HIPAA Audit Protocol a ‘Living Document’
Small and medium-sized businesses trying to create and maintain systems that will meet HIPAA standards for privacy and IT security may have their work cut out for them. Initial audits have been conducted this year, with more still scheduled to take place, but according to the audit protocol itself is likely to evolve in response to the findings from the program so far. According to Linda Sanches of the Office for Civil Rights, the protocol itself is a "living document".
As SMBs may suspect, this could make compliance a difficult objective to achieve. The situation is further complicated by the fact that the rules derived from the HIPAA legislation itself may also be modified with regard to such areas as breach notification procedures, enforcement, privacy, and security. When SMBs consider that the protocol already contains more than 150 areas in which performance may be evaluated, the task of compliance can begin to seem very daunting indeed.
Small businesses in particular may find it difficult to meet the challenge because they often lack the kinds of specialized resources that larger businesses can leverage. A giant corporation may have an entire department solely devoted to dealing with HIPAA rules and policies as they evolve, whereas a small or medium-sized business may not be able to leverage even a single individual into the role of dealing with HIPAA matters.
Fortunately, meeting HIPAA standards can be greatly simplified in several respects through the targeted and appropriate use of technology, but again, to use the strategy poses challenges for the small business. This is why a managed programs model can be an excellent use of limited resources. By working closely with an IT company, a small firm subject to HIPAA requirements can find out just what sorts of IT solutions can help them to streamline their privacy and security procedures with regard to confidential medical data. Then, in conjunction with a managed programs approach, the needed software can be installed on site and updated and maintained as needed.
A managed programs model helps to guarantee that software will be kept in top operating condition so that relevant mandates and requirements can be met in full. Using a managed programs model can also help to give a business confidence in the event that they are selected from an audit since the software involved will not have been tended to by in-house personnel with a multitude of other duties to distract them from what should be a core function.