Special LIVE Event: Marketing Your Telehealth Services: Successful, Legal & Ethical Online Strategies See Details


How to Prepare for a HIPAA Onsite Audit

by | Feb 5, 2017 | 0 comments

HIPAA onsite auditWhen the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) investigates a potential HIPAA violation, auditors will usually instigate a HIPAA onsite audit.

HIPAA onsite audits are an essential part of the investigative process. OCR will notify you if your behavioral health practice is selected for an onsite audit. Auditors will schedule a visit to your physical site. An investigator representing OCR will conduct a thorough, in person analysis of your practice’s HIPAA compliance program.

It’s important to note that once OCR opens an investigation, they will require all of the necessary documentation in electronic format. OCR investigators will require:

  • Documentation of the practice’s most recent Security Risk Analysis
  • An IT Report on the practice’s server setup, router setup, firewall, and workstations
  • A Device Audit documenting all devices that access or store electronic protected health information (ePHI), along with details about device security
  • A Physical Site Audit analyzing hard copy PHI, alarm systems, building keys, document storage, and document shredding
  • A complete set of the practice’s HIPAA Policies with corresponding regulation numbers
  • Documentation of Employee Training and Attestation, including their HIPAA 101 training and policy review

The easiest way for behavioral health specialists to be prepared for a HIPAA onsite audit is to implement a HIPAA compliance program that addresses the full extent of the law. A robust compliance program also serves as the best way to stop HIPAA violations from occurring in the first place.

What Are Your Thoughts?

Please leave your comments below.

Basic Telehealth Legal Issues

Would TBHI Telehealth Training Help You?

Basic Telehealth Legal Issues: Rules, Regulations & Risk Management

Bring your telehealth practice into legal compliance. Get up to date on interjurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, duty to report, termination and much more!

Disclaimer: The Telebehavioral Health Institute (TBHI Telehealth.org) offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Terms and Conditions and Privacy Policy.


Submit a Comment

Your email address will not be published.

Blog Categories