HIPAA Audit Tips
From ADA News: The ADA Center for Professional Success has tips to help dental practices who may be faced with an audit from the federal government to determine whether they are complying with the Health Insurance Portability and Accountability Act Privacy, Security and Breach Notification Rules.
The U.S. Department of Health and Human Services Office for Civil Rights has sent emails to selected covered entities that will be included in phase two of its Health Insurance Portability and Accountability Act audit program. The emails are from OSOCRAudit@hhs.gov. OCR suggests monitoring spam folders for messages from this address.
The audits will examine selected covered entities' compliance with HIPAA's Privacy, Security, and Breach Notification Rules, with a focus on the Notice of Privacy Practices, patients' right of access, the timeliness and content of breach notification, and the security risk analysis and risk management processes.
The Center for Professional Success offers nine tips to help dental practices be prepared for the possibility of an audit. The tips include:
- Watch for an email from the Office for Civil Rights
- Practice filling out the Office for Civil Rights' pre-audit screening questionnaire
- Review your HIPAA compliance documents and update as appropriate
- List your business associates and make sure you have a compliant agreement with each
- Review the government's HIPAA audit protocol
- Make sure your HIPAA security risk analysis really is a HIPAA security risk analysis
- Read about the audit program on the Office for Civil Rights website
- Do a mock audit
- Work hard, but don't panic
The tips are available at Success.ADA.org/AuditChecklist.
For more information on the audits, visit hhs.gov.