After long delays, a random HIPAA Compliance Audit program is finally getting under way; up to 150 covered entities will be audited in 2012, and being prepared in advance is essential.
Areas Covered in the Session:
• Fines and penalties for violations of the HIPAA regulations have been significantly increased and now include mandatory fines for willful negligence that begin at $10,000 minimum.
• HIPAA Audits have been few and far between in the past, but that's now changing - the HHS is now auditing HIPAA covered entities and business associates even if there have been no complaints or problems reported.
• Find out what HHS OCR is likely to ask you if you are selected for an audit, and what you'll have to have prepared already when they do.
• Find out what the rules are that you need to comply with and what policies you can adopt that can help you come into compliance.
• Learn how the HIPAA rules have changed and how you may need to change how you work to keep up with them.
• Learn how having a good compliance process can help you stay compliant more easily.
• Find out what you'll need to have documented to survive an audit and avoid fines.
• Find out what you'll need to think about to deal with future threats to the security of patient information.
Why should you attend:
• The US Department of Health and Human Services (HHS)has begun a program to meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA) for performing periodic audits of compliance with the HIPAA Privacy and Security Rules, and up to 150 random HIPAA compliance audits will be performed by the end of 2012. While in the past, audits had been performed only at entities that had had a compliant filed against them, the new rule calls for audits whether or not there is a complaint. This means that the HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready in less than ten business days.
• If your organization is not ready, the HIPAA rules have new, significantly higher fines, including mandatory minimum fines of $10,000 for willful neglect of compliance. All HIPAA entities need to be fully in compliance and prepared for an audit at any time, or risk the significant fines for non-compliance.
• In addition, HIPAA enforcement has taken on a new importance at HHS, as shown in multi-million dollar fines and even a one million dollar settlement for a breach of just 192 records. HHS OCR officials have publicly stated that enforcement is now a priority, and that means being ready for an audit is more important than ever. The "slap-on-the-wrist" days are over and fines and settlements are being levied, with more on the way -- don't let your organization be hit for an audit unprepared. And even postal inspectors are now using HIPAA to prosecute identity theft cases.
• By using an information security management process, those responsible for health information can develop the procedures and policies that can help prevent security problems, and help prepare the organization for any incidents, audits, or enforcement actions.
• If you don't take the proper steps to ensure your patients' health information is being protected according to the HIPAA Security and Privacy Rules, you can be hit with significant fines and penalties. With the increased HIPAA fines beginning at $10,000 in cases of willful neglect, providing good information security and being in compliance are more important than ever.
• In addition new enforcement is taking place related to the new HIPAA Breach Notification Rule – when a breach is reported, HHS inspectors can investigate to determine if a penalty is warranted.
Description of the topic:
• In this session we will discuss the HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and
Areas Covered in the Session:
• Fines and penalties for violations of the HIPAA regulations have been significantly increased and now include mandatory fines for willful negligence that begin at $10,000 minimum.
• HIPAA Audits have been few and far between in the past, but that's now changing - the HHS is now auditing HIPAA covered entities and business associates even if there have been no complaints or problems reported.
• Find out what HHS OCR is likely to ask you if you are selected for an audit, and what you'll have to have prepared already when they do.
• Find out what the rules are that you need to comply with and what policies you can adopt that can help you come into compliance.
• Learn how the HIPAA rules have changed and how you may need to change how you work to keep up with them.
• Learn how having a good compliance process can help you stay compliant more easily.
• Find out what you'll need to have documented to survive an audit and avoid fines.
• Find out what you'll need to think about to deal with future threats to the security of patient information.
Why should you attend:
• The US Department of Health and Human Services (HHS)has begun a program to meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA) for performing periodic audits of compliance with the HIPAA Privacy and Security Rules, and up to 150 random HIPAA compliance audits will be performed by the end of 2012. While in the past, audits had been performed only at entities that had had a compliant filed against them, the new rule calls for audits whether or not there is a complaint. This means that the HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready in less than ten business days.
• If your organization is not ready, the HIPAA rules have new, significantly higher fines, including mandatory minimum fines of $10,000 for willful neglect of compliance. All HIPAA entities need to be fully in compliance and prepared for an audit at any time, or risk the significant fines for non-compliance.
• In addition, HIPAA enforcement has taken on a new importance at HHS, as shown in multi-million dollar fines and even a one million dollar settlement for a breach of just 192 records. HHS OCR officials have publicly stated that enforcement is now a priority, and that means being ready for an audit is more important than ever. The "slap-on-the-wrist" days are over and fines and settlements are being levied, with more on the way -- don't let your organization be hit for an audit unprepared. And even postal inspectors are now using HIPAA to prosecute identity theft cases.
• By using an information security management process, those responsible for health information can develop the procedures and policies that can help prevent security problems, and help prepare the organization for any incidents, audits, or enforcement actions.
• If you don't take the proper steps to ensure your patients' health information is being protected according to the HIPAA Security and Privacy Rules, you can be hit with significant fines and penalties. With the increased HIPAA fines beginning at $10,000 in cases of willful neglect, providing good information security and being in compliance are more important than ever.
• In addition new enforcement is taking place related to the new HIPAA Breach Notification Rule – when a breach is reported, HHS inspectors can investigate to determine if a penalty is warranted.
Description of the topic:
• In this session we will discuss the HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and
