As the HIPAA compliance audit program draws near, healthcare organizations must take five steps to prepare, compliance specialist Bob Chaput urges.
When auditors arrive, Chaput says, they'll evaluate both technical and non-technical safeguards. "At one end of the continuum they're going to want evidence and documentation that there's a vibrant and active privacy and security governance committee in place ... And on the other end, they're going to look at very, very specific technical controls and safeguards ..." he predicts.
In an interview with HealthcareInfoSecurity's Howard Anderson (transcript below), Chaput spells out five key HIPAA audit preparation steps:
The Department of Health and Human Services' Office for Civil Rights recently hired KPMG to conduct up to 150 HIPAA compliance audits by the end of 2012 (see: HIPAA Compliance Audits Described). Chaput predicts that auditors will request extensive documentation, including: a risk analysis; privacy and security policies and procedures; sanctions for violating policies; breach notification procedures; training materials and evidence training has actually taken place.
Chaput is president of Clearwater Compliance LLC, a privacy and security consulting firm that helps covered entities and business associates comply with HIPAA and the HITECH Act.
Reprinted with the Permission of Clearwater Compliance