October 16, 2019

October 16, 2019

Subscribe to Latest Legal News and Analysis

October 15, 2019

Subscribe to Latest Legal News and Analysis

October 14, 2019

Subscribe to Latest Legal News and Analysis

Preparing for Round Two of HIPAA Audits, Continued

Earlier this week, information about OCR Phase 2 HIPAA audits was provided. Today, let’s take a look at how to prepare if your entity is selected for an audit:

  • Confirm that a recent comprehensive Risk Assessment has been completed and documented.

  • Confirm that all action items identified in the Risk Assessment have received attention and have been completed (or are in the process of being completed).

  • Verify that policies are up-to-date, including breach notification procedures, notice of privacy practices, and responses to patient requests.

  • Ensure that a current list of business associates (and their contact information) is readily available.

Because Phase 2 does not consist of on-site visits, there will not be an opportunity for dialogue with auditors. Therefore, it is crucial to ensure that documentation alone shows a complete picture of an entity’s compliance efforts. All documents should be carefully reviewed, dated, and signed before turned over to an auditor. While providing extraneous information is not recommended, it is important to double-check that all requested and necessary information is submitted.

Phase 2 audits set to occur in 2016 will focus on the Security Standard’s encryption and decryption requirements, facility access controls, breach reports and complaints. It is never too early to start considering what protocols, training, and procedures will need to be implemented in anticipation of a possible audit related to these items.

© 2019 by McBrayer, McGinnis, Leslie & Kirkland, PLLC. All rights reserved.

TRENDING LEGAL ANALYSIS


About this Author

Emily M. Hord, Health Care Attorney, McBrayer Law Firm
Associate

Emily M. Hord is an Associate of McBrayer, McGinnis, Leslie & Kirkland, PLLC. Ms. Hord concentrates her practice in healthcare law and is located in the firm’s Lexington office. Ms. Hord has experience in a variety of health law issues. She has represented hospitals and healthcare networks, physicians and other medical professionals, nursing homes, and private physician practices. She provides services in the following areas: regulatory and statutory compliance, Certificate of Need and licensing, professional license defense, employment contracts for medical professionals, HIPAA...

859-231-8780