The Office of Civil Rights (OCR) gets busy every year sending letters out to covered entities. A total of 167 letters were recently emailed notifying the recipients they are required to provide detailed information about their HIPAA Policies. An example follows:
If you were lucky enough to not receive this letter, then that’s good! BUT DON’T STOP PREPARING! The OCR has the authority to audit your HIPAA policies and plans at any time. Make sure you are ready and prepared for the next round.
Here is a list of areas to focus on:
Dust off your latest HIPAA compliance assessment.
Make sure your staff is properly trained! And that they have current training certificates.
Are your disks encrypted on all your PCs and Macs? Are passwords required to log in and screen savers enabled?
Also, get your HIPAA Security and Privacy Book of Evidence audited! Show your intent to be compliant and get those policies and procedures updated.