The Office for Inspector General (OIG) is resuming their HIPAA audit program of covered entities (healthcare providers) and business associates this year. Those providers who have attested to Meaningful Use (MU) are also on the OIG radar because of the requirement under MU to complete and annually update their Security Risk Assessment.
Use the following checklist to help you review your current HIPAA Program to ensure your practice has implemented the required components of the HIPAA Rules.
Assign a Privacy and Security officer for your practice;
Develop and implement written HIPAA Privacy, Security and HITECH policies and procedures;
Train workforce members and provide security updates as needed (maintain documentation);
Obtain signed Confidentiality Agreements for all workforce members;
Complete a comprehensive Security Risk Analysis (SRA);
Implement a Risk Management Plan based on your findings from the SRA;
Verify your practice is using the current 2013 Omnibus versions of:
Business Associate Agreements
Notice of Privacy Practices;
Develop a Contingency Plan, as applicable, to mitigate any potential incidents or events;
Communicate your Breach Notification policies to all workforce members.
Need assistance with implementation? Let us help you achieve and maintain HIPAA compliance. Whether you need a policy and procedure manual, employee training, a HIPAA survey with a Security Risk Analysis conducted, or a full program, we will get you there.