Be Prepared for a HIPAA Security Audit

Duration: 60 Minutes
Instructor: Joyce Freville
Webinar Id: 800385


One Attendee


Office of Civil Rights will conduct security audits on covered entities and business associates. Covered entities and business associates should proactively develop a work plan to review their operations in light of the specifications identified in the protocol. The detailed audit guidance can serve as a roadmap for compliance. Covered entities and business associates may assess current practices for each established performance criterion using OCR's audit procedures in order to understand their current state of compliance. Such efforts may help reduce the risks of adverse findings in an actual audit, and reduce the likelihood of a breach or some other form of HIPAA violation.

Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the HIPAA Security rule. Risk analysis should be an ongoing process, in which a covered entity regularly reviews its records to track access to e-PHI and detect security incidents, periodically evaluates the effectiveness of security measures put in place, and regularly reevaluates potential risks to e-PHI.

The HIPAA Breach Notification Rule, 45 CFR 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information.

The webinar will discuss what the OCR will review and key elements of the HIPAA Privacy and Security and Breach Notification Rules and what processes and safeguards must be in place to ensure appropriate protection of electronic protected health information.

Areas Covered in the Session:

  • Overview of Office of Civil Rights (OCR) audit initiatives
  • Discuss HIPAA Privacy and Security and Breach Notification Rules
  • How to implement appropriate security measures to address the risks identified in the risk analysis
  • How to maintain continuous, reasonable, and appropriate security protections

Who Will Benefit:
  • Health Care providers
  • Hospital
  • Nursing Home
  • Rehab
  • Home Health
  • Physicians

Speaker Profile
Dr. Freville is an independent consultant who advises healthcare clients regarding many regulatory issues including but not limited to compliance and HIPAA/HITECH program effectiveness.

She establishes compliance department operations to include planning, designing, and implementing system-wide Corporate Compliance and HIPAA/HITECH Programs. She writes Codes of Ethical Conduct and compliance policies and procedures for providers.

In a previous position, Dr. Freville assisted with the design and management of a company-wide infrastructure to support a Corporate Integrity Agreement (CIA) with the U.S. Department of Health and Human Services with clinical and financial components.

In addition, she was a Senior Medicare Auditor and has over 14 years experience as Directors of Finance, Accounting, and Reimbursement in home health, hospital, pharmacy, and long-term care. In addition, she was a healthcare Compliance Officer for 13 years. Dr. Freville retired from the U.S. Army Reserve as a Command Sergeant Major.

Dr. Freville earned a doctorate in Human Services with a specialization in Health Care Administration from Capella University. In addition, she earned a Master of Business Administration from Webster University, a Bachelor of Science in Accounting from Arizona State University, and is certified in Health Care Compliance (CHC) and Health Privacy Compliance (CHPC). Additionally, she is a member of the Health Care Compliance Association, Louisville Armed Forces Committee and Federal Bureau of Investigation Citizen Academy Alumni.

You Recently Viewed