Did you know a medical provider has only 10 days to respond to a notification letter from the HHS Office for Civil Rights? That means there's no time like the present to start preparing for an OCR / HIPAA audit. A recent article on HealthDataManagement encourages medical offices to follow these guidelines to ensure they’re following best practices for compliance at all times:
Document HIPAA Policies and Procedures: Medical organizations are required to implement reasonable and appropriate policies, procedures and standards. These must be documented to prove they’ve set boundaries, and made expectations and standards transparent.
Focus on PHI: HIPAA regulations state that electronic systems holding ePHI must allow access to those who have been granted access rights. Monitor all systems holding ePHI to detect, investigate, mitigate and remediate inappropriate activity to address incidents. This also helps identify employees in need of training, and fosters a culture of privacy and compliance.
Conduct Risk Assessments: Risk assessments gauge the probability of compromised health information. The main goal is to determine whether the organization needs to report a breach as required by the law, or where potential breaches are likely to occur.
Develop an Incident Response Plan: A comprehensive response plan helps contain incidents that might otherwise turn into reportable breaches that must be sent to the OCR. Plans requires frequent evaluation as your organization evolves.
Know your Users: Ensure all users are monitored and audited. Organizations can improve compliance by implementing identity correlation technology in their EHRs and cloud applications.
Have Business Associate Agreements in Place: For vendors handling PHI, a business associate agreement is essential, as it helps ensure both parties are accountable for creating, receiving or transmitting PHI in a secure and intended manner.
Implement Ongoing Training: Training should be an ongoing process. Clearly communicate expectations and train accordingly through a learning management system.
Plan Ahead: These best practices will help position your organization for a compliance program that also lays the groundwork for both future technology adoption and future regulations.
For more information on being prepared for a HIPAA audit, contact HIPAAcraticRx..