Home About Blog Make Contact Put My HIPAA On Autopilot! Login

Planet HIPAA Blog

What To Expect When You Are Expecting… A HIPAA Audit

Searching through your email at the start of the workday, and there it is, staring straight at you – an e-mail from the Department of Health and Human Services’ Office for Civil Rights (OCR) asking questions regarding your contact for the HIPAA audits. Can you believe it?? The first contact with the OCR regarding HIPAA Audits!! What are they asking? What can you expect?

E-mail #1 – Audit Contact Verification

The first point of contact that you will receive from OCR is an e-mail requesting that you verify who your contact is for the HIPAA Audit Program. The challenge with this e-mail is it is not easy to understand or determine who this e-mail will go to within your organization. Additionally, many organizations are finding that this e-mail is ending up in junk mail or spam. Lessons learned – have all leadership check e-mails regularly (including junk and spam) and have IT run scans through e-mail searching for e-mails from the OCR.

Audit Contact...

Continue Reading...

Could Your Business Associates Cost You Millions?

In the past couple of weeks, the Department of Health and Human Services’ Office for Civil Rights (OCR) has shined a spotlight on the importance of relationships and written agreements between covered entities and business associates. Business associates are third party vendors that help covered entities with day to day operations. Sample business associates are:

  • Third party billing or coding company
  • Third party shredding company
  • Accounting firm that gets access to protected health information
  • Electronic health record vendor
  • Third party secure messaging company
  • Third party information technology organization
  • Health Information Exchange
  • E-prescribing gateway

Under HIPAA, business associates are defined as any third party vendor that performs functions or activities on behalf of the healthcare organization which includes the use or disclosure of protected health information. The activities and functions that are performed typically revolve around the creation,...

Continue Reading...

Patient Testimonials: Are They Putting Your HIPAA Compliance At Risk?

A good client or patient experience can help boost your healthcare organization’s reputation and encourage others to seek your services. In the world of online advertising, posting the testimonial to your organization’s website or Facebook account might be the first step to promote the great services that your organization offers and the satisfaction of your patients and clients!

Before you post that client testimonial – STOP!!!

Did you get a signed authorization from the patient to use their information as a testimonial? One of the most monumental stories from 2016 so far was a $25,000 HIPAA enforcement penalty to a physical therapy organization for not having appropriate client authorization for the use of protected health information for client testimonials posted on a website. The violations from posting full patient names with full face photography without written authorization included:

  • Failure to safeguard protected health information
  • Impermissible...
Continue Reading...

If You Don’t Update Your HIPAA Policies And Procedures Today, You’ll Hate Yourself Later.

When you think of HIPAA practices in your organization, the following statements may cross your mind:

"We have a process for that, it is just not documented”

“We are good at protecting our patient’s privacy, we don’t need a written compliance manual”

“We did some items that would qualify to meet those requirements, but we didn’t know we had to document”

“We have a high level of HIPAA compliance, but just don’t have documented policies and procedures”

While all these statements may be true, HIPAA requires documentation and proof that you are complying with the regulations. Documentation and proof of compliance are established through the creation and implementation of required HIPAA policies and procedures. In both the HIPAA Privacy Rule and the HIPAA Security rule, regulations exist that require organizations to implement written policies and procedures to comply with the regulations.

  • Privacy Rule Documentation...
Continue Reading...

6 Simple Steps To Avoid The HIPAA Wall Of Shame In 2016

Phase 2 HIPAA Audits: Coming In 2016 – Are You Prepared?

We’ve seen the headlines across the healthcare industry over the past several months, the Department of Health and Human Services’ Office for Civil Rights (OCR) is starting up the next round of HIPAA audits. While the date is not set in stone, it is predicted that the audits will begin by the end of the 1st Quarter of 2016. Now is the time for all practices to evaluate their current compliance level and implement changes in areas of deficiencies within the HIPAA regulations.

What Will The Phase 2 HIPAA Audits Look Like?

While the full plan of the Phase 2 HIPAA Audits has not been released in detail, we know key elements of the plan for the next round of HIPAA Audits. Phase 2 HIPAA audits will look and feel different than the HIPAA Pilot Audits that were conducted in 2011-2012. The first step in the Phase 2 HIPAA audits will be to conduct a pre-audit survey (Desk Based Audits) on up to 1,200 HIPAA covered...

Continue Reading...
1 2

50% Complete

Two Step

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.