The Health Insurance Portability and Accountability Act (HIPAA) has evolved from a means to modernize information exchange in healthcare to now include Privacy, Breach Notification and Security Rules. The progression led to the initial audits of covered entities in 2011 and ultimately, to the final Omnibus Rule in 2013 which folded business associates (BAs) into the liability equation regarding data breaches. The point being that protected health information (PHI) and ePHI is the responsibility of the entire industry.
In the recent Compliance Today article, Healthcare’s new reality: Preparing for and managing an OCR business audit, Chris Luoma of GHX and Dawn Lambert of IASIS Healthcare review best practices and highlight several action items that support audit preparedness for healthcare organizations.
OCR audits are part of an ongoing process for protecting information. For healthcare organizations, continuous improvement through building effective processes and leveraging technology will serve preparedness. You can read the entire article here.