The impending 2015 HIPAA compliance audit period is an important call for practices to improve their current approach to Health IT. Possible problem areas should be addressed early on to avoid penalties turning up once the process has begun.
However, the sheer amount of work that most centers will have to do to keep up can be daunting, which is why experts are recommending that practices stay involved and take steps to prepare. In addition to establishing a successful security and compliance program, Steve Dickson of Dell calls for practices to take special notice of the particular effects of their security measures.
According to a piece Dickson authored for CIO, it's important for organizations to understand what the Office for Civil Rights will be looking for when it starts auditing. The key thing is to not only put a security program into place, he says, but to document its progression thoroughly so a proof of implementation is recorded.
"Once you establish a security program, proactively monitor security and performance indicators, as OCR audits will focus heavily on breach plans and the controls you have in place to protect them," Dickson writes. "Auditors will look for access to critical group memberships, so make sure you're auditing and reporting on user activity – including your privileged users."
Because many practices last year seemed unaware of the audits, increased information about them and what to expect is crucial to HIPAA success. Schooling all employees in the right protocols for monitoring and reporting problems is also vital to sustaining improvements and avoiding dangerous HIPAA violations, and this should also factor into the preparatory measures that practices take.
By working with consultants that have experience helping a variety of practices, providers will improve their own chances of adapting to the audit period successfully.