How to Manage OCR, HHS HIPAA and HITECH Audit

Duration: 60 Minutes
Instructor: Srini Kolathur
Webinar Id: 800208


One Attendee


Section 13411 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, requires Health and Human Services (HHS) to conduct periodic audits of providers and business associates to ensure their compliance with the HIPAA Security and Privacy Rule, and breach notification standards. To implement this mandate, the Office of Civil Rights (OCR) has conducted HIPAA/HITECH audit program with KPMG of 115 health care organizations to assess privacy and security compliance. This webinar will focus on the implementation and tracking of HIPAA audit best practices in a healthcare setup in order to prepare for the federal audit using published OCR audit protocols.

Every audit begins with interviews, a questionnaire, and a thorough policy and procedures review. Presenter, with his decades of knowledge in the compliance, legal, auditing and security areas, will walk the attendees through the audit process, documentation requirements, and implementation specifications of the HIPAA privacy, security and breach rules. This presentation not only provides opportunity for the participants to prepare for the federal HIPAA audit but also to improve the security posture of their organizations by adopting to changing technology (mobile, social media, Health Information Exchange(HIE), cloud services, etc.) and threat landscape perspective as well. This presentation will uncover reasons why many health information breaches are occurring and help organizations better secure and comply with electronic protected health information by meeting the required and addressable HIPAA/HITECH security rules.

The presenter will also share the best practices used for HIPAA security implementation and continuous risk assessment which is considered as "due diligence" by auditors for the HIPAA security compliance program.

Areas Covered in the Session:

  • Healthcare Technology Adoption/Trends
  • Healthcare Regulatory (HIPAA/HITECH) and OCR/HHS Audit Overview
  • Differences between HIPAA and HITECH Regulations
  • Confidentiality, Integrity and Availability (CIA) &ePHI Data Elements
  • HIPAA/HITECH Security, Privacy and Breach Requirements
  • OCR Audit Protocol
  • Patient Data Privacy, Security and Breach Procedures
  • Step-by-step guide preparation techniques
  • Sample policies
  • Risk Assessment questionnaire for protecting electronic health information
  • Checklist

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager

Educational Objectives(S)
Upon completion of this activity, participants will be able to:
  • Explain the implementation and tracking of HIPAA audit best practices in a healthcare setup in order to prepare for the Federal audit using published OCR audit protocols.

CME Credit Statement
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of CFMC and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.

CFMC designates this educational activity for a maximum of 1 AMA PRA Category 1 Creditâ„¢. Physicians should only claim credit commensurate with the extent of their participation in the activity.

Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 1 hour.

Disclosure Statement
It is the policy of CFMC and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity. All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations

Obtaining Certificate of Credit

Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.

Speaker Profile
Srini Kolathur , HITPro, CISSP,CISA, CISM, MBA is a result-driven leader. He has several years of experience in helping companies effectively meet and exceed regulatory compliance requirements including SOX, PCI, HIPAA, etc. by using best practices.

For the last several years, he has been actively involved in Sarbox controls implementation, PCI-DSS, GRC and internal audit functions in the critical general IT control areas. As internal compliance and audit liaison project manager for Cisco infrastructure group, Srini has managed compliance and automation projects, including developing tracking systems for monitoring privileged user access.

Srini has been involved in providing training to staffs at small practices and hospitals so they can effectively comply with HIPAA/HITECH and meaningful use security requirements by using NIST risk assessment framework, HHS HIPAA checklist and best practices for IT assessment.

Srini graduated with an executive MBA degree from Kenan-flagler business school at UNC Chapel Hill. Srini is very active in the local ISACA and ISSA chapters. Srini believes in and advocates best practices-based security and compliance program to achieve business objectives. Srini has a long and successful track record of bringing in projects on time and on budget, and developing high performance teams, while boosting technicaland business expertise, and maintaining high morale.

You Recently Viewed