Compliance Audit & Assessment
Why Conduct a HIPAA Privacy & Security Compliance Audit
Apgar & Associates uses the OCR Audit Protocol as our guide to doing the compliance assessment. Our general HIPAA Privacy and Security Audit acts as your compliance insurance policy. The federal Office of Civil Rights (OCR) not only actively enforces HIPAA privacy and security laws, but OCR managers are making it clear that the agency will aggressively enforce the rules. The OCR says that covered entities and business associates should have robust HIPAA Privacy and Security compliance programs.
What makes up a robust compliance program?
Your compliance program, according to OCR, should include:
- Employee training
- Vigilant implementation of policies and procedures
- Regular internal audits
- Prompt incidence response action plan
General Privacy & Security Audit Risk Assessment Activities
Our full-scope HIPAA Compliance Audit Risk Assessment includes:
- Management overview meeting
- Physical walk-through of your facility
- Review of facility controls
- IT review
- Security and privacy compliance review
- Technical safeguards
- Policy, procedure and document management
The resulting risk assessment report reviews and recommends risk mitigation activities in all areas that require HIPAA compliance. After management review, your final report provides you with a roadmap to full compliance.
The Cost of Non-Compliance
Consequences are serious if you don’t follow federal guidance. In addition to potential public embarrassment, you can also be fined or penalized. Consider the following costly results of being found non-compliant:
- In February 2011, a medical group was fined $4.3 million by the federal Office of Civil Rights (OCR) for violating the HIPAA Privacy rule, and for failing to cooperate with OCR when the agency investigated.
- Also in February 2011, a hospital and its physician organization settled with OCR for $1 million and agreed to implement a corrective action plan after an employee mistakenly left patient information on a train.
For more information about Apgar & Associates, LLC’s HIPAA compliance audit and assessment services, contact us via email or in our Portland, Oregon office at 503-384-2538.