Jul 27, 2017
Earlier this year, the American Health Information Management Association (AHIMA) published its “External HIPAA Audit Readiness Toolkit” to help covered entities (CEs) and business associates (BAs) prepare for the Office for Civil Rights’ (OCR) upcoming Phase 2 HIPAA Audit Program. The toolkit aims to be the go-to resource for understanding the requirements of Phase 2 audits, so you can self-audit your healthcare organization and be prepared. Although the kit is a good start, we’ve identified additional activities that are necessary—including credible sources to use as reference for best practices.
In Phase 2 audits, the OCR will look for fully developed information governance programs that go beyond the minimum requirements for record management and compliance; comprehensive information privacy and data security is necessary. Self-auditing, starting with the AHIMA toolkit, helps ensure your data is protected and you’re able to demonstrate compliance with the OCR. Let’s review the actions you can take to be prepared for HIPAA audits: