Tax Audits vs HIPAA Audits | What You Need to Know

February 21, 2020
Tax-Audits-vs-HIPAA-Audits

When you think of the most wonderful time of the year – tax season probably isn’t the first thing that comes to mind. But even though the filing process can be a bit daunting, it’s the lesser of two evils when compared to the IRS audit that could result from not submitting anything at all. So while you file your taxes this time every year in hopes of not having to face the IRS this tax season – what are you doing to prepare for a HIPAA audit?

As long as you do everything right, the changes of the government showing up on your doorstep are pretty slim. In fact, considering only about 0.5% of all tax returns filed are actually audited – you have a 6% better chance of becoming a millionaire than you do facing the IRS. But despite the unlikely odds, we’re all still focused on staying off the government’s radar by filing each and every year. This better safe than sorry mentality should also apply to the precautions taken to avoid a HIPAA audit, but for many practices, it doesn’t hold the same weight.

Over the past few years, the Office for Civil Rights has investigated more HIPAA complaints and ran more random practice audits than ever before, bringing the total amount of HIPAA fines to over $19 million – just between 2020-2021 alone. So why have we seen such a major increase lately? With technology use in healthcare on the rise and changes in government standards and patient needs, it is easier for Protected Health Information (PHI) to be accessed by those with malicious intent and seemingly harder for practices to provide patients with their own PHI when requested.

So just as we all go through the tax filing process – ensuring that you have a complete HIPAA program is pretty similar:

  • Both require proper documentation to show in case of an audit
  • Both require proactive preparation – meaning, you’ve paid and filed your taxes just like you’ve completed and documented your HIPAA Security Risk Analysis (SRA) BEFORE an issue arises
  • Both have simple and intuitive software solutions, such as TurboTax for your taxes, or a HIPAA compliance software (hint hint, Abyde) that does the heavy lifting for you!
  • Both have a similar risk of a random audit or investigation resulting from a complaint and/or violation

So why don’t practices pay more attention to HIPAA, like they do their taxes? It all comes down to the lack of education on what HIPAA compliance really entails. The reality for many practices is that, because of misinformation or lack of education, the proper safeguards are never put in place and data breaches are growing more and more common.

The worst part? A HIPAA fine could cost your practice, and has cost many others, millions of dollars in addition to time-consuming administrative burdens. And on top of that, unlike late payment fees or penalties on taxes, once a breach occurs under HIPAA there is no going back – and no way to reduce the government’s levied fines.

Our takeaway? You shouldn’t just be preparing for tax season – HIPAA audit season has proven to be a year-round occurrence that deserves just as much of a priority as filing taxes does.