If there is one thing that seasoned HR professionals know or come to count on is the fact that governing authorities won't only wait for grievances to be file to audit for compliance. They actively assess compliance within the scope of their power to enforce.
In fact, as a part of continued efforts to determine compliance with the HIPAA Privacy, Security, and Breach Notification Rules, the HHS Office for Civil Rights (OCR) is in its second phase of audits of covered entities and their business associates. The 2016 Phase 2 HIPAA Audit Program will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules.
Some Background on HIPPA compliance audits
HIPAA established relevant national standards for the privacy and security of protected health information and the Health Information Technology for Economic and Clinical Health Act (HITECH) established breach notification requirements to provide greater transparency for individuals whose information may be at risk. HITECH requires the HHS Office for Civil Rights (OCR) to conduct periodic audits of a covered entity and business associate compliance with the HIPAA Privacy, Security, and Breach Notification Rules.
The relevance and importance concerning OCR audit duties on organizations focus on prevention. HR best practices around HIPPA Compliance revolve around awareness, infrastructure/protocols, and proactive internal governance.
Internal Governance -
Particularly for HIPPA, Privacy and Breach Notification compliance where consequences are steep. Civil penalties range from $100 to $50,000 per violation. Criminal violations may also apply, including a fine up to $250,000 and imprisonment up to 10 years.
As with most best practices, compliance should flow from values underpinning organizational culture, not the consequences. For most plugging into experience and implementation know how is the safest and fastest route to preventing compliance drama unique to HIPPA Privacy and Breach Notification.
pinnaclesolveshr is well versed in coming alongside organizations to mitigate HR risk in all areas, not just HIPPA compliance. We exist to deliver simplification by cost-effectively removing the HR burden. We solve HR so you can run your business.
Download our HR Compliance 2017 Guide