The Office for Civil Rights, a division of the federal government's Department of Health and Human Services, has released more information about the HIPAA audit program designed to assess compliance with the HITECH Act. This act mandates regular reviews of health care organizations and businesses to ascertain to what degree they are meeting the demands of HIPAA, which refers to the Health Insurance Portability and Accountability Act.
HIPAA specifies that businesses engaged in health care must meet certain standards related to maintaining both the privacy and security of patients' medical records, including electronic medical records. The law also directs such businesses to deal with security breaches of such data in specified ways. Covered organizations include clinics small and large, private and public hospitals, and health insurance plans. In the future, the scope of HIPAA audits will also expand to include businesses that are associated with the covered organizations listed.
The Office for Civil Rights is characterizing the audits as "primarily a compliance improvement activity", but the fact remains that failing to meet the government's mandates could lead to a more detailed review and the possibility of sanctions. Yet many health care businesses, particularly small and medium-sized ones, may lack the staff and resources needed to meet all compliance standards.
One solution is to outsource a compliance system as project work by contracting with an IT company knowledgeable about HIPAA. An experienced team of IT consultants can put together a project to help a business to develop policies and procedures, implementing the proper technology to support compliance efforts and provide data that all mandates are being met.
HIPAA audits are scheduled to begin a trial this month.