A NueSoft Technologies survey of 1,000 physicians and practice administrators in 2014 exposed that only 32% felt that a HIPAA audit or inspection was on the horizon. That is about to change as over 550 healthcare groups, associates, and organizations will be audited.
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is launching their first formal HIPAA audits and most organizations are not prepared. Many physicians feel that this is a “gotcha situation” according to Search HealthIT. However, OCR has secured several major settlements with healthcare organizations after patient data breaches over the last few years, with fines ranging from $800,000 to $4.2 million. So, it is clear that these audits are needed and that providers need to take compliance issues and threats more seriously.
Here are a few additional findings from the NueSoft survey:
- 58% of providers have a plan to be compliant.
- 19% are not sure if they have a plan.
- 23% do not have a plan at all.
Many healthcare experts recommend these steps to survive and audit:
- Adopt HIPAA-compliant privacy and security measures for all protected health information (PHI), defined by HIPAA as any medical data that is individually identifiable
- Conduct security risk assessments to identify potential vulnerabilities
- Ensure that EHRs used by the doctor or practice can verify all assertions about the privacy and security of the medical records
- Maintain paper documents for at least six years to support clinical quality measures
- Develop formal policies and training procedures for staff members that are tailored to the workflow of the organization
- Conduct regular training to change the behavior of employees who don’t comply with privacy and security measures or aren’t aware of them
- Conduct self-audits to test procedures for ensuring confidentiality and security of PHI
With this announcement from HHS, hopefully healthcare providers realize that HIPAA threats are real and they must recognize that their patients’ satisfaction relies on it.