Too many healthcare organizations believe they have HIPAA compliance under control, but recent HIPAA Compliance Audits show that noncompliance is widespread across the country. This Seminar teaches the top key lessons from those Audits and how to implement steps to strengthen your HIPAA compliance and pass an Audit.
The Office for Civil Rights (OCR), the HIPAA enforcement arm of the U. S. Department of Health and Human Services (HHS) recently announced alarming results of the Phase 2 Covered Entity HIPAA Compliance Audits. 87% failed the Risk Analysis Audit and 94% failed the Risk Management Audit! Follow up investigations are underway, and penalties have not been announced yet. Business Associates also were audited and showed similar failure rates.
HIPAA enforcement, driven by Congressional and public demand is increasing dramatically. HIPAA Risk Analysis - Risk Management is OCR's highest compliance priority and is required of all Covered Entities and Business Associates. And it should be the foundation of every health care organization's HIPAA compliance program.
But the HIPAA Rules do not explain how to do Risk Analysis - Risk Management and government guidance is confused, confusing and of no practical help. Attend this session to review, step-by-step, how you can comply calmly and confidently with this fundamental HIPAA requirement.
The Audits also revealed noncompliance with other basic HIPAA requirements of the Privacy Rule concerning the Individual's Right of Access to medical records, the Notice of Privacy Practices, and Breach Notification. Common misunderstandings about these requirements and how to comply with each of them will be explained.
Who Will Benefit
- Hospital Trustees
- C-Suite Executives
- HIPAA Compliance Official
- HIPAA Privacy Officer
- HIPAA Security Officer
- Health Information Technology Supervisor
- Practice Manager
- Risk Manager
- Physical Therapist
This session will explain in plain language:
- What are OCR's top priorities in HIPAA enforcement, learned from the Phase 2 Audits
- How does State law regarding privacy protection interact with HIPAA
- Why HIPAA Risk Analysis - Risk Management is essential for all Covered Entities and Business Associates, regardless of size
- What HIPAA Risk Analysis - Risk Management really is; and
- How administrative staff can do a complete HIPAA Risk Analysis - Risk Management efficiently, step-by-step
- How Covered Entities and Business Associates failed the Audits, and what can be done to avoid failure
- What are some common misunderstandings about the Individual’s Right of Access to medical records
- Comparison of the right of access" to "authorization"
- Appropriate fees that may be charged
- How to communicate with patients electronically and comply with HIPAA by following the "3 step safeguard"
- Where and how the Notice of Privacy Practices should be made available to patients; and
- What are the most common mistakes made with Breach Notification
- There is a secret to HIPAA compliance. The secret is that the HIPAA Rules are easy to follow, step-by-step, when you know the steps
Paul R. Hales J.D, is an attorney at law in St. Louis, Missouri whose practice has included specialization in the HIPAA Privacy and Security Rules from the dates they became effective. He provides assistance and counseling on the new, more demanding compliance requirements of the HITECH modifications to HIPAA. Mr. Hales is licensed to practice before the Supreme Court of the United States, Federal Appellate and District Courts, the State Courts of Missouri and is a graduate of Columbia University Law School.