Random audits of large and small practices, payers, clearinghouses and, now, business associates and their subcontractors, could begin at any time. The Office of Civil Rights (OCR) is expected to resume the second half of its audit program soon, although no date has been given. OCR announced a delay of Phase 2 in September.
Practices and other covered entities should thoroughly review existing policies and address any gaps, as monetary penalties for non-compliance are steep. The HITECH Act raised its fines, with a potential maximum of $1.5 million per violation, per year.
That said, practices shouldn't panic, especially if they do a little homework in advance. Here are some important steps your practice can take in preparation for a possible audit:
The Health Information Portability and Accountability Act (better known as HIPAA) protects information about your child's health and medical record. At East Bay Pediatrics your privacy is our priority. You and your child will be able to discuss your child's health with a physician behind closed doors. We try to keep hallways clear in order to facilitate the privacy of conversations. Completed forms with health information must be mailed to you (not faxed) or transmitted over the secure email system. If you have any questions or concerns about privacy, please contact our business office at (phone number).
- Prepare your staff for an audit. Make sure staff know and understand all your practice's policies and procedures. Follow up with staff training if necessary. "Practices are likely already doing what their policies state, but it's important to make sure by revisiting those policies and practice what's in there," says PCC's Privacy and Security Officer Lauren Gluck. "Also, look around from an auditor's point of view. If you see something questionable, like a front desk computer screen that is facing where a patient can see it, make sure to fix it."