If you are part of a covered entity (medical practice, hospital, billing agency, etc), you need to be doing an annual HIPAA Audit.
This HIPAA Audit Process is very important. It must be well documented and well structured.
A systematic approach to your HIPAA Audit Process is exactly what will save you business in the long run.
Like any audits a business incurs–financial, inventory or HIPAA, the more structured and systematic the process is, the less painful the process.
There are 2 sides to a HIPAA Audit. There is the front office “paperwork” audit that ensures coding, etc, is being done correctly. Then there is the technical side of HIPAA. This includes all computer, fax, email and employee policies.
HIPAA regulations require a dizzying array of requirements when it comes to the technical side of things.
At the very foundation of any office is the employee computer use policy.
Every employee in an office should know exactly what they can and can’t do on a computer. Which website they are allowed to visit and what the limits of email are.
Not only should every employee know what is required of them on the computer system, they need to know where they can find answers to questions they may have (answers should be in the employee handbook).
Each employee should be required to read and sign the employee computer use policy. Additionally, make it easy to have questions answered.
The HIPAA Audit Process has multiple layers, but the first layer, the foundation, is extremely important and will help steer the other layers in your policy.