50 likes | 61 Views
Finally, the HIPAA Audit program is required by law and is not going away any time soon. While HHS may still be absorbing the results of the last round, we now know what kind of questions and expectations may be involved in the final program, and being ready to survive a HIPAA Audit is essential.<br><br>The HIPAA Random Audit program is being refocused and redefined to make it more relevant to finding and correcting some of the most prevalent security and privacy compliance issues, based on the experience gained in the 2012 and 2016 audits and in the HIPAA Breach Notification process.<br><br>Learning Objectives:<br><br>HIPAA Audits have been few and far between in the past, but that’s now changing – the HHS is now auditing HIPAA covered entities and business associates even if there have been no complaints or problems reported. Fines and penalties for violations of the HIPAA regulations have been significantly increased and now include mandatory fines for willful neglect of the rules that begin at $10,000 minimum and can reach $50,000 per day. The HIPAA Audit Protocol will be examined along with the sets of questions asked at other HIPAA audits previously.<br><br>Find out what HHS OCR is likely to ask you if you are selected for an audit, and what you’ll have to have prepared already when they do.<br>Find out what the rules are that you need to comply with and what policies you can adopt that can help you come into compliance.<br>Learn how having a good compliance process can help you stay compliant more easily.<br>Find out what you’ll need to have documented to survive an audit and avoid fines.<br>Learn how to export the contents of the HIPAA Audit Protocol and use them as the foundation of your compliance activities and documentation.
E N D
Live Webinar on HIPAA Audit and Enforcement Update: What’s Been Learned and What Can Be Expected in the Future Jim Sheldon-Dean Director of Compliance Services Lewis Creek Systems, LLC www.lewiscreeksystems.com Presented By:
Agenda • Learn from the HIPAA Audit Activities and Enforcement Settlement Agreements • Review the Agreements and Fines to date • Identify the most prominently featured issues in enforcement and audits • Explain the documentation that must be in place to show implementation of policies and procedures • Review the HIPAA Audit process and results from past audits • Discuss HIPAA Privacy and Security requirements • Learn about being prepared for enforcement and auditing • Q&A session
To Prepare for an Audit or Enforcement Investigation • Make sure you have issues covered • Breaches • Enforcement Actions • Issues noted in 2012 Audit Reports • Document your Policies and Procedures and actions taken pursuant to them • Complete the HIPAA Audit Protocol • Be ready to respond
How to approach HIPAA Compliance • Two ways to approach HIPAA compliance: • One is to start from the regulations and work outward to deal with issues found as compliance with the regulations is implemented • Other way is to start with the known issues first, and knock them down, as they are the most likely to cause problems • Best is both, of course, but… • We will examine the issues identified in audits and enforcement actions to identify the top priorities for attention • The session will provide background on the issues, explain enforcement and audit activity, and show what must be documented, and how to survive any issues
HIPAA Privacy & Security Rules • Privacy Rule • 45 CFR §164.5xx; Enforceable since 2003 • Establishes Rights of Individuals • Controls on Uses and Disclosures • Access of PHI is a hot button issue for HHS • Security Rule • 45 CFR §164.3xx; Enforceable since 2005 • Applies to all electronic PHI • Flexible, customizable approach to health information security • Uses Risk Analysis to identify and plan the mitigation of security risks read more details about the webinar…