In late April, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released new guidance to support their recently implemented Phase 2 HIPAA Compliance Audits. OCR is the federal office that is tasked with enforcing HIPAA requirements for covered entities. OCR has designed the Phase 2 HIPAA audit to target a broad selection of Covered Entities and Business Associates from around the country to improve the state of HIPAA compliance across the health care industry.
Why Independent Practitioners and Other Behavioral Professionals are Likely Candidates for a Phase 2 HIPAA Audit
As we have reported in the past articles, independent practitioners are particularly vulnerable to a HIPAA audit, and have been the primary group to face disciplinary actions by OCR after HIPAA investigations for several years in a row. Part of the issue is that many independent practitioners are unaware or haven’t kept up with HIPAA requirements over the years. Many behavioral practitioners also work in offices that are not part of hospital networks. Such networks not only employ the vast majority of other types of healthcare professionals, but also have entire departments who keep up with such issues. These departments regualrly conduct in-service trainings whereby their employees are exposed to and held accountable for HIPAA compliance protocols.
As the years have progressed since HIPAA’s initial enactment in 1996, HIPAA has changed and reporting can be quite complex. For examples of how that has evolved in behavioral healthcare, see these and other TMHI articles: HIPAA Alert: Release of Mental Health Information May Be Preempted by State Laws and Are You Already in Violation of the New HIPAA Omnibus Act? as well as How Do You Protect PHI for HIPAA when Servicing a Laptop, PC or Cell Phone? Also, TMHI has focused on free tools the government has made available to reduce some of the strain on healthcare covered entities: Finally! FREE HIPAA Tool Makes HIPAA Risk-Assessment Easy-Peasy. However, the US government has clearly decided that previous efforts at reaching the numbers of professionals with their information have not sufficed.
According to recent reports from HHS, behavioral health specialists will be chosen for some of these newer Phase 2 HIPAA Compliance Audits. More training then, is clearly needed.
Where to get HIPAA Audit Help When Contacted by OCR?
For health care professionals who’ve been contacted for a HIPAA audit, the first step is to compile a list of Business Associates along with appropriate contact information. OCR has posted a template on their site for selected auditees to reference when making these lists in response to a HIPAA audit notice. If you’ve received an email from OCR, you should respond promptly with the information they’ve requested. In its official announcement, OCR stated that it would use publicly accessible records to compile any data they don’t receive within 10 days, so simply ignoring the issue won’t make the audit go away.
How to HIPAA Audit-Proof Your Practice?
The TeleMental Health Institute (TMHI) has been a strong supporter of white hat, pre-emptive approaches to legal and ethical issues since its inception, in 2009. TMHI has now partnered with the Compliancy Group to help bring you accurate, convenient and free webinars to help you understand and develop the required compliance documents and practices that are currently mandated. We encourage all readers of our articles to join the Compliancy Group on their free, monthly HIPAA educational webinar series for in depth, ongoing discussions about HIPAA compliance and how it relates to the behavioral specialist. HIPAA expert and CEO of Compliancy Group, Marc Haskelson goes over current trends in HIPAA enforcement and the behavioral health industry, and advises health care professionals about what they can do to protect themselves from OCR’s upcoming HIPAA audits and ever-growing fines.
Citing examples from previous OCR investigations, along with data gathered from across the health care industry, these webinars give viewers a thorough understanding of the odds they have at being audited and the steps they can take to keep OCR from knocking on their door. With Phase 2 notifications already beginning to reach auditees, it’s more important now than ever to make sure that your practice is doing all that it can to prepare.
Click here to view upcoming HIPAA webinars! Make a note on your calendar if you’d like to join me and check back to this blog for more detailed information. You may also want to check my speaking calendar for updates or send me a note through our contact desk. I’m sure that a special bonus will be made available to you as one of my guests….
Basic Telehealth Legal Issues: Rules, Regulations & Risk Management
Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!