A HIPAA audit can happen at any time, and catch the physician’s office unaware. You must follow proper protocol at all times, and be prepared for an Office for Civil Rights audit for this reason. The chances of your clinic being audited are rare, but you must be prepared. If an audit does occur, and the privacy of your patients is found compromised, you could be fined or worse
To prepare for a HIPAA audit, practice constant vigilance in your office. Instruct your staff to file paperwork and input information as if the Inspector were to walk in at any moment.
Your paper trail must be accurate and secure. You must have records of your employee’s HIPAA training, policies, and a risk assessment. You can get a helpful risk assessment tool at The Office for Civil Rights
Some common no-nos that offices fall into are sharing passwords and accounts (for convenience’s sake,) writing passwords on sticky notes and keeping them on the edges of computers, and leaving paperwork where delivery men or other patients could see it. The Physician’s Practice suggests doing a walk-through of your office, seeing it as an inspector would.
Inspection is, of course, not just physical. Your online records must be secure. Change passwords often, especially when employees leave or are hired. Warn your employees about careless breaches of security, like taking pictures of themselves in the office. A simple selfie could contain a patient’s records or other office information in the background
Patient Privacy should be a matter of utmost importance, above ease and speed of work. With practice, proper management of records and information will become habit and your office with be safe and secure, ready for an audit at any time.