HIPAA compliance: Don’t wait for an audit to find out you’re unprepared!
Being audited or potentially being the defendant in a lawsuit is a fact of life for an out-of-hospital care provider. Anyone who has been sued or audited knows the importance of being able to track who looked at and who modified what, in the medical record. However, the medical record is only as good as the documentation that proves that the record is true and unaltered. Showing that no one accessed the data without authorization or falsely altered the medical record is important in any provider’s defense.
A provider should have easy access to self-service audit logs to investigate the matter immediately and without the delay of having to contact your EHR provider. Any provider can quickly rack up significant legal or personnel fees if you do not have easy access to your audit logs.
Further, access to audit logs is also an important part of compliance with HIPAA. A covered entity has a duty under HIPAA to both “Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.” [45 CFR § 164.308 – Administrative safeguards] and “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronically protected health information” [45 CFR § 164.312 – Technical safeguards].
With a commitment to enriching the lives of America’s seniors and those who care for them, we make it easy for you to fulfill this requirement. We know that audits can be stressful for your staff, so MatrixCare has incorporated HIPAA audit logging and reporting into its software. MatrixCare shows you who has accessed what aspects of the health record, who made changes or updates to the information, and when changes were made.
In our conversations with providers, we have run into organizations whose use of another vendor’s technology caused both headaches and unnecessary expense when they learned that there was no HIPAA audit tracking— AFTER documentation was requested. This type of tracking will become even more important as providers work across multiple care settings to ensure optimal outcomes under value-based care.
Back to blog