When HIPAA compliance audits start next year, healthcare legal experts expect the biggest penalties to be assessed for “willful neglect” and the greatest compliance problems to come from downstream vendors of regulated medical entities. Under the new HIPAA Omnibus Rule, medical practice business associates and service providers are, for the first time, being held to the same stringent patient information protection standards as the medical offices they serve.
MedConnectUSA has spent the past four years preparing for HIPAA-compliance, but many medical practice vendors are ill-prepared to meet their new responsibilities. Healthcare legal experts say medical practice managers are right to be concerned about upstream liability if their downstream partners fail to comply with HIPAA regulations.
With federal investigators promising to unleash an aggressive audit program (see our previous posts), Dawn Crump, HealthPort’s VP of Audit Management Solutions, said medical office managers can minimize audit risk by tracking audit information and looking for trends. In a video interview with EMR & HIPAA, Dawn offered 5 important tips for handling healthcare audits:
1. Know your auditors. In addition to HIPAA audits, you may be subject to other auditing programs at the federal, state, local or system level. Consolidating audit tracking information can help identify cross-agency trends.
2. Know what auditors are looking for. Keep up with healthcare news and be proactive in addressing potential problems.
3. Know what auditors are denying and take steps to address those issues within your own system.
4. Be aware of the financial impact of non-compliance. The cost of non-compliance typically outweighs the cost of improving compliance.
5. Minimize audit risk by choosing HIPAA-compliant service partners.