Have you been one of the lucky practices chosen for random HIPAA audits? If you haven’t, that doesn’t mean you won’t!
If you want to avoid random HIPAA audits, the first thing to do is make sure you have had a HIPAA security risk assessment. If you have that, you’re most likely in good shape. If you do have the random HIPAA audits, you will have documentation to produce. If you have attested to core measure 15, and have received government incentive money, but have not had a HIPAA security risk assessment, you will most likely have to give that money back.
HHS and the ONC have hired consultants to perform these random HIPAA audits. I have actually spoken to them. I was trying to make sure my clients had what they needed to insure a successful audit. I did not get the answers I needed, but I think at the time, they were inundated with questions, concerns, complaints, and practices calling from all over the country demanding to know why they are being audited.
How do you avoid random HIPAA audits?
We recommend that practices of all sizes prioritize a review of internal HIPAA privacy and security practices. Beyond the possibility of random HIPAA audits, it is wise to maintain a HIPAA compliant environment for the sake of your practice and your patients.
If you would like a HIPAA security risk assessment, please contact us at firstname.lastname@example.org