Don’t Be Unprepared For HIPAA And Department Of Labor Audits
Is your business ready for a HIPAA audit? Federal agencies such as the Department of Labor (DOL) have the authority to conduct audits of businesses to ensure that they are in compliance with the Patient Protection and Affordable Care Act (PACA) which is also referred to simply as the Affordable Care Act (ACA). These reviews are ultimately intended to ensure that Americans in the workforce have fair access to health insurance and that the personal privacy of employees is respected and their medical records are safeguarded.
The Incentive to Comply
Oftentimes businesses procrastinate – but there are some powerful incentives to put ACA compliance plans in motion ASAP. Not only does that make it much easier and less disruptive in the event of an audit, but it can also help prevent burdensome fines and penalties. According to an article in the Wall Street Journal, for instance, the Health and Human Services’ Office for Civil Rights – which enforces HIPAA – has imposed penalties or reached settlements in at least two dozen high-profile data breach cases. One company paid $250,000 related to the theft of a single laptop that contained highly sensitive unencrypted data. “Covered entities and business associates must understand that mobile device security is their obligation,” said Susan McAndrew, OCR’s deputy director of health information privacy. Violations of privacy through disclosure of PHI may be prosecuted by the Department of Justice, too, with the possibility of jail time.
Protected Health Information (PHI)
Under HIPAA, Protected Health Information (PHI) covers various types of data communicated, shared, filed, and archived by businesses. That may include heath care claim or payment information, paperwork related to enrollment or disenrollment in a health plan, and other data related to an employee’s health or medical history. Audits will take a close look at PHI, and businesses need to proactively safeguard that data and demonstrate to DOL investigators that they have robust and up-to-date systems and procedures for protecting any and all PHI.
PHI Safeguards and Procedures
* Be sure that there are written policies and procedures for PHI compliance, as well as administrative, physical, and IT protocols and safeguards to prevent unauthorized access to PHI. That applies to both printed data and electronic digital information.
* All employees should be trained in HIPAA compliance and PHI protection, and they need to be updated as new guidelines are issued. Keep in mind that the DOL may request evidence to confirm that notices related to HIPAA have been distributed to employees in a timely manner.
* Businesses should also pay special attention to Affordable Care Act provisions regarding health plan compliance that fall under the HIPAA mandate. If the business experiences a data breach or other event that could compromise PHI security, it should be promptly reported to the Department of Health and Human Services.
Time Is of the Essence
Companies that delay delivery of information asked for by the DOL risk greater scrutiny and a more protracted investigation. Preparation for an audit needs to start ASAP, and the number of audits being conducted is trending higher. But being organized and knowing where pertinent documents are is a big advantage, and one that HR departments can help to leverage to their benefit by getting ready now, not later, so that the audit process will be as smooth and painless as possible.
Originally published Victor J. Bierman III here.
No comments:
Post a Comment