MD Options  

List Articles by:

Department >
Topic >
Author >
Issue Date >

Log In

OIG Begins HIPAA Compliance Audits

John W. McDaniel

April 2008
Practice Management

The federal Department of Health and Human Services (HHS) Office of Inspector General (OIG) has initiated patient-information security compliance audits of health care organizations. Compliance revolves around a broad set of security requirements that took effect in 2005 under the federal Health Insurance Portability and Accountability Act (HIPAA). Although hospitals have been the early targets of these audits, medical practices could be next.

In light of a possible OIG audit, and given the potentially disastrous financial consequences of a major security breach, practices should review their internal policies and procedures regarding security compliance. Protecting the security of patients’ clinical, administrative, and financial data also protects the group’s ability to see patients and conduct business. To do so, practices must limit the availability of these data only to those in the practice who need to see the information.

Protecting Patient Records
The foundation of any security initiative is the risk assessment and analysis. A risk assessment is a required element of sound security procedures. It allows a medical practice to identify potential threats
and vulnerabilities. CMS has included a matrix at the back of
the HIPAA security regulation (www.cms.hhs.gov/SecurityStandard/02_Regulations.asp) that lists the requirements. It is likely that the OIG would use this same list for any audit of a hospital or physician practice.

OIG auditors are expected to concentrate on an organization’s administrative, physical, and technical safeguards, which are the core requirements under the security regulation. These safeguards could include policies and procedures relating to:
• Access to electronically protected health information (e-PHI)
• Electronically transmitting e-PHI
• Preventing, detecting, containing, and correcting security violations
• Monitoring systems
• Remote access
• Wireless security
• Antivirus mechanisms
• Firewalls
• Other e-PHI security ....

This articles can viewed in its entirety by registered users only.

Login (requires cookies)

Username:
Password:

Forgot Password:
Click here if you cannot remember your password

Register Here:
Click here to register


A Premier Healthcare Resource Inc. Site