The big news this week about Security Audits/HIPAA Compliance is a reminder that the government expects to begin Phase II of the HIPAA Security Rule audits starting in the fall of 2015. If you do not receive a scheduling notice, you probably skipped the audit bullet. If you receive notice that the auditors will visit, it’s clear that you will feel the impacts. In either event, you have to comply with the HIPAA Security Rule in practice.
To meet HIPAA standards, health providers must maintain a secure digital network that protects electronic personal health information. HIPAA requires that companies subject to the rules satisfy three safety standards: administrative safeguards, technical safeguards, and physical safeguards. These standards appear in a self-administered risk assessment tool you can find on HealthIT.gov.
Administrative safeguards refer to the policies and procedures you have in place to control access to personal health information. Technical safeguards refer to transmitting health information, such as encryption and preventing unauthorized access to your network. Physical safeguards refer to the physical means by which you protect the equipment in your business, such as up-to-date inventories of all equipment, locks on doors and windows and cameras to watch what happens in private areas of the building.
The technical safeguards section alone has 45 questions related to your network’s ability to protect health information. Don’t go it alone. Infiniwiz stands ready to help you. We can help you respond to the risk assessment by helping you understand how each question relates to the way that your network operates. We can layout options to help you decide what corrective actions to take, if necessary.
To read more about security audits, see this article in the National Law Review: “Office for Civil Rights Plans to Move Ahead With HIPAA Audits, Reports Say”.
For more about how this news affects you, please contact us. We’ll be happy to talk.