THE ADA recently sent out a letter explaining the new 2016: PHASE I & PHASE II HIPAA AUDITS that all healthcare offices (including dental offices) are subject to --throughout the USA. The audits are in full swing and I thought you might be interested in what the HIPAA Auditors are looking for when they come in for an impromptu visit.
While I
understand this is tedious and frustrating, its best to get educated (
Knowledge is Power). Then streamline your efforts to get this HIPAA
stuff in place...And BE PREPARED!
Historically, HIPAA Audits were the result of a patient or disgruntled
employee report. As of 2016, the Office of Civil Rights / The
Department of Health & Human Services will begin to randomly sending
out (e-mailed) PHASE 1 HIPAA Surveys to healthcare offices. These government issued surveys will request detailed information about your HIPAA Practices ( you can peek at the survey-- click here).
It includes a lot of questions that pertain to your revenue--too many actually which might you ponder---"What else will they do with
this information?"
HIPAA PHASE II AUDITS are a live event. A visit from a HIPAA officer to check-out your physical, technical and administrative HIPAA protocols. To prepare you will want to make sue you have these areas covered:
HIPAA EMPLOYEE TRAINING to OMNIBUS RULE STANDARD
All employees should go through a HIPAA Training Course prior to handling Patient Health Information (PHI) within your office. Then be sure each employ signs these (3) forms:
EMPLOYEE TRAINING & CONFIDENTIALITY AGREEMENT
EMPLOYEE TECHNOLOGY USE AGREEMENT
HI-TECH SECURITY LAW RISK ASSESSMENT PROTECTION AGREEMENT
REQUIRED PAPERWORK
A HIPAA Manual (written to the current standard---the Omnibus Rules) is required to have within your dental office.
Also, in addition to the forms listed above there are (5+) forms that you should have updated and in use within your office. (More if you live in Texas or California --who have even stricter State HIPAA Laws). These are some of the Federal HIPAA Omnibus Rule Forms you should have in use in your dental office:
NOTICE OF PRIVACY PRACTICES
PATIENT ACKNOWLEDGEMENT FORM
THIRD PARTY RELEASE FORM
BUSINESS ASSOCIATE AGREEMENT (for vendors)
Reports are a huge part of your HIPAA compliance, these need to be updated at least annually:
Make sure your IT Tech completes and keeps these reports at your office. We have template reports that you can store on your computers and those are so awesome (because you can update these and use the template for years and years)!
DATA BACK UP & CONTINGENCY REPORT
RISK ASSESSMENT REPORT
HIPAA OFFICE PROTOCOLS
Anything from "patient check-in and check-out policies" to your "internet configurations, text, emails, fax and copying practices" will be scrutinized. They will look at every transmission using technology, every piece of paper with Patient PHI as a potential threat that could be a potential Identity Theft Threat to the patient.
OMG! This is nuts right? The list of HIPAA Homework will undoubtedly increase with time and as technology expands. HIPAA will undeniable be growing, changing and evolving. While these steps are good for now, know you will definitely need to keep up on HIPAA Rules & Regs while you are a practicing dentist. It's best to plan a HIPAA Budget. $3000- $5000 annually seems to be realistic for most dental practices. It's maddening---but the cost of doing business and something that is very important to consider and keep-up-on to protect your livelihood.
A cool site to visit to check out---to discover the current trend in HIPAA Fines and Pitfalls: HIPAAJournal.com
So that's an update on WHAT HIPAA AUDITORS are looking for during their 2016-2017 HIPAA AUDITS. Sorry. I hate to be the bearer of such good news. Uggh! Remember, Knowledge is Power--- seek out HIPAA Support from the ADA, studying the government websites: HHS.gov or recruit a reliable HIPAA Coaching Service that will not only help you with the implementation---but one that will provide you the valuable updates when HIPAA evolves. That is key!
If you need support or guidance, you can always call or private message me for additional help. It is my pleasure to help you make sense of this HIPAA madness. Get HIP to this HIPAA Stuff--- It's here to stay.