Surviving a Security Audit: Utilizing the OCR Protocols to conduct a Mock Survey

Duration: 60 Minutes
Instructor: William Miaoulis
Webinar Id: 800172


One Attendee


In this presentation we will discuss the objectives of the HIPAA/HITECH Security Audit, How to accomplish this Audit, How to report within the organization, the fines and penalties that could occur, what steps you can take to document your compliance and the roles and responsibilities within your organization.

Why should you attend: Organizations must be prepared to meet the HIPAA Requirements. OCR has issued fines and organizations have agreed to comprehensive corrective action plan to correct deficiencies discovered through an audit process. These fines have been in the millions of dollars, organizations have faced damage to their reputations and the organizations have to implement corrective action plans.

Fortunately OCR has provided the protocol that utilized to evaluate organizations in the past. This Webinar will show you where to find the protocol and more importantly how to use this protocol to assess your own organization for HIPAA compliance.

HIPAA requires an evaluation of your policies and procedures use the tool they would use to evaluate you. By identifying your Gaps, an organization can create plans based on risks to minimize the impact of an Audit. Prepare today as if you are going to be audited tomorrow.

Areas Covered in the Session:

  • Objectives of the HIPAA Audit
  • Steps to Compliance
  • Administrative, Technical and Physical Safeguards overview
  • HIPAA Evaluation
  • Compliance Monitoring (Not a one time event)
  • What to learn from previous Reviews
  • What documents you may need to produce
  • The fines and Penalties that have been assessed to other organizations
  • A review of a sample corrective action plan
  • Roles and responsibilities within your organization
  • The Three words to surviving an audit: Document, Document and Document.

Who Will Benefit:
  • Information Security Officers
  • Compliance Officers
  • Chief Information Officers

Educational Objectives(S)
Upon completion of this activity, participants will be able to:
  • Discuss the objectives of the HIPAA/HITECH Security Act and how to complete an audit.

CME Credit Statement
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of Colorado Foundation for Medical Care (CFMC) and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.

Colorado Foundation for Medical Care designates this educational activity for a maximum of 1 AMA PRA Category 1 Credit™. Physicians should only claim credit commensurate with the extent of their participation in the activity.

Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 1 hour.

Disclosure Statement
It is the policy of Colorado Foundation for Medical Care (CFMC) and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity. All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations.

Obtaining Certificate of Credit

Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.

Speaker Profile
William Miaoulis CISA, CISM, is a senior healthcare information system (IS) professional with more than 20 years of healthcare Information Security experience. Bill is the founder and primary consultant for HSP Associates. Prior to starting HSP Associates in January of 2013, Bill was the Chief Information Security Officer (CISO) and led the HIPAA security and privacy consulting efforts for Phoenix Health Systems for over 11 years and also was the HIPAA Consulting Manager for SAIC for 18 months. For seven years, Miaoulis was the University of Alabama Birmingham (UAB) Medical Center’s Information Security Officer, where he instituted the first security and privacy programs at UAB starting in October 1992.

Miaoulis contributes to the industry by frequently speaking at conferences on security matters, including recent sessions on Risk Analysis/Risk Management, Creating and Implementing Effective Security Policies, Understanding the HIPAA Security Rule, and Creating Effective Security Incident Response Procedures. Miaoulis has been interviewed and quoted by numerous publications including: SC Magazine, Health Data Management, Briefings on Healthcare Security, Computerworld; and Health Information Compliance Insider. Miaoulis has worked with AHIMA to produce the book “Preparing for a HIPAA Security Compliance Assessment” and also has worked on updating the AHIMA Security Practice Briefs.

You Recently Viewed