For some employers, a HIPAA audit could be right around the corner. Even if you think you are meeting all of the requirements, there is always fear you may have missed something.

1. Ensure Privacy- The OCR (Department of Health and Human Services’ Office of Civil Rights) focuses on individual rights, so compliance with access and corrections to an individual’s protected health information (PHI), as well as with the HIPAA Privacy Notice requirement, are important. Ensure you have established policies that address these.

2. Increase Security- An OCR security audit will focus mostly on your IT department and the steps you have taken to ensure electronic PHI (e-PHI) remains confidential and secure. Confirm your organization has established a comprehensive plan that covers the security and integrity of PHI, protects against anticipated uses or disclosures not otherwise permitted, and ensures the employees who handle e-PHI are in compliance.

3. Cover Your Bases- Make sure you are prepared in all areas the audit may look into including privacy, security, and portability touches such as special enrollment rights and limits on pre-existing conditions.

If you implemented a new self-funded health plan for the 2019 plan year, you have new obligations arising from HIPAA. Be sure you know what those are and review your HIPAA-related practices with your legal counsel to confirm compliance. Check out our comprehensive HIPAA Toolkit for more.