It is the responsibility of EyeCare Registry to help ensure that the data used in analytics originates from secure sources.

When you join the EyeCare Registry you will be asked to indicate your level of preparedness for HIPAA compliance. In order to submit data to the registry, it is strongly recommended that you complete a risk assessment and a Compliance Manual. At a minimum, you must be engaged in an active process to put them in place. We recommend that you make this a priority.

The Office for Civil Rights (OCR), which is responsible for HIPAA audits, will dramatically increase the number of audits in 2015. These audits will focus on HIPAA business relationships.

Reasons for audits:

  • Your office may be randomly selected
  • If you do not report a breach that has occurred in your office. This is a legal requirement;
  • If a business relationship is audited but does not have the proper documentation in place from your organization. The OCR makes an assumption that if a company at one end of a HIPAA business relationship is not in compliance, it is highly likely the company at the other end of the relationship also is non-complaint. HIPAA business relationships exist with companies that have access to your patient database. Examples of HIPAA business relationships are contract billing companies, marketing companies that automate patient communications and e-prescribing suppliers that are integrated into your medical record. You may have many more businesses relationship with whom you are required to share your compliance processes that could also expose you to audit. Part of the risk assessment is for you to identify these businesses.

EyeCare Registry was designed to use only de-identified data which is received via a process that does not give the registry access to your database. Therefore, a HIPAA business relationship is not needed with EyeCare Registry. In order to limit your liability with other suppliers and companies, you might want to consider a similar structure.

For overview to compliance and better understanding as to how the OCR is approaching the audit process, click HERE.

If you need assistance in completing a risk assessment and a Compliance Manual, please review the materials and programs provided by the companies linked below. These companies are experienced in dealing with compliance issues in eye care offices.