How to Prepare for a HIPAA Onsite Audit
When the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) investigates a potential HIPAA violation, auditors will usually instigate a HIPAA onsite audit.
HIPAA onsite audits are an essential part of the investigative process. OCR will notify you if your behavioral health practice is selected for an onsite audit. Auditors will schedule a visit to your physical site. An investigator representing OCR will conduct a thorough, in person analysis of your practice’s HIPAA compliance program.
- Documentation of the practice’s most recent Security Risk Analysis
- An IT Report on the practice’s server setup, router setup, firewall, and workstations
- A Device Audit documenting all devices that access or store electronic protected health information (ePHI), along with details about device security
- A Physical Site Audit analyzing hard copy PHI, alarm systems, building keys, document storage, and document shredding
- A complete set of the practice’s HIPAA Policies with corresponding regulation numbers
- Documentation of Employee Training and Attestation, including their HIPAA 101 training and policy review
The easiest way for behavioral health specialists to be prepared for a HIPAA onsite audit is to implement a HIPAA compliance program that addresses the full extent of the law. A robust compliance program also serves as the best way to stop HIPAA violations from occurring in the first place.
Compliancy Group gives behavioral health professionals confidence in their HIPAA compliance with The Guard™. The Guard is a web-based HIPAA compliance solution, built by former auditors to help simplify compliance.
Compliancy Group’s team of expert Compliance Coaches™ field questions and guide users through the implementation process, taking the stress out of managing compliance. The Guard is built to address the full extent of HIPAA regulation, including fully automated documentation of policies, procedures, employee training, and remediation plans. The Guard includes policies and procedures that are uniquely tailored to the needs of your organization so you’ll never have to worry about the headaches that come with generic policy binders again.
With The Guard, behavioral health professionals can focus on running their practice while keeping their patients’ data protected and secure.
For more information about what you can do to protect your behavioral health practice, see these upcoming HIPAA educational webinars.
Find out more about how Compliancy Group and the HIPAA Seal of Compliance can help simplify your HIPAA compliance today!
Disclaimer: The views and opinions expressed in the article and on this blog post are those of the authors. These do not necessarily reflect the views, opinions, and position of the Telebehavioral Health Institute (TBHI). Any content written by the authors are their opinion and are not intended to malign any organization, company or individuals.