Group Practice Tech artwork

Episode 409: The Forthcoming Return of Random HIPAA Audits

Group Practice Tech

English - March 22, 2024 12:00 - 13 minutes - 11.4 MB
Technology Business therapypractice Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Episode 408: Smart Notebooks – HIPAA Considerations and Risks
Next Episode: Episode 410: Upcoming HIPAA Security Rule Changes

Welcome solo and group practice owners! We are Liath Dalton and Evan Dumas, your co-hosts of Group Practice Tech.

 

In our latest episode, we share ways to be proactive in light of the news that random HIPAA audits are returning.

 

We discuss why there’s still no HIPAA police; the function of these random audits; where the gaps in compliance have been historically; what auditors will likely be looking for; the importance of risk analyses, risk mitigation plans, and policies & procedures; how many HIPAA covered entities were audited the last time the program was active; and PCT’s resources to help you get started with formal compliance in a shame-free way.

 

Listen here: https://personcenteredtech.com/group/podcast/

 

For more, visit our website.

Resources & further information:

Results of prior audit period

HHS Notice in the Federal Register

JD Supra article: Never Say Never Again: HHS Signals the Return of HIPAA Audit Program

PCT Resources

HIPAA Risk Analysis & Risk Mitigation Planning service for mental health group practices -- care for your practice using our supportive, shame-free risk analysis and mitigation planning service. You’ll have your Risk Analysis done within 2 hours, performed by a PCT consultant, using a tool built specifically for mental health group practice, and a mitigation checklist to help you reduce your risks.

Group Practice Care Premium

weekly (live & recorded) direct support & consultation service, Group Practice Office Hours

+ assignable staff HIPAA Security Awareness: Bring Your Own Device training + access to Device Security Center with step-by-step device-specific tutorials & registration forms for securing and documenting all personally owned & practice-provided devices (for *all* team members at no per-person cost)

+ assignable staff HIPAA Security Awareness: Remote Workspaces training for all team members + access to Remote Workspace Center with step-by-step tutorials & registration forms for securing and documenting Remote Workspaces (for *all* team members at no per-person cost) + more

PCT's Group Practice PCT Way HIPAA Compliance Manual & Materials -- comprehensive customizable HIPAA Security Policies & Procedure and materials templates specifically for mental health group practices. with a detailed step-by-step project plan and guided instructions for adopting & implementing efficiently **includes policy prohibition on use of BCC and CC; workforce forwarding emails from their practice email account to personal email account; data entry checking/not using autofill suggestions for recipients -- the P&P components that address the email gone awry situations we discussed in the podcast episode

Policies & Procedures include

Customizable templates that address each of the HIPAA Security Rule Standards. Ready for plug-and-play real practice application.

Computing Devices and Electronic Media Technical Security Policy

Bring Your Own Device (BYOD) Policy

Communications Security Policy

Information Systems Secure Use Policy

Risk Management Policy

Contingency Planning Policy

Device and Document Transport and Storage Policy

Device and Document Disposal Policy

Security Training and Awareness Policy

Passwords and Other Digital Authentication Policy

Software and Hardware Selection Policy

Security Incident Response and Breach Notification Policy

Security Onboarding and Exit Policy

Sanction Policy Policy

Release of Information Security Policy

Remote Access Policy

Data Backup Policy

Facility/Office Access and Physical Security Policy

Facility Network Security Policy

Computing Device Acceptable Use Policy

Business Associate Policy

Access Log Review Policy

Forms & Logs include:

Workforce Security Policies Agreement

Security Incident Report

PHI Access Determination

Password Policy Compliance

BYOD Registration & Termination

Data Backup & Confirmation

Access Log Review

Key & Access Code Issue and Loss

Third-Party Service Vendors

Building Security Plan

Security Schedule

Equipment Security Check

Computing System Access Granting & Revocation

Training Completion

Mini Risk Analysis

Security Incident Response

Security Reminder

Practice Equipment Catalog

+ Workforce Security Manual & Leadership Security Manual -- the role-based practical application oriented distillation of the formal Policies & Procedures

+ 2 complimentary seats of the Security Officer Endorsement Training Program (1 for Security Officer; 1 for Deputy (or future Deputy) Security Officer.