HIPAA Privacy and Security Audits Coming Soon

A whole new round of audits — for compliance with HIPAA privacy requirements — are set to begin in early 2013. 

The Department of Health and Human Services (HHS) in December 2012 will conclude a pilot audit program that began in November 2011 and move into full audit mode.

The audits will consist of a site visit with interviews with key practice staff, an inspection of office set-up and operations regarding privacy and security, and an assessment of your compliance with regulations and with your own policies. Reports will include recommendations for correcting compliance problems with an action plan. Some kind of enforcement action against practice violations may occur.

Here are some steps you can take towards compliance:

  • Adopt comprehensive privacy policies and procedures that are up to date and specific to your practice.
  • Carefully train everyone on your staff, especially new hires, according to your policies and procedures.
  • Perform a risk analysis on your practice’s data security, and set up reasonable safeguards as necessary.
  • Develop a risk management plan to ensure ongoing security.
  • When staff violate your practice’s policies and procedures, take appropriate action, and document it.  

TMA can help. Here’s how:

  • TMA’s Policies & Procedures: A Guide for Medical Practices includes a comprehensive, customizable HIPAA and HITECH privacy and security section.
  • TMA Practice Consulting offers on-site policies and procedures, and HIPAA training for your practice. For information, call (800) 523-8776.
  • TMA’s one-hour recorded webinar, HIPAA: Reduce Your Risk, looks at protecting electronic protected health information, and includes Texas law. 

Published Aug. 9, 2011


TMA Practice E-Tips main page

Last Updated On

May 30, 2019

Related Content

Audits | HIPAA