A HIPAA Audit checklist is one of many things on admin’s plate. Almost anyone working as an administrator in the medical or healthcare industry can relate to the sometimes daunting amount of responsibilities and tasks they are in charge of. Often times, in addition to patient relations, client services, and office duties, they are tasked with the job of maintaining compliance standards of varying degrees. As someone who currently works in the healthcare industry, an HIPAA audit checklist was something I had only heard of, and didn’t expect to ever happen, until last week.

I received a call stating that the state health board would be visiting our office within an hour to perform an audit to maintain our state licenses and to ensure we were in compliance with HIPAA and medical board standards. When the auditor arrived she informed me that she would be spending anywhere from one to four hours in our office going over various audits and rating us along the way. She informed me that legally, no notice is needed to give to offices, other than when the auditor arrives in the parking lot. Only as a courtesy to the offices that she visits, she will give them a call an hour ahead of time. The audit lasted approximately three hours and involved going through a HIPAA audit checklist related to office practice and procedure policies, employee files, patient charts, medical documentations, and HIPAA compliance. In each area we were rated in full compliance, and if not, created an action plan to resolve any risks within 30 days. In many areas that were examined, various fines and penalties are associated if an office fails to meet state standards.

Not only patient charts, but also employee charts were drawn at random to be audited. A spreadsheet was provided to document everything that was required by state standards to be in the office, employee files, and patient charts. The auditor went through various checks including employee hire dates, salary documentation, primary diagnoses listings, safety and emergency procedures, and standard admission and discharge protocol. After the audit was complete, our office was provided a full report with our outcome and list of action items. For each area that was reviewed, if any items were missing or not up to state standards, we had 30 days to create and correct these issues. After everything was reviewed, our office passed with full compliance to the state standards.

As someone who has worked in the healthcare field in various positions and offices for the several years, I have only ever heard about maintaining standards and compliance, but have never heard of an actual audit, yet alone experienced one myself. As an office administrator, often times maintaining full HIPAA compliance in addition to the numerous other responsibilities at hand can be a tedious task. This means making sure all employees are properly trained and informed about the laws and standards, performing annual risk assessments, and having plans and proper procedures in place in case of a breach of information.

Being in a position where I hold the title of office manager and HIPAA security officer, when I received the call for the audit my heart initially began to race. After hanging up the phone and processing what was about to happen, I reassured myself that I had completed all necessary steps to be fully prepared for this situation. It is easy to be in an administrative position and to think that an audit may never actually happen but applying best effort to maintain full compliance should always be a top priority due to the serious penalties and fines that are consequences if an office should fail to meet standards during an audit. In order to provide exceptional patient care, it is crucial and necessary for offices to always be in full compliance with these standards. The benefits greatly outweigh the risks of failing to complete annual employee trainings and risk assessments to accurately maintain state standards for medical boards and compliance in the healthcare industry. Get going if you haven’t done so already.