As business associates, we have not been high on the radar screen as far as audits go with the OCR. This year that is changing. Although not as many business associates will be audited as covered entities, we will be included in the audit process. In fact, some of the notifications to business associates should have already gone out.
Business associates will have to follow the same rules as covered entities where we will have a short time to provide the requested information for what will be considered a desk-type audit. It is critical that we are all prepared and ready to hand over whatever information is requested. There are plenty of reports on previous audits and where deficiencies were found. These are crucial areas to focus on.
There will also be absolutely no way you will do well if you do not have policies and procedures that you are actually following. Now is the time to review your procedures, and make sure they are being followed. Things change, so make sure your documentation has changed as well. How about all your training? Have you run an audit to make sure you have that documentation? A simple internal audit could save time and even fines.
Let’s show our covered entities and OCR that we business associates treat PHI and HIPAA the way we should.
No related posts.