Don’t Fear a HIPAA Audit Fear Being Uninformed - Blatchford Solutions
Building a Relationship with Your Patients | Bringing Your “A” Game 2.0
March 5, 2018
Dr. Christina Blatchford with Dr Chris Campus (Associates)
March 8, 2018

Don’t Fear a HIPAA Audit Fear Being Uninformed



Don’t fear a HIPAA Audit. Every hour your patient records are under attack. It seems like every day we read about another data breach or ransomware targeting healthcare providers. The Department of Health and Human Services (HHS) post healthcare data breaches daily on their Wall of Shame. By posting data breaches and performing random HIPAA audits, HHS is using the same fear tactics as the Internal Revenue Service uses to mobilize healthcare professionals to take action.

If the fear of a HIPAA Audit doesn’t alarm you, the fear of a data breach or ransomware attack should. In 2017, there was a ransomware attack every 1 to 2 minutes and 1 out of 5 businesses never received their data after paying the ransom.
Be proactive, and evaluate your risks.

Instead of fearing HIPAA Audit repercussions, ask yourself, “In the absence of an audit, would I still understand where my practice is most vulnerable?” If you don’t know your vulnerabilities, how can you protect against them?

The best way to understand where your practice is vulnerable is to take a risk assessment. Blatchford Solutions has partnered with PCIHIPAA to help you quickly evaluate your risk level. You can take a complimentary assessment here. It’s especially helpful for small to mid-sized practices that don’t know where to start.

Understand your key vulnerabilities:

We find many practices are not fully informed and don’t understand HIPAA requirements. Here are key areas where we see most small to mid-sized practices fall short:

• A lack of updated policies, procedures, and business associate agreements
• No documentation or plan to train employees on the importance of security and privacy
• Not using proper encryption for backing up and emailing protected health information
• No proactive emergency and incident response planning
• No experience of testing the restoration of PHI in case of an incident
• No Payment Card Industry (PCI) certification on file
• No cyber insurance nor a clear understanding of steps to take in the event of a data breach

You can also Download The HIPAA Checklist to receive a more detailed checklist of the basic requirements every practice should fulfill.

Yes, there’s a chance to be randomly selected by HIPAA for a compliance audit. But more importantly, you should be taking proactive steps to secure PHI and mitigate key vulnerabilities—not because of an audit fear, but because it’s the right thing to do for you, your employees, and your patients. I don’t fear an IRS audit, and you don’t have to fear a HIPPA audit and yet, inevitably, I file my taxes every year.


Call (800) 588-0254 or click and talk to PCIHIPAA today.

Learn more by Taking A Risk Assessment and Downloading a HIPAA Checklist

Comments are closed.