“For doctors in a small to medium-sized practice, patient care takes first priority, and these challenges are making it harder for practices to thrive,” explains Kevin Wade, President and CEO of IntelliSystems, a local IT company that provides risk assessments for practices to help them work toward HIPAA compliance and prepare for potential audits. “We have not had any local instances of desk audits yet, but through special tools that we provide, it gives the practices that we have worked with and have done risk assessments for a peace of mind that they are protected in case of an audit.”

Beginning in January of 2016, the Office for Civil Rights will begin Phase 2 of their audit program including desk audits. The audit mandate, an extension of the Health Information Technology for Economic and Clinical Health Act, means that any provider subject to Health Insurance Portability and Accountability Act standards is also subject to a potential audit of their privacy, security, and breach notification statuses.

According to HHS.gov, “The HITECH Act mandates that OCR conduct periodic audits to assess entity compliance with HIPAA. OCR plans to conduct comprehensive and desk audits of covered entities and business associates. Audits are a proactive approach to evaluating and ensuring HIPAA privacy and security compliance.” These audits will affect both practices and business associates that work with them such as their IT companies, shredding and copier companies, and anyone who could potentially come in contact with Protected Health Information. They should both obtain a copy of the audit protocol to use in their own internal audits from HHS.gov.

HIPAA compliance is not just about breaches. A smart backup and disaster recovery plan, having a risk assessment performed, and ensuring your data is secure are all integral in protecting the three hallmarks of compliance: the security, integrity, and availability of electronic protected health information. Now is the time to prepare for a potential audit.

IntelliSystems will be holding a free HIPAA compliance and security seminar on February 18, 2016 at the Columbia Chamber of Commerce. This program is entitled, “What every practice manager and doctor must have in place now to run a compliant, profitable, and secure practice” and will also include presenters from HIPAA Help Center, a compliance management software. For more information and to sign up for the lunch or afternoon sessions of this seminar, visit www.intellisystems.com/events.