Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Live Webinar on : HiPAA and EHRs – what your system need to do so you can be incompliance with new rules                  ...
publicly stated that enforcement is now a priority, andthat means being ready for an audit is more importantthan ever. The...
security requirements always involves conducting athorough risk analysis to make sure you haventoverlooked any weaknesses....
About Speaker:                                    Jim Sheldon-Dean is the founder and director of compliance              ...
Upcoming SlideShare
Loading in …5

Hipaa audits and enforcement


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Hipaa audits and enforcement

  1. 1. Live Webinar on : HiPAA and EHRs – what your system need to do so you can be incompliance with new rules Description Enforcement of HIPAA regulations is being stepped up and new fines and penalties make being ready for anGet 15 % Discount as a early bird audit in advance essential.registrations. Use Promo Key: CGO15 Why should you attend: The US Department of Health and Human ServicesWho will benefit (HHS)is actively developing plans with consulting firm KPMG to meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 Compliance director (ARRA) for performing periodic audits of compliance CEO with the HIPAA Privacy and Security Rules. In addition CFO new enforcement is taking place related to the new Privacy Officer HIPAA Breach Notification Rule. While in the past, Security Officer audits had been performed only at entities that had had a Information Systems Manager compliant filed against them, the new rule calls for audits HIPAA Officer whether or not there is a complaint. This means that the Chief Information Officer HHS Office for Civil Rights (OCR) can show up at your Health Information Manager door and ask to perform an audit on short notice, and your organization will need to be ready. Healthcare Counsel/lawyer Office Manager • If your organization is not ready, the HIPAA rules have Contracts Manager new, significantly higher fines, including mandatory minimum fines of $10,000 for willful neglect of compliance. All HIPAA Covered Entities and BusinessPricing Associates need to be fully in compliance and prepared for an audit at any time, or risk the significant fines forLive ( Single registration ) : $189.00 non-compliance.Group ( Max 10 Attendee): $499.00 • In addition, HIPAA enforcement has taken on a new importance at HHS, as shown in multi-million dollar More Trainings fines and even a one million dollar settlement for a breach of just 192 records. HHS OCR officials have
  2. 2. publicly stated that enforcement is now a priority, andthat means being ready for an audit is more importantthan ever. The "slap-on-the-wrist" days are over andfines and settlements are being levied, with more on theway -- dont let your organization be hit for an auditunprepared.• By using an information security management process,those responsible for health and payment informationcan develop the procedures and policies that can helpprevent security problems, and help prepare theorganization for any incidents, audits, or enforcementactions.• If you dont take the proper steps to ensure yourpatients health information is being protected accordingto the HIPAA Security Rule, you can be hit withsignificant fines and penalties. With the increasedHIPAA fines beginning at $10,000 in cases of willfulneglect, providing good information security and beingin compliance are more important than ever.Description of the topicIn this session we will discuss the HIPAA audit andenforcement processes and how they apply to coveredentities and business associates. We will explain theenforcement regulations and their recent changes thatincrease fines and create new penalty levels, includingnew penalties for willful neglect of compliance that beginat $10,000. We will discuss what information anddocumentation needs to be prepared in advance so thatyou can be ready for an audit without notice. Sampleinformation request forms and questions asked at prioraudits will be presented.• The session will also cover how to know if you maybecome the subject of an audit or enforcement action, andwhat you can do to help limit your exposure. We willdiscuss how most enforcement actions come about andwhat can be done to prevent incidents that lead toenforcement.• The HIPAA Privacy, Security, and Breach Notificationregulations (and the recent changes to them) and howthey will be audited will be explained. Documentationrequirements for compliance will be explored and aframework of security policies necessary for compliancewill be presented. Meeting any set of information
  3. 3. security requirements always involves conducting athorough risk analysis to make sure you haventoverlooked any weaknesses. Well discuss whatsinvolved and how it is the cornerstone of yourcompliance efforts.• The results of prior HHS audits (and their penalties)will be discussed, including recent actions involvingmulti-million dollar fines and settlments. A plan forattaining compliance will be presented. The steps tofollow to prepare for an audit and respond to an auditrequest will be outlined. In addition, upcoming trends ininformation security risks will be discussed.Areas Covered in the Seminar:Fines and penalties for violations of the HIPAAregulations have been significantly increased and nowinclude mandatory fines for willful negligence that beginat $10,000 minimum.HIPAA Audits have been few and far between in thepast, but thats now changing - the HHS will be auditingHIPAA covered entities and business associates even ifthere have been no complaints or problems reported.Find out what HHS OCR is likely to ask you if you areselected for an audit, and what youll have to haveprepared already when they do.Find out what the rules are that you need to comply withand what policies you can adopt that can help you comeinto compliance.Learn how the HIPAA rules have changed and how youmay need to change how you work to keep up withthem.Learn how having a good compliance process can helpyou stay compliant more easily.Find out what youll need to have documented to survivean audit and avoid fines.Find out what youll need to think about to deal withfuture threats to the security of patient information
  4. 4. About Speaker: Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, and has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of Virginia, New York City, New York State, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology. Compliance2go | Phone : 877.782.4696 | Fax : 281-971-0286 Email :