Healthcare practices that are behind the times could potentially feel swamped when it comes to preparing for a HIPAA compliance audit. If they are already behind, the investment it takes to increase compliance could appear formidable. But with the right outside assistance, an audit doesn't have to be a cause for distress.
This is true even though randomized audits are expected to begin next year, as HealthDataManagement reports. Fortunately, there will be some advanced notice: Hospitals will be asked to submit their information, and several desk and on-site audits will be performed with a specific eye for progress.
Living proof of the ability to prepare for an audit with relatively little notice is Brett Short, Chief Compliance Officer of University of Kentucky Healthcare. In a recent interview with FierceHealthIT, Short described his organization's struggles to meet the audit's requirements. Because they didn't receive the advance letter that would have warned them about the upcoming audit, they really only had a few days to prepare.
Fortunately, Short told the source, University of Kentucky had put previous systems in place to monitor and document all potentially relevant activity.
"We were able to respond fast enough because we check ourselves regularly," he said. "We review the standards that we have to adhere to and make sure our policies and procedures are up-to-date and our security practices reflect our current risks. And we document everything." He also adds that "We compile monthly reports with different data elements and pull those together quarterly."
With professional healthcare consulting firms, individual health providers will have the extra guidance they need in these situations, even if they didn't take the necessary steps in advance. The right support will help you start documentation protocols that lead to an easier time in the face of later audits.