By Jack Anderson
March 8, 2016
Figliozzi has just started desk audits in the Midwest for covered entities who received meaningful use funds. The initial method is to ask for certain documents such as an updated risk assessment. Failure to pass the audit will result in returning MU funds and possible audit for defrauding the federal government.
25% of providers audited in the past by Figliozzi have failed the audit. A frequent cause of failure is lack of an updated HIPAA risk assessment meeting the standards of HHS. While it is not required, HHS has stated that a risk assessment done to meet the NIST protocol is the industry standard. A NIST risk assessment is done to a set of standards developed by the federal government and accepted by auditors.
An internal risk assessment, which is frequently simply a checklist does not meet the standard. A risk assessment done to standards developed by a third party consultant may or may not meet the standards and are generally quite expensive.
The solution for a small clinic or physician office is an automated HIPAA risk assessment based on the NIST protocol administered through the Software as a Service model. At a cost of several hundred dollars the provider can achieve initial HIPAA compliance, including an NIST risk assessment, policies, and staff training. On-going support including updated risk assessments, training, access to a HIPAA expert, and updating policies can be obtained for a low monthly fee.
This solution has met the toughest standard; an on-site audit. Providers using this method have passed every audit.
Take a look at the Jumpstart program at www.compliancehelper.com or set up a meeting to discuss your HIPAA needs, jack@compliancehelper.com