Preparing for OCR Audit Remains a Healthcare Top Priority for 2017

The Health Insurance Portability and Accountability Act (HIPAA) has evolved from a means to modernize information exchange in healthcare to now include Privacy, Breach Notification and Security Rules. The progression led to the initial audits of covered entities in 2011 and ultimately, to the final Omnibus Rule in 2013 which folded business associates (BAs) into the liability equation regarding data breaches. The point being that protected health information (PHI) and ePHI is the responsibility of the entire industry.

In the recent Compliance Today article, Healthcare’s new reality: Preparing for and managing an OCR business audit, Chris Luoma of GHX and Dawn Lambert of IASIS Healthcare review best practices and highlight several action items that support audit preparedness for healthcare organizations.

• Audit preparedness starts at the top. Organizations that designate a leader or team to monitor all compliance activities and processes are better prepared for an eventual audit.
• Get organized – meaning get compliance-related information and BA agreements in a central repository for quick access when called upon.
• Streamline and centralize your BA management processes to quickly and efficiently obtain agreements and be able to confirm that vendors have current risk assessments and procedures. Also, a plan for keeping data current with consistent reviews should be in place.

OCR audits are part of an ongoing process for protecting information. For healthcare organizations, continuous improvement through building effective processes and leveraging technology will serve preparedness. You can read the entire article here.