RSS Subscribe

 Add to Google Reader or Homepage Add to My AOL Add to Plusmo
Post details: Questions you will face in a HIPAA Audit

08/08/12

Permalink 12:19:04 pm, Categories: EMR Related News, 341 words   English (US)

Questions you will face in a HIPAA Audit

If you have been in the Health IT (HIT) space for any length of time, you will remember when Atlanta’s Piedmont Hospital was audited for HIPAA compliance back in March of 2007. Fast forward to our era of Meaningful Use. Health and Human Services (HHS) has announced a new round of HIPAA audits for those practices which have received meaningful use funding. HHS expects to audit about ten percent of meaningful use participants.

How can you prepare your practice for an audit? The first step is to conduct a standards-based risk assessment. Incidentally, a risk assessment is also the first step required by the HIPAA security rule and is also core item 15 in meaningful use stage one. Completing a risk assessment will give you a prioritized list of items to address.

Once you have completed your risk assessment and begun remediation, going through a mock audit is a useful exercise. It will help you prepare answers in advance and ensure all your policies are easily located. Here are a few of the questions and items HHS asked Piedmont Hospital to answer or provide during their audit:

1. Establish and terminate user access to electronic protected health information (ePHI)
2. Inactive session time out
3. Employee violations and sanctions
4. Risk assessment results
5. Password management
6. Firewall, router, and switch configuration
7. System, network, and device monitoring
8. Regular reviewing of system activity, audit logs, and access reports
9. Antivirus and patch management
10. Wireless security configuration
11. Provide a list of systems that house ePHI
12. Provide a list of recently terminated employees and new hires
13. Provide a list of encryption algorithms.
14. Provide a list of outsourced contractors with access to ePHI.

HITECH, the act that brought you meaningful use, also amended HIPAA law. The HITECH amendments increased the maximum fine for willful negligence to $1.5 million. If your practice is participating in the meaningful use program, it’s time to get serious about security. If you have questions about security compliance, risk assessments, or audits, please feel free to contact us at info@xlemr.com. We look forward to hearing from you.

Permalink Leave a comment

Comments:

No Comments for this post yet...

Leave a comment:

Your email address will not be displayed on this site.
Your URL will be displayed.
Allowed XHTML tags: <p, ul, ol, li, dl, dt, dd, address, blockquote, ins, del, span, bdo, br, em, strong, dfn, code, samp, kdb, var, cite, abbr, acronym, q, sub, sup, tt, i, b, big, small>
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)

XLEMR

News and Articles related to XLEMR and Electronic Medical Records

May 2013
Mon Tue Wed Thu Fri Sat Sun
<<  <   >  >>
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Search




Categories


Archives

Misc

Syndicate this blog XML

What is RSS?

powered by
b2evolution