What are HIPAA audits? What has changed with HIPAA is that the government entity that overseas HIPAA is unhappy. They’re unhappy with how people have taken HIPAA seriously or lack thereof.
Before, HIPAA used to be complaint driven. To the extent, someone believed that their privacy was breached, they would file a complaint with the government agency overseeing HIPAA, then you’d learn about it through the government. Or if you had a breach of your computer system, you had a positive obligation to notify the government. That’s the before picture. That’s how you would have a problem with HIPAA and learn about it or the government would learn about it.
What is now different is that there are HIPAA audits. That’s where the government is sending a select number of people a questionnaire stating, How do you do X, Y and Z. Now, frequently, these are desk questionnaires where nobody from the government is showing up in your office but not all questionnaires are desk audits. Some of them are actually face-to-face visits. So, do not be shocked if someone from the government knocks on your door and says, “We’re here from HIPAA, and we’re trying to learn just how compliant your practice is.” That has changed. We want to be careful and cautious about HIPAA. We built eMerit from the ground up with HIPAA in mind. And that dovetails nicely with the challenges that most practices are facing now with rules and regulations associated with HIPAA.