Compliance
Could your medical business survive an OCR audit?
Why is now a good time to find out if you’re compliant?
It is required by state and federal law.
An annual, documented risk assessment is required to be compliant.
Do you have a documented Risk Assessment and Remediation Plan?
It is a good defense in case of an audit.
A federal pilot audit by the U.S. Office of Civil Rights (OCR) now under way indicates that HIPAA privacy compliance among covered entities is less than 30 percent; a full-blown audit program may follow. OCR, via its auditors, has made it clear that the general theme of the audits is “show me your written policy, and show me you followed it.”
Do you have a written policy and procedures manual, and can you prove you follow it?
It is required to comply with OSHA Standards, even with less than 10 employees.
Occupational Safety and Hazard Administration’s (OSHA’s) applies to all employers; you are merely exempt from maintaining an injury log. Your practice must still maintain a written control plan.
Do you comply with the standards?
With Texas House Bill 300, there’s new federal requirements.
This law contains more stringent regulations than the federal requirements.
Have you updated your Business Associates Agreement Letters?
Have you modified your staff training?
Have you updated your policy and procedures manual for patient right provisions?
Most physicians will be reported to the Texas Medical Board (TMB) at least once in their career.
Your basic medical malpractice insurance policy does not include the limits needed to fight an appeal of a board-action, however, a large percentage of these appeals are won.
Do you have ample policy limits?
40% of all small businesses report that they have been a victim of fraud.
The median loss experienced by a small business is $147,000. Small organizations are the most common victim making up to 32% of all fraud cases.
Do you know the five most common methods?
Payment Card Industry (PCI) noncompliance penalties can be catastrophic to a medical practice.
Annual PCI compliance is required for all merchants, large and small, that process, store or transmit payment cardholder data.
Have you documented your PCI compliance?
96% of all practices will experience a data breach.
The average privacy breach cost $282.00 per record; this cost does not include employee’s time involved in data collection, loss of productivity or potential reputational damage.
Do you have a cyber-loss prevention and disaster protection plan established?
Stay Informed
- Visit the CMS website under “Regulations and Guidance” for the latest security papers, checklists and announcements of upcoming events.
- Visit the Office for Civil Rights website for the latest guidance, FAQs and other information on the privacy rule.
- Welcome to OIG’s Compliance 101 Web page