Are You Ready for a HIPAA Compliance Audit?

CMS will be conducting Stage 2 HIPAA Privacy and Security Audits throughout the year, based on their new, recently published protocol.

The Stage 2 audits will be conducted using “desk audits,” but will evolve to in-person audits. Targets will include covered entities of all sizes as well as their business associates.

For a more in-depth dive into this topic, watch our free on-demand webinar, "HIPAA Compliance Essentials, Simplified".

What Happens if Your Organization is Targeted for An Audit?

1. Candidates for audits will first receive this letter (or one like it). The purpose of the letter is to confirm the contact for the organization. Receiving this letter does not mean that you’ve been selected for an audit. However, it does mean that there is a possibility that you will be selected in the very near future.

2. The next step is a pre-audit questionnaire. If you receive this questionnaire from HHS, it means that you have been selected to be in the pool of candidates who may be audited. The questionnaire will be answered in a portal and includes the following: http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/questionnaire/index.html.

Candidates will also be asked to provide a list of all their business associates with contact information, type of service, etc. 

A random sampling of auditees will be selected from the pre-audit questionnaire respondents, as well as those who did not respond to the initial contact or pre-audit questions.

3. Within 10 days of notification of an audit, you will be required to upload documents supporting your HIPAA compliance program consistent with the lengthy protocol above. Ten days isn’t enough time to get your affairs in order. Creating the necessary elements and implementing them now is your only way to be audit ready. 

Navigating the muddy waters of HIPAA Security and Privacy rules can be perilous and time-consuming. As your first step to preparing for a HIPAA audit and to get your compliance in order, we invite you to watch our free, on-demand webinar, "HIPAA Compliance Essentials, Simplified", by clicking the button below: