They’re Baaaaaack! And in this case, not the poltergeists in the 80s classic, but the Office For Civil Rights (OCR). The OCR shared some significant news, announcing their plans to reintroduce their random HIPAA audits program.

The last time this program was in place was in 2016 – 2017, with over 200 Covered Entities and Business Associates audited to ensure HIPAA compliance. 

Before this program is officially implemented again, the OCR is surveying past audit participants, and hearing their feedback before random audits begin. 

However, Director of the OCR, Melanie Fontes Rainer, confirmed the audits would resume this year, “OCR intends to initiate audits of HIPAA-regulated entities later this year. These audits can assist regulated entities in improving their HIPAA compliance and their protection of health information.”

The audits revealed eye-opening shortcomings of CEs and BAs, with Paul Hales of Hales Group describing that “86% of covered entities and 83% of business associates failed the risk analysis audit, and 94% of CEs and 88% of BAs failed the risk management audit”. 

Thankfully, this news doesn’t have to be like a horror movie if you’re proactive and take compliance seriously. 

What does this mean for you? 

• Embrace a culture of compliance: Don’t wait for the audit! Start building a culture of compliance now. Educate your team on compliance requirements and make data protection a shared responsibility.

• Don’t stress about your SRA!: As your practice/organization is making its compliance journey, ensure your practice/organization has an up-to-date Security Risk Analysis (SRA).  The required SRA is a thorough assessment of a practice/organization’s risks and vulnerabilities. While the SRA might sound daunting, Abyde’s user-friendly SRA can be taken in minutes, simplifying questions so you don’t get lost in the compliance jargon. 

• Lock it down: It is imperative to have technical safeguards in place to ensure patient data is secure. This includes things like encryption, IT support and proper monitoring, being able to catch suspicious activity before it’s too late. 

• Document, document, document, did I say document?: Clear, accessible records are key. In the Abyde software, from policies to agreements, disaster plans to breach logs, you can document everything (avoiding PHI, of course). Our software includes dynamically generated agreements, policies and procedures, not only taking the work out of storing it, but creating it for your practice/organization, too. 

While random HIPAA audits might seem very nerve-wracking for your practice or organization, with the proper tools, you can be easily prepared. These audits will help all in healthcare, highlighting the importance of being compliant and keeping patients’ data safe. 

That’s why Abyde is here to help. Our software simplifies compliance, allowing your practice to focus on what matters most, taking care of patients, or in the case of Business Associates, running your business. 

To learn more about how you can be prepared for the random OCR HIPAA audits, email us at info@abyde.com or schedule a compliance consultation below.