Section 13411 of The HITECH Act requires the Secretary of HHS to “provide for periodic audits to ensure that covered entities and business associates that are subject to the requirements of this subtitle and subparts C and E of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of the date of enactment of this Act, comply with such requirements.” That means compliance with the HIPAA Privacy and Security FINAL Rules. Here’s today’s big tip — Get started! …here’s how…
So, where do I begin to Prepare for HIPAA Audits?
HIPAA HITECH compliance is not easy. The blogsosphere is “lit up” with thoughts, ideas, recommendations, interpretations, prognostications and tips on how to become compliant, who’s going to audited and how to prepare for upcoming HIPAA audits.
Over the past couple of months, it has become very apparent that HIPAA enforcement is in effect, on the upswing and the consequences are serious. The June 2011 hiring by the Office of Civil Rights (OCR) of KPMG, however, means enforcement may soon ramp up even more.
Many organizations are struggling with how / where to start. Our recommendations are simple and straight forward and immediately result in your ability to demonstrate good faith effort, show documentation as evidence of same and produce tangible, actionable plans.
Six (6) Action Steps to Undertake Now to Prepare for HIPAA Audits:
- Complete a HIPAA Security Final Rule Self-Assessment (45 CFR 164.308(a)(8) Evaluation)
- Complete a HIPAA Privacy Self-Assessment
- Complete HIPAA Security Risk Analysis (45 CFR 164.308(a)(1))(ii)(A) Risk Analysis)
- Review and update Privacy and Security Policies & Procedures
- Build Security Incident Management & Data Breach Response Policies & Procedures
- Engage and Assess BAs and Subcontractors in a “BA-Sub Summit Meeting”
The single best way to get started is to form a team AND immediately take stock of where you by completing the first two Steps above.
Call Clearwater Compliance at 800-704-3394 if you need help on any of these “jump-start” steps.
Wanna be even more hip on HIPAA? Learn more…
The complete HIPAA Privacy, Security and Breach regulations are here.
If you’d like keep up to date on Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):
- Joining our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
- Following me: http://www.twitter.com/ClearwaterHIPAA
- Subscribing to our eNewsletter
- Attending a HIPAA HITECH live webinar: http://clearwatercompliance.com/live-educational-webinars/
- Attending a HIPAA HITECH Blue Ribbon Panel Live Web Event: http://clearwatercompliance.com/hipaa-hitech-blue-ribbon-panel/
- Viewing a pre-recorded webinar: http://clearwatercompliance.com/on-demand-webinars/
Latest posts by Bob Chaput (see all)
- Making the case for comprehensive cyber-risk strategies: 10 startling facts that will spur C-suite action - August 8, 2016
- Building Capability and Capacity to Take on Healthcare’s Evolving Security Threats - August 5, 2016
- HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol - April 11, 2016