Notice Laws.