Let the Audits Begin . . .

Following the mandate set forth in HITECH, OCR has just announced that it's piloting a HIPAA compliance audit program beginning this month in order to assess HIPAA compliance efforts.  During this pilot phase, which is expected to last through December 2012, OCR will audit up to 150 covered entities from "as wide a range of types and sizes of covered entities as possible."  At least for now, Business Associates will not be included in the pilot program.  OCR has engaged KPMG LLP to conduct the audits, and has made public a sample initial notification letter.  

Each audit will include a request for documents and information, a site visit, and a draft audit report.  Covered entities will have the ability to comment on the auditor's report before its finalized.  While OCR states that it primarily will be using the audit reports to help develop technical assistance and evaluate the efficacy of corrective action plans, OCR is retaining the right to initiate a compliance review to evaluate any serious compliance issues uncovered during this process.  At the conclusion of the pilot program, OCR will "broadly share best practices gleaned through the audit process and guidance targeted to observed compliance challenges."  What happens after the pilot program, however, remains to be seen.            

Be Smart About Using Your Smart Phone in Practice: Understand and Manage the Risks Involved in Using Smart Phones and Tablets in Medical Practice

Thousands of people lose or have their smart phones and other portable devices stolen every day. While most people worry only about the irritation of replacing their phone in such a situation, when a health care professional loses a portable device containing patient information, the irritation of replacing the phone is the least of their worries. With the government handing out million dollar plus penalties for the mistreatment of patient information, now is the time to ensure your practice is best positioned to deal with the inevitable loss of a smart phone.

To view the presentation slides from speakers Erin McAlpin Eiselein, Partner at Davis Graham & Stubbs LLP, and Dr. Marion Jenkins, CEO of QSE Technologies, which were presented last Thursday, July 14th, at a seminar and cover best practices for health care providers who use smart phones and tablets in their medical practice, please click here. Learn how to minimize risk and avoid potential liability under the federal and state privacy and security laws so that the loss of a phone does not turn into the loss of your practice.