Ready for a HIPAA Audit of your Compliance Plan?
Is your organization keeping up with the challenges of HIPAA compliance and the HIPAA Privacy Rule? Are you concerned over weaknesses in your HIPAA compliance program? Have you considered a HIPAA Gap Analysis or HIPAA Audit to assess your program for risk areas? In short, now may be the time to take this important step.
Key Features of a HIPAA Audit
The Basic Steps of an Audit
- Determine the current procedures. Do you have policies and procedures? Do you have a privacy officer? Have you completed a risk analysis?
- Compare the current procedures with the expectations of the Privacy Rule. Do the procedures comply with the HIPAA Privacy Rule?
- Define the gaps. Compare the current to the expected procedures to determine the gaps in your program.
- Develop a corrective. This plan must clearly spell out the actions you will take to correct the gaps.
A HIPAA Gap Analysis and/or Audit is a focused review and analysis of a covered entity or business associates. It will assist in identifying risks and vulnerabilities of the covered entity. By completing this important step we will help your organization understand the risks. Our HIPAA compliance audit will give you the information you need to protect your program. You will avoid costly HIPAA violations.
The U.S. Department of Health and Human Services (HHS) states that a HIPAA Gap Analysis is typically a narrowed examination of a compliance program. It is meant to assess whether certain controls or safeguards required by the HIPAA Rule have been implemented.
How An Audit Works
A HIPAA compliance audit will review the overall flow of protected health information (PHI) created, accessed, used and disclosed within the organization. The gap analysis reviews any existing policies, procedures and the safeguards that are in place to protect the information, and the policies that give individuals’ rights over their PHI. It will also assess the level of training that has taken place within your organization to satisfy the requirements of the Privacy Rule. Finally it will address all identified risks to the organization
HIPAA Gap Analysis & Security Risk Analysis
A HIPAA Gap Analysis is a good starting point for beginning a HIPAA compliance program or improving an existing compliance program. It is a useful tool for creating a valid snapshot of your HIPAA program. However, the HIPAA Gap Analysis works in conjunction with a Security Risk Analysis (SRA).
The HIPAA Security Risk Analysis is an in-depth examination of the administrative, physical and technical safeguards for electronic PHI (ePHI) required by the Security Rule. It will examine the program in a different way than the gap analysis.
A HIPAA Security Risk Analysis usually requires the expertise of an IT professional who is familiar with HIPAA and the HIPAA Privacy & Security Rule. Information collected in a HIPAA Gap Analysis will assist the organization in the completion of the Security Risk Analysis.
Administrative Safeguard Analysis
Initially, the HIPAA Gap Analysis begins with a review of items required by the HIPAA Rules as identified in the HIPAA Privacy Rule.
Data reviewed in a HIPAA Gap Analysis includes the policies the covered entity or business associates must have in place.
Some examples include right to access PHI, to request an amendment to PHI or an accounting of disclosures, to request a restriction, and make a privacy complaint, and others. These include administrative requirements such as policies, business associate agreements, named privacy and security officials, training on the policies that affect employees’ job duties, a complaint process, and breach reporting.
Physical Safeguard Analysis
In addition a HIPAA Gap Analysis includes a review of physical safeguards which protect information systems and related equipment and facilities from hazards and intrusions. The analysis also examines physical safeguards that protect paper PHI maintained in the regular course of business. In addition it also addresses verbal PHI used and disclosed within the organization.
Technical Safeguard Analysis
Finally, the HIPAA Gap Analysis reviews technical safeguards that protect ePHI. It does so by reviewing the mechanisms that protect the confidentiality, integrity and availability of the data.
Technical safeguards control access to PHI and assure the information is true and accurate. They ensure PHI is available for those authorized to use the information to perform their job functions. The optimal way to assure adequacy of safeguards is through a HIPAA Security Risk Analysis.
How a HIPAA Gap Analysis and/or Audit Helps You
A HIPAA Gap Analysis will identify deficiencies, threats and vulnerabilities that exist between the policies currently in place & HIPAA Rule requirements. This type of HIPAA compliance audit will examine the existing compliance program and the HIPAA Rules requirements. The analysis describes the gaps identified and highlights necessary remediation. As a result we can assist you to resolve deficiencies, reduce risk, and bring the program into compliance.
Most importantly, the Audit will give covered entities and business associates an overall snapshot of their compliance efforts. It will help them discover areas where they are non-compliant with HIPAA Rules, or which put them at risk.
Additionally, it will give the organization a roadmap to compliance. This type of HIPAA Risk Analysis can be a good jumping point to a HIPAA Security Risk Analysis. Finally, this will give the privacy officer the information needed to move forward with any necessary revisions to the program.
Learn About HIPAA Audits
There is no better way to learn more about HIPAA Audits and how they work than through our HIPAA Compliance course material or through our HIPAA Resources. Take the opportunity now to learn more about this important subject.
Experience in HIPAA Compliance
Our organization has had years of experience assisting clients with HIPAA compliance programs whether starting a program from the beginning or recommending revisions. We can help you understand the gaps that might exist in your program and how they can affect your organization. This will give you the opportunity to eliminate flaws that may put your company at financial and reputational risk. We have the knowledge and expertise to help you with this important project.
Our HIPAA Gap Analysis is a good starting point for initiating a HIPAA compliance program. Most importantly, it will help get you started with the right information. You will be able to complete a Security Risk Analysis and protect your organization.
Why Choose HIPAA Associates?
Our professionals have certifications in Healthcare Compliance (CHC) from the Health Care Compliance Association and Healthcare Privacy Compliance (CHP) from the American Health Information Management Association. These are organizations who have set the standards in healthcare compliance. These certifications are obtained by rigorous study and proof of in-depth knowledge of the subject.
HIPAA Associates is proud to announce its latest designation. We have been designated a Women Business Enterprise and a Small Local Business Enterprise by the City of Cincinnati. Finally, we are committed to provide with you with the best HIPAA training available. Our professionals have over 19 years’ experience in the field of HIPAA.
Who should get a HIPAA Audit or HIPAA Gap Analysis?
All organizations who handle PHI and bill electronically, may benefit from a HIPAA gap analysis. This instrument will assist an organization to determine how it stands in relation to the HIPAA Privacy Rule requirements.
One of the key features that a HIPAA Gap Analysis will look at, is your policies and procedures. HIPAA Associates can help you manage this part of your compliance program.
