Abby R. Jackson (abby.jackson@protiviti.com) is Senior Healthcare Consultant in the Dallas office and Leyla Erkan (leyla.erkan@protiviti.com) is Global Compliance Healthcare Leader in the Chicago office at Protiviti, a global consulting firm headquartered in Menlo Park, CA.
In today’s environment, patients have awareness of their privacy rights and heightened fear of data breaches; therefore, it is critical for covered entities to implement regular audits to check for common Health Insurance Portability and Accountability Act (HIPAA) violations. Regardless of the type or size of a facility, HIPAA carries considerable requirements for the protection of patients’ protected health information (PHI), which can at times be challenging in the day-to-day operations of covered entities. From the most advanced health systems to smaller physician practices, the privacy concerns faced each day are similar.
According to the U.S. Department of Health and Human Services, as of June 30, 2019, the top two types of HIPAA complaints received by the Office for Civil Rights (OCR), the governing body of HIPAA, are the impermissible uses and disclosures of PHI and the lack of safeguards of PHI.[1] Both of these types of HIPAA complaints can be addressed through proactive auditing, which is essential to an effective privacy program. Unannounced walkthrough assessments of your facility can lead to easy wins and actionable steps to identify and prevent privacy violations. Furthermore, being able to report the number of resolved privacy violations and show prevention of future privacy violations that resulted from the audits to your HIPAA committee and/or compliance committee can help bolster the credence of your privacy program.