HIPAA Compliance Audits Expected: Is Your Release of Information Process in Place?
With a growing regulatory environment set to protect private information to an even greater extent, it’s imperative for healthcare companies to ensure HIPAA compliance related to release of information and all other facets of digital document management. Here’s why.
HIPAA Compliance Audits: What Are They and What Do They Mean?
A November 2011 article on ModernHealthcare.com, entitled “OCR Begins HIPAA Compliance Audits,” which explains the changes in the works. The Office for Civil Rights (OCR) began its plan to initiate audit programs that “test compliance by hospitals, office-based physicians, health plans and other ‘covered entities’ with privacy and security rules under the Health Insurance Portability and Accountability Act of 1996.”
The audits come from the American Recovery and Reinvestment Act of 2009 and have become a priority after many have criticized the lack of effort to secure health records for patients in a standardized manner. The article noted that the OCR alone will have done as many as 150 audits by December 31, 2012 in partnership with KPMG, which will head up the audits while Booz Allen Hamilton will help to identify potential audit candidates.
They mean that those that are not HIPAA compliant with respect to release of information and otherwise will face penalties, fines, and even potential lawsuits if patients suspect that their private information is not being handled in an appropriate manner. Because of the lack of urgency to change processes and ensure staff is properly trained to handle private patient information and information release requests by other agencies, the HIPAA compliance audits are on the rise.
What This Means for You
With signs that the audit programs will begin and pick up momentum throughout 2012 and into the future, it is critical to ensure that all of your release of information processes are HIPAA compliant. This can be challenging if you are overwhelmed with the day-to-day tasks of your medical practice or hospital or you are struggling to find room in the budget to train and retrain staff every time HIPAA regulations change.
One solution is to partner with an outsource company that specializes in the release of information process for the medical and healthcare industries. Companies of this nature focus directly on the unique needs of this industry and understand the nuances and changes HIPAA presents.
The main points in this blog post are:
- HIPAA compliance audits are now being initiated and will gain more ground in 2012 and beyond as a means of checking on medical practices and hospitals that handle patient information to ensure a certain standard.
- Those that must follow certain guidelines about release of information will now fall under scrutiny with these audits if they have not revised and changed their procedures to be HIPAA compliant.
- An ideal solution would be to partner with an outsource company that specializes in the release of information process for the medical and healthcare industries because they focus solely on understanding all the nuances and changes to HIPAA and then adjust their processes accordingly so you can feel rest assured that you are compliant.
Fig Gungor is CEO of OneSource Document Management, a New York based company that offers a broad range of customized copy and scanning services that translate into a significant savings for insurance companies, hospitals and large medical facilities.