Many health care organizations believe they are complying with HIPAA.  When an audit happens they will find out if that belief was correct, and your chance may be coming! Federal regulators will begin remote “desk audits” for Business Associates (BAs) this month. And more comprehensive onsite audits of Covered Entities and BAs are slated for the first quarter of 2017. Will you be ready?

In July 2016, a wave of desk audits of Covered Entities began. Now the Office of Civil Rights (OCR) is randomly selecting business associates for audits from a pool of 20,000 BAs compiled from lists submitted to OCR by the Covered Entities currently being audited.

When a desk audit occurs, the BA or Covered Entity is given 10 days to submit a voluminous amount of documentation on compliance with applicable policies, procedures and evidence of implementation – including a copy of their security risk assessment. Have you completed a Risk Analysis and Is your Risk Management up to date?

The HIPAA E-Tool has everything you need to prepare. Don’t get caught short.