Wiki Hipaa violations and state auditors

[khristinelouise]

Is it a hipaa violation to allow an auditor to use a providers office to work in while they do an audit? I realize that the auditor has the right to request any records they need to complete the audit. However, I am unsure if that is the same as allowing them to be in a messy office with protected HPI cluttering every surface. Should they be required to sign a confidentiality agreement? I could use some insight if anyone has any.

 

[Walker22]

I'm not trying to be a wise guy here, but why is there PHI scattered all over the place? That's a HIPAA violation waiting to happen. What if a patient wandered in there by accident looking for the bathroom? Clean up the office, then you don't need a HIPAA agreement at all.

 

[thomas7331]

As I understand the regulation, if the auditor is an employee of the payer, then they're considered a 'covered entity' under the law and subject to the same HIPAA guidelines as the providers. If the auditor is with a contracted outside firm, then a business agreement is required between them and either you or the payer who is conducting the audit. You have a right to request a copy of the agreement. With that agreement, they are brought under the HIPAA umbrella and have to follow the same rules as you are regarding takes necessary steps to protect the PHI and access only what is needed to do their job.

And yes, in agreement with the post above, make sure the auditor doesn't see that the PHI in your office is not adequately protected or that could put you in additional trouble.