The Indiana Dental Association does not currently endorse any HIPAA compliance service provider.
- IDA does not currently endorse any HIPAA compliance providers. A service provider erroneously using the IDA name should raise a red flag.
- While it is important to review your HIPAA compliance on an annual basis, it is not necessary to hire an outside vendor.
What is prompting this buzz around HIPAA compliance?
HHS Office for Civil Rights (OCR) established a program to assess the procedures that covered entities (CE) use to comply with HIPAA regulations. This assessment, in the form of random audits, was divided into three phases. The first phase, conducted 2011-2012, was used to develop a set of protocol to measure the CEs’ efforts toward HIPAA compliance. The second phase, which began in 2016, came in the form of random desk audits. The third phase consists of comprehensive on-site audits of CEs as well as business associates.
The third phase was originally scheduled to begin in the first quarter of 2017 but was delayed until analysis of phase II could be completed. This current flutter of activity by various HIPAA compliance vendors might be prompted by an earlier statement in which Deven McGraw, HHS OCR Deputy Director of Health Information Privacy said he hoped the third phase of audits would begin before the end of 2017.
How can I ensure my HIPAA compliance?
To the best of our knowledge, there has not yet been an announcement of the launch of phase III audits. Nonetheless, it is highly suggested that you audit your own HIPAA compliance each year, and there are many vendors who provide these services. Before choosing a service provider, be sure to do your homework. Remember, the Indiana Dental Association does not currently endorse any HIPAA compliance service provider.
It is not mandatory to use an outside provider for your annual HIPAA audit. There are many tools that you and your staff can use to perform your own internal audit:
- The ADA offers a HIPAA Compliance Kit to help you design and implement a comprehensive program for HIPAA compliance. http://ebusiness.ada.org/productcatalog/596/HIPAA/The-ADA-Complete-HIPAA-Compliance-Kit/J598
- The ADA Practice Resource Center includes several HIPAA Privacy and Security resources for dental practices. www.ada.org/en/member-center/member-benefits/practice-resources/dental-informatics/electronic-health-records/health-system-reform-resources/hipaa-privacy-security
- OCR’s Security Risk Assessment Tool is a free tool that will guide you through a risk assessment through a series of yes/no questions. https://www.healthit.gov/providers-professionals/security-risk-assessment-tool
- HHS’s Fast Facts provides tips on some of the common misunderstandings about HIPAA regulations. https://www.hhs.gov/hipaa/for-professionals/covered-entities/fast-facts/index.html
- Medscape’s on demand webinar will explain your patients’ rights to access and obtain their health information under HIPAA. https://www.medscape.org/viewarticle/876110?src=acdmpart_ocr-hhs_876110
- HIPAA FAQs for Professionals is a searchable online database of HIPAA questions healthcare providers need to know. https://www.hhs.gov/hipaa/for-professionals/faq