It is the responsibility of EyeCare Registry to help ensure that the data used in analytics originates from secure sources.
When you join the EyeCare Registry you will be asked to indicate your level of preparedness for HIPAA compliance. In order to submit data to the registry, it is strongly recommended that you complete a risk assessment and a Compliance Manual. At a minimum, you must be engaged in an active process to put them in place. We recommend that you make this a priority.
The Office for Civil Rights (OCR), which is responsible for HIPAA audits, will dramatically increase the number of audits in 2015. These audits will focus on HIPAA business relationships.
Reasons for audits:
EyeCare Registry was designed to use only de-identified data which is received via a process that does not give the registry access to your database. Therefore, a HIPAA business relationship is not needed with EyeCare Registry. In order to limit your liability with other suppliers and companies, you might want to consider a similar structure.
For overview to compliance and better understanding as to how the OCR is approaching the audit process, click HERE.
If you need assistance in completing a risk assessment and a Compliance Manual, please review the materials and programs provided by the companies linked below. These companies are experienced in dealing with compliance issues in eye care offices.