Healthcare News & Insights

Most providers aren’t ready for HIPAA audits

The federal government has begun auditing healthcare organizations to find HIPAA violations – however, a new survey shows most providers aren’t ready.

As part of HITECH Act, the Office for Civil Rights (OCR), the government agency responsible for enforcing HIPAA, was charged with conducting random audits beginning in the fall of this year and lasting until next December.

However, just 17% of healthcare organizations say they’re fully prepared for a HIPAA audit, according to a recent survey from healthcare research firm HCPro.

In better news, 70% of respondents said their organizations are “somewhat” prepared.

With the audits already underway, what should that majority of providers do to make sure they’re ready?

According to the OCR, audits will typically last 30 days, during which auditors will interview key personnel and observe processes and operations.

To get ready for an audit, the OCR recommends healthcare organizations:

  1. make sure risk assessments are up to date
  2. ensure that senior management understands and supports the organization’s risk mitigation strategies
  3. make sure compliance training for staff is up to date
  4. review internal privacy policies and the disciplinary measures that are taken when they’re violated
  5. review or develop an incident response plan, and
  6. conduct an internal audit.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.