Overview:
The webinar will concentrate on topics that HHS has announced will be the focus of the first round of "desk audits". They reflect significant areas of non-compliance revealed in the 2012 pilot audits and HHS HIPAA violation investigations concluded by Resolution Agreements and Corrective Action Plans.
They include:
- HIPAA Risk Analysis
- Risk Management based on Risk Analysis
- Breach Notification
- Notice of Privacy Practices (for Covered Entities)
- Minimum Necessary Standard
- Access of Individuals to their PHI
- Authorizations
- Workforce Training
This webinar is vital because, in focusing on preparation for a HIPAA Compliance Audit, Covered Entities and Business Associates may review, prioritize and structure their HIPAA Compliance programs. If you have HIPAA Compliance documentation ready to submit on two weeks notice to HHS you are implementing an effective HIPAA Compliance program.
In addition, every Covered Entity or Business Associate may face an HHS HIPAA Compliance investigation at any time due to a complaint or a Breach. If you are "audit ready" you will be ready for an investigation - and better able to avoid complaints and prevent breaches.
Why should you attend:
- Every Covered Entity and Business Associate is liable - without prior notice - to be audited for HIPAA Compliance by HHS
- You will have only 2 weeks after receiving your HIPAA Compliance Audit notification and data request to upload all requested documents to an HHS HIPAA Compliance Audit Portal
- The HIPAA Compliance Audit data request you receive will specify content and file organization, file names and any other document submission requirements
- Auditors will not contact an audited entity for clarifications or ask for additional information - it is essential that submitted documents are current, accurately reflect the entity's HIPAA Compliance program and demonstrate HIPAA Compliance
- Only data submitted on time will be assessed
- Failure to respond on time may be referred to the HHS regional office subjecting the entity to a thorough HIPAA Compliance review
- Some of the first group of audited entities will be selected for comprehensive on-site HIPAA Compliance Audits instead of the more limited review of uploaded documents (called a "desk audit" by HHS)
HHS conducted pilot audits of Covered Entities to help design the current official HIPAA Compliance Audit Program. Results of the pilot audit published by HHS revealed:
- Widespread non-compliance by Covered Entities of all sizes - and HHS made special mention that Small Entities "struggle" with HIPAA Privacy, Security and Breach Notification Rule Compliance
- HHS says more than 90% of Health Care Providers are Small Entities according to Federal guidelines
- The most common cause of failure was the audited entity was unaware of the HIPAA Compliance requirement
- 80% of Health Care Providers failed to have an an accurate or complete Risk Analysis - mandatory for all Covered Entities since 2005 and all Business Associates
HIPAA Compliance Audits are just one example of increased HIPAA Compliance enforcement. Massive data breaches, theft of Protected Health Information (PHI) and public and political pressure demand close scrutiny of the HIPAA Compliance program of every Covered Entity and Business Associate, regardless of size. From September 2009 through through May 31, 2015 HHS received more than 173,000 reports of breaches of PHI affecting less than 500 individuals and approximately 1,240 reports of breaches affecting 500 or more individuals.
Areas Covered in the Session:
- What to Expect - HHS HIPAA Compliance Audit Topics and Procedures
- Specific Steps to Prepare for an HHS HIPAA Compliance Audit
Who Will Benefit:
- HIPAA Compliance Officials
- Top Management
- Health Care Provider Practice Manager
- Risk Manager - Compliance Manager
- Information Systems Manager
- Legal Counsel