Audits are Coming
As you may have heard, the 2017 fiscal budget for HIPAA auditing (which started October 1st) includes a 10% increase in funding. The budget increase provides the OCR (Office for Civil Rights) resources to more aggressively ensure health providers are taking HIPAA compliance seriously. If the idea of a HIPAA audit in your practice sends shivers down your spine, we suggest you keep reading!
We know hours in the day are hard to come by between patient care, staff, family life, social obligations, and the list goes on. There’s no downplaying how daunting it can be to evaluate HIPAA compliance, especially when you don’t know where to start. We’re proud to keep up with ongoing compliance regulations as they relate to dental technology, and have compiled our top suggestions for preparing your office for a potential audit for you below.
Business Associates Agreement (BAA)
Have a BAA in place with your vendors. If you don’t currently have BAA’s in place, request them! This ensures they are HIPAA complaint and know how to properly keep your data safe. Without a BAA in place, you could be liable for any breaches that occur due to their error. For example, if your IT partner is able to gain access into your system at any given time, you’re at an increased risk of a breach without a BAA to protect you should that vendor incorrectly handle your data. This applies to all vendors you work with, including patient reminder vendors, hardware/software vendors, printing vendors and even cleaning services. We provide our clients with a BAA as soon as the relationship begins; as we know the peace of mind it instantly provides health providers like yourself.
The best way to fully understand where your practice compliance stands is by enlisting a third party to conduct a mock audit. Make sure you use a trusted resource for this audit to ensure you’re getting accurate feedback on your current practices. We offer a complimentary HIPAA IT Risk Assessment, which you can request here (no obligation/no strings attached – we genuinely just want to see your office operating optimally!). Our Risk Assessment provides you with a prioritized report of suggested actions, so your office has a clear idea of current HIPAA violations and concerns to address. Our Risk Assessment takes just under a half hour, and is an incredibly effective measure to proactively protect your office. Remember that a HIPAA IT Risk Assessment is only one piece of the puzzle, and you should also schedule a general HIPAA assessment completed as well.
Upon receiving the results of your mock audit, make it a priority to address the concerns. Empower your team to oversee certain issues raised by the report, and have all employees take ownership of all process changes enforced. While a HIPAA IT Risk Assessment isn’t anyone’s idea of fun, the small time investment can help protect your reputation, minimize fines and penalties, and provide you with peace of mind.
Please let us know if you have any questions as you prepare to improve your office compliance!