Conducting an Internal HIPAA Audit

Home > Conducting an Internal HIPAA Audit

July 30, 2016 | Aptus Associates

We’ve talked about what to do when you’re being audited by HIPAA but it’s always good practice to conduct your own internal HIPAA audit every so often to make sure you’re on the right track. Take some time every once in a while to look around the office and make adjustments. Here are some tips of what you should be looking for in your own audit.

Start with your paperwork. A busy day can generate a ton of papers and things can get overlooked or disorganized in the chaos. Be sure you have an organization system to keep patient information secure. In addition to keeping personal information in a secure filing system, keep track of all trainings and evaluations your practice has been a part of.

Walk through the office, looking for visible signs of patient information. It could be a record open on a vacant computer, paperwork sitting beside a keyboard, or even a password taped to a screen. Many of these places are restricted to just employees so patients won’t frequently be back there. However, delivery workers and family members of employees would have access to these places and are at risk for being violators.

Check with your Electronic Health Record provider. They should be certified and having clear records that you’re double-checking the vendors you work with can help you in your next audit. In the same vein, check with several of your other programs. If you have an internal emailing system (or even an external one), a wireless network system, or specific tools to help with records, be sure that they are secure and can’t be accessed remotely or without passwords.

As much as you hate to think about, your employees are a risk for HIPAA violation. It could be accidental or intentional, especially with young employees or those new to the medical field. Have documented trainings frequently and have each employee sign clear privacy policies that outline violations and consequences. Give examples about the use of social media or selfies in the office so they can know what constitutes a violation.

Taking the time to do an internal HIPAA audit, to look through the office with fresh eyes, the eyes of a HIPAA auditor, you can see what might need improvement or what you might need to educate your staff on. With frequent checks on your security and privacy policies, you patients’ information will be secure and you won’t even flinch the next time an auditor comes to evaluate your office.