The US Department of Health and Human Services (HHS) has recently updated the penalty levels for HIPAA violations and indicated a new emphasis on the culpability of organizations in the event of rule violations. If you have taken steps to be in compliance, you will be treated less severely than if you have ignored compliance. Penalties have been increased across the board, except for the maximums permitted annually for any one violation, which have been reduced for all but the highest level of violation. The new modifications to the enforcement of HIPAA violations mean that taking steps to meet compliance requirements can help minimize potential penalties.
Recent enforcement actions show a willingness for HHS to work in conjunction with State Attorneys General to bring about settlements for violations of several laws at once, a new emphasis on the importance of prompt action on requests for individual access of Protected Health Information (PHI), and a new smack-down on doctors’ responding to patients’ social media posts and including PHI in the posting.
And new guidance from HHS about the liability of Business Associates for compliance makes it more clear what Business Associates are liable for, and what responsibilities for HIPAA compliance remain in the Covered Entities’ hands. Both Covered Entities and Business Associates need to be prepared for the enforcement distinctions and responsibilities.
The random HIPAA Compliance Audit program had a year of trial audits in 2012. The US Department of Health and Human Services reviewed the results of that work and performed a second round of audits, including HIPAA Business Associates, in 2016 and 2017. The law calls for a permanent Audit program, but HHS has indicated that the HIPAA audit program will be on hold for at least the time being. But that doesn’t mean there will be no enforcement of the HIPAA rules. In fact, preparing for a HIPAA Audit is one of the best ways to be ready to respond to any enforcement action, and going through an internal HIPAA Audit will help you find issues before they become problems that can lead to penalties.
In this session we will discuss the HIPAA audit program and how it works, as well as the enforcement actions that have been taken, and the lessons that can be learned from those actions. We will explore what kind of issues were most prevalent and what kind of entities had the most problems, and show where entities need to improve their compliance the most. We will also explore the typical risk issues that lead to breaches of health information and see how those issues may be targets for auditors and enforcement action in the future.
Knowing what questions are likely to be asked and have been asked at prior HIPAA compliance audits can make preparing for and surviving a HIPAA audit or enforcement review much easier. USDHHS has published an updated, July 2018 protocol for the HIPAA audits, so it is possible to know how to prepare for an audit or enforcement review. Nearly any health care covered entity may be subject to an audit or enforcement investigation; all entities need to know what kinds of questions they’ll be asked, what information they’ll need to provide and how to prevent issues that could lead to violations and fines.
Key Topic Areas:
- Fines and penalties for violations of the HIPAA regulations have been increased and include mandatory fines for willful neglect of the rules that begin at over$10,000 minimum and can reach more than $50,000 per day, but showing due diligence can reduce culpability and penalties.
- Find out what HHS OCR is likely to ask you if you are selected for an audit or enforcement review, and what you’ll have to have prepared already when they do.
- The HIPAA Audit Protocol will be examined along with the sets of questions asked at other HIPAA audits previously.
- HIPAA enforcement actions will be explored, to illustrate violations that can be avoided and the proper practices that can help compliance.
- Learn how having a good compliance process can help you stay compliant more easily.
- Find out what you’ll need to have documented to survive an audit or enforcement review and avoid fines.
- Learn how to use the contents of the HIPAA Audit Protocol as the foundation of your compliance activities and documentation.
Who Should Attend:
- Compliance director
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
About the Presenter:
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than 36 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
You will receive an email with login information and handouts (presentation slides) that you can print and share to all participants at your location.
Operating System: Windows any version preferably above Windows Vista & Mac any version above OS X 10.6
Internet Speed: Preferably above 1 MBPS
Headset: Any decent headset and microphone which can be used to talk and hear clearly
Can’t Listen Live?
No problem. You can get access to On-Demand webinar. Use it as a training tool at your convenience.
For more information you can reach out to below contact:
Toll-Free No: 1-302-444-0162