Three steps to prepare for a HIPAA audit
Implementing such new and costly strategic reforms as electronic health records (EHRs) and International Statistical Classification of Diseases and Related Health Problems, 10th Revision (ICD-10) have, in many cases, stretched financial and staff resources to their breaking point.
Add to that, a global scarcity of skilled health care security and privacy professionals and it is unsurprising that a majority of CEs remain ill-equipped to comply with HIPAA privacy and security rules.
Even CEs with functioning HIPAA security and privacy programs in place may not be confident in their ability to perform well under the new HIPAA audit process. Many of those who struggle to comply face the following issues:
- Understanding and reconciling the broad complexities of both federal and state health care regulations
- Dealing with limited budgets to support the requisite personnel, IT controls and changes in business processes to meet HIPAA requirements
- Balancing the organization’s competing strategic initiatives of health care reform and health care compliance
Regardless of these business challenges, CEs should act as soon as possible to assess and improve their privacy and security capabilities.