Federal privacy audits may soon shift toward enforcement
Ongoing federal privacy audits originally slated to end in January have uncovered some glaring health-care compliance issues among physicians and health plans, reports the Bureau of National Affairs.
Thus far, the privacy audits have hit only a fraction of eligible organizations, but preliminary results have highlighted key problems, such as a failure to assess the risk of patient data being illegally disclosed, and audits have drilled home the importance of an effective compliance plan.
While the current audits are more educational in nature, the government hasn’t shied away from penalizing other providers who’ve strayed from complying with federal privacy laws. It’s up in the air whether the audit program will shift to a more enforcement-based focus, Iliana Peters, a health-care attorney with Polsinelli PC in Washington, told Bloomberg Law Feb. 22.
The audits assess a provider’s ability to maintain the privacy and security of patient records, and cover everything from whether providers are keeping a tally of all electronic devices that store patient data to whether they’re controlling and monitoring employee access to that data.
The OCR has completed 166 remote audits of covered entities (defined as providers and health plans) and 41 audits of business associates (organizations that provide services to providers and health plans) during the second round. Providers who have been through a HIPAA audit tend to come out of it with a list of compliance upgrades and a sense of urgency about getting them done.
The good news is that you don't need to wait until your practice gets audited to take action. You can be proactive with HIPAAcraticRx's 5-step HIPAA Compliance program. From your initial risk analysis to remediation of issues to ongoing monitoring, you can rest assured that your practice has the right protocols in place to stand up to even the most stringent government audits. HIPAAcraticRx is The Prescription for HIPAA compliance.