With the long overdue HIPAA privacy and security compliance audit program scheduled to begin later this year or early next year, it’s time for every healthcare entity to do a reality check and find out if their privacy and security policies really work. Is your organization prepared for the upcoming HIPAA compliance audit? If yes, how well are you prepared?
“An important component of preparing for a potential HIPAA compliance audit is to complete a ‘walk through’ to make sure privacy and security policies and procedures are practical and effective” says Adam Greene, (a veteran health law attorney and a former key regulator at the U.S. Department of Health and Human Services, where he played a fundamental role in administering and enforcing HIPAA privacy, security, and breach notification rules) in his article ‘HIPAA Audits: Preparation Steps‘. Most organizations formulate policies and procedures, assuming that they would work best to meet their privacy and security needs. But as in Greene’s words, “in the reality of a complex and busy environment” these policies and procedures may not work as expected. It is therefore of prime importance to conduct a self-audit to identify areas that may require policy or procedural changes, and ensure optimal HIPAA compliance.
According to Adam Greene, there are four things that are crucial when preparing for the HIPAA compliance audit: First is to make sure that all your privacy and security policies are up-to-date. Second is to ensure that your employees are comprehensively trained in the latest privacy and security protocols. Third is to formulate a clear sanctions policy to ensure that employees do not violate these protocols. And fourth is to be prepared with extensive documentation to demonstrate your compliance management efforts.
So, while you may have put in place policies and procedures to protect sensitive information, merely doing this will no longer suffice. To effectively handle the HIPAA audit, you need to keep track of how your security and privacy measures work, and also maintain adequate supporting records. This is where our SecureGRC solution may come in handy.
SecureGRC is an automated and integrated IT security and compliance management platform, which not only offers a comprehensive threat management capability, but also provides a unified view of your compliance status, making it easy to keep track of compliance related information. It holistically covers all aspects of threats – internal or external, known or unknown, intentional or unintentional, deliberate or accidental through an effective risk mitigation system.
This solution is flexible and scalable to address new requirements, giving you the capability to seamlessly manage existing and potential risks. Its 24X7 information security monitoring and real-time reporting capabilities enable you to effectively manage threats. And most importantly, the centralized dashboard view summarizes the compliance status helping you generate comprehensive reports to help you demonstrate compliance for any regulatory or standard-based audits, including the periodic HIPAA compliance audit.