In this session we will discuss the HIPAA audit program and enforcement regulations and processes , and how they apply to HIPAA covered entities and business associates.
Now that the HIPAA rules have been in place for more than a dozen years, the days of advice and counseling have been replaced by a hard-nosed enforcement attitude, where HHS OCR is ready to make health care organizations that violate the rules feel some pain for their actions.
If your organization is not ready, the HIPAA rules have new, significantly higher fines, including mandatory minimum fines of $10,000 for willful neglect of compliance. In addition, HIPAA enforcement has taken on a new importance at HHS; officials have publicly stated that enforcement is now a priority, and that means being ready for an audit or compliance review is more important than ever.
If you don't take the proper steps to ensure your patients' rights and health information are being protected according to the HIPAA Privacy, Security, and Breach Notification Rules, you can be hit with significant fines and penalties. With the increased HIPAA fines beginning at $10,000 in cases of willful neglect, following the privacy requirements, providing good information security, and being in compliance are more important than ever.
In this session we will review the HIPAA enforcement actions that have taken place and examine why the enforcement took place, and what could have been done to prevent the incident that led to the enforcement. We will look at the requirements that were not met and discuss what HIPAA entities need to do to ensure that the proper policies, procedures, training, and documentation of their application are in place to prevent problems and limit the organization's exposure in incidents.
In this session we will also discuss the HIPAA audit program and how it works, and discuss the areas that caused the most issues in the 2012 and 2016 audits. We will explore what kind of issues and what kind of entities had the most problems, and show where entities need to improve their compliance the most, and also explore the typical risk issues that lead to breaches of health information and see how those issues may be a target for auditors in the next round.
We will discuss the HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and business associates. We will explain the recent changes that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000.
The results of prior enforcement actions and HHS audits (and their penalties) will be discussed, including recent actions involving multi-million dollar fines and settlements. In addition, new trends in information security risks will be discussed so you can start to plan for the work you'll need to do to stay in compliance and keep patient information private and secure.
Areas Covered in the Session:
- The HIPAA Privacy, Security, and Breach Notification regulations (and the recent changes to them) and how their compliance will be evaluated in enforcement circumstances
- Recent changes to the HIPAA enforcement regulations that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000
- The information and documentation that needs to be prepared in advance so that you can be ready for an enforcement review or an audit without notice
- The results of prior HHS enforcement actions and audits (and their penalties), including recent actions involving multi-million dollar fines and settlements
- Questions asked in prior audits and enforcement reviews
- Identification of weaknesses in organizational compliance
- Future threats to the security of patient information
- The importance of a good compliance process to help you stay compliant more easily
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Continue by clicking on the following link: