HIPAA Audits on the Horizon
According to an August 8, 2016, report in the ADA News, the US Department of Health and Human Services Office for Civil Rights has begun a proactive process to determine if dental offices are complying with HIPAA regulations. The agency is sending emails to select dental practices in phase two of its Health Insurance Portability and Accountability Act audit program. The emails are from OSOCRAudit@hhs.gov.
The audits are in the form of a pre-audit questionnaire, or in some cases face-to-face visits. The audit intends to examine “compliance with HIPAA’s Privacy, Security, and Breach Notification Rules, with a focus on the Notice of Privacy Practices, patients’ right of access, the timeliness and content of breach notification, and the security risk analysis and risk management processes.”
Prior to this new government initiative, audits were triggered by complaints or generated by a mandatory report from the practice concerning a breach in the practice security system. That changed after the Office of Civil Rights (OCR) hired the consulting firm KMPG, one of the nation’s largest audit, tax, and advisory firms, to assess the level of compliancy among health care providers. The results from KMPG audits of 115 organizations found that 90% of the audited health care entities were not fully compliant.
One of the nine tips that the ADA news story offers dentists to prepare for an audit is: “List your business associates and make sure you have a compliant agreement with each.” The dental laboratories with whom they work do not need to sign business associate agreements but are responsible for compliance relative to safeguarding patient-identifying information, according to the National Association of Dental Laboratories. To read the full story, go to insidedentaltech.com/idt911.
The results from KPMG audits of 115 organizations found that 90% of the audited health care entities were not fully compliant.