Upcoming OCR Audits for HIPAA Compliance: How Prepared and Confident are Medical Practices and Billing Companies?
|
|
- Amelia Nicholson
- 8 years ago
- Views:
Transcription
1 Upcoming : How Prepared and Confident are Medical Practices and Billing Companies? - Presented by
2 NueMD a complete medical billing and practice management software solution company has partnered with Porter Research and The Daniel Brown Law Group to conduct a survey of physician practices and medical billing companies. The purpose of the survey is to gauge industry knowledge of HIPAA s Privacy and Security regulations, understanding of compliance measures, and how electronic devices are used for communication. This undertaking was initiated in order to get an overview of how providers perceive the upcoming Federal regulatory measures, what are the most common concerns, and how prepared are they for a possible audit from the Office for Civil Rights (OCR) of HHS. The results from this survey can be used to assist physician practices and medical billing companies in benchmarking their progress against peers, and learn what areas may require additional attention. Survey Respondents Nearly 1,200 healthcare professionals from across the nation took part in the survey, providing answers to questions related to their knowledge of HIPAA compliance as well as about their organization s electronic devices and related communication protocols. Survey respondents were asked about their job title at the beginning in order to identify individuals as management (owners, administrators and managers) or nonmanagerial staff members, as many of the survey questions were slightly altered based on their job function. Overall, survey participants can be characterized by Business Type (1,037 physician practices & 160 billing companies) as follows: Figure A 13% Business Type Breakdown 87% Physician Practices Billing Companies The largest Business Type segment Physician Practices can be more granularly observed by the Ownership Role of the survey respondent, as well as by the Physician-Member Practice Size for better clarity: Figure B Survey Participant also Business Owner. 53% 47% Owner Not Owner visit Page 2
3 Figure C Physician-Member Practice Size 17% 11% 72% 1-3 Physicians 4-10 Physicians Over 10 Physicians Knowledge of HIPAA All survey participants were initially asked about their knowledge of HIPAA s Privacy and Security Regulations with respect to Protected Health Information (PHI), as a baseline question to determine how the audience selfidentified their level of expertise on the overall subject. As shown below in Figure D, survey respondents were asked to rate their knowledge level on a scale of 1 to 5, with 1 as having "No Knowledge" and 5 being an "Expert." Figure D Knowledge of HIPAA, PHI 10% 1% 6% 55% selected top two tiers 38% 45% More than half (55%) of the respondents selected the top two tiers, with 10% selecting a 5 and 45% choosing a 4, in regards to their knowledge in dealing with HIPAA compliance rules as it relates to their organization. The next step in the survey was to delve deeper into specific areas of HIPAA s Privacy and Security Regulations, in order to better evaluate individual metrics. Survey participants were asked if they were aware of the current Omnibus updates related to HIPAA compliance, which broaden the parameters and increase non-compliance penalties of earlier Federal regulations. A majority of respondents (66%) were aware of these updates prior to taking this survey. Additionally, participants were asked if they were aware that the Omnibus updates also required for their organization to establish Business Associate Agreements with third-party vendors that access their PHI. Most visit Page 3
4 (60%) were aware of the BAA requirements. Members of management were asked to describe their progress with evaluating BAA s with business associates that use PHI: 26% have evaluated ALL agreements. 21% have evaluated SOME agreements. 27% have NOT evaluated any agreements. 26% were Not sure. Because the OCR audits of physician practices, healthcare facilities and business associates to ensure HIPAA compliance could begin at any time, the question was asked, Are you aware of the upcoming audits and timeline? A majority (66%) stated that they were NOT aware before this survey brought it to their attention: Figure E OCR Audit Awareness 34% 66% No Next, the survey asked respondents about the sources they USE most, and what sources they TRUST most in keeping up-to-date with healthcare policy and regulation. The graph below represents the two categories: Figure F Yes Sources USED Most, & Sources TRUSTED Most 41% 15% 10% 4% 2% 28% 13% 10% 4% 5% 23% 24% 12% 9% Used Most Trusted Most As shown above in Figure F, the Government as a source rated highest in both USE and TRUST, probably not surprising since the regulatory and compliance rules come directly from the government. However, it is interesting to note the significant difference between the amount of TRUST (41%) that the survey audience has in the available governmental sources, and its actual USE (28%). visit Page 4
5 HIPAA Compliance Survey participants were then asked a series of questions about their organization s HIPAA compliance plan and specific areas of compliance to gain an understanding of where the industry stands today. These questions can be used for benchmarking purposes for individual physician practices and billing companies and to help evaluate their own HIPAA compliance plans of action. Members of management (business owners, administrators and managers) were asked, Has your business adopted a HIPAA-required compliance plan within the last year? The majority (63%) stated Yes, as represented below: Figure G Adopted HIPAA compliance plan within last year 24% 13% 63% In order to find out more about the survey participants organizational HIPAA compliance plan, management respondents were asked if they have provided its workforce with annual training on HIPAA privacy and security policies and procedures. Conversely, non-managerial staff members were asked if they have received such training within the last year. Below are the responses from the two groups: Figure H Yes No I'm not sure HIPAA Annual Training Management 63% 31% 6% Staff Members 59% 33% 8% Yes No Not Sure Survey respondents who were identified as management were then asked if they have documented proof of HIPAA training for their staff that took place within the last year. Management: Yes (48%); No (42%); and Not sure (10%). Participants identified as staff members were given a slightly altered question asking if they have documented proof of HIPAA training they received within the last year. Staff Members: Yes (50%); No (36%); and Not sure (14%). visit Page 5
6 Continuing with the variation of questioning between management and staff members, respondents were asked about having a HIPAA security officer and a privacy officer. Business owners, administrators and managers were asked if their organization has formally appointed a HIPAA security officer and a privacy officer, and the response was identical for both positions: Management: Yes (55%); No (39%); and Not sure (6%). When staff members were asked if they knew the specific name and contact information of these particular officers, they also responded similarly: Staff Members: Security officer - Yes (60%) and No (40%). Staff Members: Privacy officer - Yes (61%) and No (39%). Survey participants were asked if their organization has a formal policy for PHI breach notifications, and they replied: Figure I Breach Notification Policy Management 48% 38% 14% Staff Members 43% 22% 35% And, in regards to PHI, participants were asked if their business has performed a HIPAA-required PHI risk analysis to assess how and where inappropriate disclosures are likely to occur, as represented below: Figure J Yes No Not Sure Performed PHI Risk Analysis Management 38% 49% 13% Staff Members 30% 30% 40% Yes No Not Sure For the previous question about performing a PHI risk analysis, as represented in Figure J, respondents who answered Yes were given a follow-up question, Which best describes your method of conducting the analysis? Of the 328 survey participants who described their company s methodology, the responses were: 79% were conducted using only internal staff members (no outside assistance) 21% were conducted using the assistance of an outside professional (lawyer, HIPAA expert, etc.) visit Page 6
7 PHI Electronic Devices & Communications HIPAA regulations require that all electronic devices (computers, laptops, mobile phones, electronic tablets and pads, etc.) that contain PHI must be cataloged. Management personnel were asked to select from a list of categories that best describes their progress in this endeavor. The breakdown of device cataloging among owners, administrators and managers is as follows: Figure K Electronic devices with PHI that are cataloged 76% to 100% of devices with PHI cataloged 29% 51% to 75% of devices with PHI cataloged 26% to 50% of devices with PHI cataloged 1% to 25% of devices with PHI cataloged 7% 9% 9% None of the devices with PHI cataloged 25% I'm not sure 21% At least 54% of survey respondents are somewhere in the cataloging process according to the above chart. Continuing with related questions, participants were asked, How confident are you that your organization s electronic devices that contain PHI are HIPAA compliant? The response was: Management: Very Confident (34%); Somewhat Confident (50%); and Not Confident at All (16%). Staff Members: Very Confident (45%); Somewhat Confident (44%); and Not Confident at All (11%). At physician practices, members of management were asked if their business uses mobile devices (mobile phones, tablets, etc.) for charge capture. The majority (78%) of responses were No, with 18% stating Yes and 4% were Not sure. Management personnel from both physician practices and billing companies were asked if their business uses mobile devices to communicate with patients, while staff members were asked if they personally use mobile devices for patient communication: Management: Yes (39%); No (59%); and Not sure (2%). Staff Members: Yes (26%) and No (74%). Management respondents were then asked if staff members at their organization use mobile devices to communicate with other staff members for business purposes. Staff members had an altered question, which asked if they personally use mobile devices to communicate with other staff members for business purposes. The two groups stated: Management: Yes (47%); No (52%); and Not sure (1%). Staff Members: Yes (48%) and No (52%). visit Page 7
8 Healthcare professionals who share clinical data or other patient information using their own personal electronic devices could expose their employers to HIPAA violations as OCR is expected to toughen violations that stem from the use of unsecure communication devices that store or transfer PHI. These outside devices, which are not protected by a HIPAA-compliant secure firewall, could send private patient information over a network that can typically make several stops, such as from cellular tower to tower, where the data could be cached on local servers operated by the networking provider. Since many of the following questions have to do with business as compared with personal use of electronic devices, the survey continued to have varied questions between management and staff members. Owners, administrators, and managers were asked about their overall confidence level as to whether or not their business mobile devices are HIPAA compliant. Staff members were asked about their HIPAA compliant confidence related to the mobile devices they personally used for business purposes. They stated: Management: Very Confident (28%); Somewhat Confident (43%); and Not Confident at All (29%). Staff Members: Very Confident (33%); Somewhat Confident (42%); and Not Confident at All (25%). The next series of questions cover the topic of electronic communications, specifically using , texting, and social media. Survey participants who were identified as management were asked if their business uses to communicate with patients, while those identified as staff members were asked if they personally use for patient communication. They stated: Management: Yes (56%); No (43%); and Not sure (1%). Staff Members: Yes (46%) and No (54%). Management and staff members were asked, respectively: If staff members at their business use to communicate with other staff members? If they personally use to communicate with other staff members for business purposes? Management: Yes (60%); No (39%); and Not sure (1%). Staff Members: Yes (79%) and No (21%). In reply to the question, Considering business use only, do staff members use their own personal accounts, accounts issued by your company, or both?, the business owners, administrators and managers stated: 67% -- Staff use only accounts issued by our company. 19% -- Staff use both their own personal accounts and accounts issued by our company. 11% -- Staff use only their own personal accounts. 3% -- I'm not sure. Staff members were also asked about their personal usage of s as it relates to business communication, and they said: 74% -- I use only accounts issued by company. 16% -- I use both my own personal accounts and accounts issued by company. 9% -- I use only my own personal accounts. 1% -- I'm not sure. Asked how confident the survey participant is that their business communication via is HIPAA compliant, they replied: Management: Very Confident (40%); Somewhat Confident (44%); and Not Confident at All (16%). Staff Members: Very Confident (53%); Somewhat Confident (35%); and Not Confident at All (12%). visit Page 8
9 Management personnel were asked if their business uses texting to communicate with patients, while staff members were asked if they personally use texting for patient communication. The two groups replied: Management: Yes (27%); No (71%); and Not sure (2%). Staff Members: Yes (16%) and No (84%). Management and staff members were asked, respectively: If staff members at their organization use texting to communicate with other staff members for business purposes? If they personally use texting to communicate with other staff members for business purposes? The responses were: Management: Yes (39%); No (58%); and Not sure (3%). Staff Members: Yes (41%) and No (59%). Next, survey respondents were asked about their confidence as to whether or not their business communication sent via texting was HIPAA compliant. The two groups stated: Management: Very Confident (29%); Somewhat Confident (40%); and Not Confident at All (31%). Staff Members: Very Confident (38%); Somewhat Confident (35%); and Not Confident at All (27%). Business owners, administrators and managers were asked if their organization uses social media to communicate with patients, while staff members were asked if they personally use social media for patient communication. Responses were: Management: Yes (12%); No (86%); and Not sure (2%). Staff Members: Yes (8%) and No (92%). Management personnel were asked if staff members at their organization use social media to communicate with other staff members for business purposes, while staff members were asked if they personally use social media to communicate with other staff members for business purposes. The two groups shared: Management: Yes (4%); No (93%); and Not sure (3%). Staff Members: Yes (3%) and No (97%). Asked how confident the survey participant is that their business communication via social media is HIPAA compliant, they replied: Management: Very Confident (53%); Somewhat Confident (27%); and Not Confident at All (20%). Staff Members: Very Confident (45%); Somewhat Confident (29%); and Not Confident at All (26%). In concluding the survey, all participants were asked, How confident are you that someone at your business is actively ensuring your business's compliance with HIPAA? The overall survey responses were: 40% stated Very Confident 43% stated Somewhat Confident 17% stated Not Confident at All For more information about the results of this survey, please send an to with your specific question(s). visit Page 9
Our Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationUnderstanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions
Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What
More informationMeeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel
Meeting the HIPAA Training and Business Associate Requirements Questions and Answers, with HIPAA Security Expert Mike Semel Questions Answers 1 Is a Business Associate (BA) responsible for assuming a Covered
More informationHIPAA compliance audit: Lessons learned apply to dental practices
HIPAA compliance audit: Lessons learned apply to dental practices Executive summary In 2013, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Omnibus Rule put healthcare providers
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationHIPAA Compliance: Efficient Tools to Follow the Rules
Bank of America Merrill Lynch White Paper HIPAA Compliance: Efficient Tools to Follow the Rules Executive summary Contents The stakes have never been higher for compliance with the Health Insurance Portability
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More informationDissecting New HIPAA Rules and What Compliance Means For You
Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationOCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA
Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act
More informationHIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help
HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,
More informationThe HIPAA Omnibus Final Rule
WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationWhat do you need to know?
What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationHealth Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know
Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection
More informationCOMPLIANCE ALERT 10-12
HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment
More informationHosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE
Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance
More informationOCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationOCR Reports on the Enforcement. Learning Objectives
OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationAm I a Business Associate? Do I want to be a Business Associate? What are my obligations?
Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters
More informationBusiness Associate Considerations for the HIE Under the Omnibus Final Rule
Business Associate Considerations for the HIE Under the Omnibus Final Rule Joseph R. McClure, Esq. Counsel Siemens Medical Solutions USA, Inc. WEDI Privacy & Security Work Group Co-Chair Agenda Who is
More informationHIPAA Update. Presented by: Melissa M. Zambri. June 25, 2014
HIPAA Update Presented by: Melissa M. Zambri June 25, 2014 Timeline of New Rules 2/17/09 - Stimulus Package Enacted 8/24/09 - Interim Final Rule on Breach Notification 10/7/09 - Proposed Rule Regarding
More informationKey HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences
Key HIPAA HITECH Changes Gina Kastel, Partner, Health and Life Sciences Agenda Business Associates Restrictions on Disclosures Access to PHI Notice of Privacy Practices Fundraising 2 Business Associates
More informationSECURETexas Health Information Privacy & Security Certification Program FAQs
What is the relationship between the Texas Health Services Authority (THSA) and the Health Information Trust Alliance (HITRUST)? The THSA and HITRUST have partnered to help improve the protection of healthcare
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationHIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality
HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationAnswerNow Guides How New HIPAA Regulations Impact Medical Answering Services
How New HIPAA Regulations Impact Recent updates to the Health Insurance Portability & Accountability Act of 1996 (known as HIPAA) have caused major waves throughout the healthcare and medical answering
More informationHIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant
1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationPreparing for and Responding to an OCR HIPAA Audit
Preparing for and Responding to Carole Klove Carole.Klove@ucsfmedctr.or g Gerry Hinkley gerry.hinkley@pillsburylaw.com SIXTH NATIONAL HIPAA SUMMIT WEST October 10-12, 2012 Overview Background What to expect
More informationNEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16
NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The
More informationHIPAA Compliance: Are you prepared for the new regulatory changes?
HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed
More informationAnswering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com
Answering to HIPAA Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM Brought to you by www.duxware.com The Event On February 20, 2014 at 8:00 PM an Internal Medicine specialist received a
More informationImplementation Business Associates and Breach Notification
Implementation Business Associates and Breach Notification Tony Brooks, CISA, CRISC, Tony.Brooks@horne-llp.com Clay J. Countryman, Esq., Clay.Countryman@bswllp.com Stephen M. Angelette, Esq., Stephen.Angelette@bswllp.com
More informationHIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com
HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health
More informationvalueoutcome July Preparing for Phase 2: The next generation of HIPAA audits Organizations will face enhanced privacy and security scrutiny
valueoutcome July 2014 Preparing for Phase 2: The next generation of HIPAA audits Organizations will face enhanced privacy and security scrutiny Highlights 1. In preparation for Phase 2 audits, covered
More informationHIPAA Privacy Rule Policies
DRAFT - Policies and Procedures PRIVACY OFFICE ASSIGNMENT AND RESPONSIBILITIES APPROVED BY: SUPERCEDES POLICY: Policy #1 ADOPTED: REVISED: REVIEWED: Purpose This policy is designed to assure the establishment
More informationNew HIPAA regulations require action. Are you in compliance?
New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security
More information2012 HIPAA Privacy and Security Audits
Office of the Secretary Office for Civil Rights (OCR) 2012 HIPAA Privacy and Security Audits Linda Sanches OCR Senior Advisor, Health Information Privacy Lead, HIPAA Compliance Audits OCR 1 Agenda Background
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationHIPAA Security Education. Updated May 2016
HIPAA Security Education Updated May 2016 Course Objectives v This computer-based learning course covers the HIPAA, HITECH, and MSHA Privacy and Security Program which includes relevant Information Technology(IT)
More informationThis presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in
This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American
More informationINFORMATION SECURITY & HIPAA COMPLIANCE MPCA
INFORMATION SECURITY & HIPAA COMPLIANCE MPCA Annual Conference August 5, 201 Agenda 1 HIPAA 2 The New Healthcare Paradigm Internal Compliance 4 Conclusion 2 1 HIPAA 1 Earning Their Trust 4 HIPAA 5 Health
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationHIPAA SECURITY RISK ANALYSIS FORMAL RFP
HIPAA SECURITY RISK ANALYSIS FORMAL RFP ADDENDUM NUMBER: (2) August 1, 2012 THIS ADDENDUM IS ISSUED PRIOR TO THE ACCEPTANCE OF THE FORMAL RFPS. THE FOLLOWING CLARIFICATIONS, AMENDMENTS, ADDITIONS, DELETIONS,
More informationType of Personal Data We Collect and How We Use It
Philips Lumify App Privacy Notice This Privacy Notice was last changed on September 1, 2015. Philips Electronics North America Corporation ("Philips") strongly believes in protecting the privacy of the
More informationZip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.
Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and
More informationShipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS
Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationSecure Email & File Transfer Practices in Healthcare 2014 / Sponsored by DataMotion
In late 2014, DataMotion conducted its annual survey of more than 700 IT and business professionals across the United States to gain insight into corporate email and file transfer policies. This report
More informationWhat Virginia s Free Clinics Need to Know About HIPAA and HITECH
What Virginia s Free Clinics Need to Know About HIPAA and HITECH This document is one in a series of tools and white papers produced by the Virginia Health Care Foundation to help Virginia s free clinics
More informationHIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability
More informationFAQ: HIPAA AND CLOUD COMPUTING (v1.0)
FAQ: HIPAA AND CLOUD COMPUTING (v1.0) 7 August 2013 Cloud computing outsourcing core infrastructural computing functions to dedicated providers holds great promise for health care. It can result in more
More informationBest Practices for DLP Implementation in Healthcare Organizations
Best Practices for DLP Implementation in Healthcare Organizations Healthcare organizations should follow 4 key stages when deploying data loss prevention solutions: 1) Understand Regulations and Technology
More informationSecond Annual Benchmark Study on Patient Privacy & Data Security
Second Annual Benchmark Study on Patient Privacy & Data Security Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: December 2011 Ponemon Institute Research Report
More informationVendor Management Challenges and Solutions for HIPAA Compliance. Jim Sandford Vice President, Coalfire
Vendor Management Challenges and Solutions for HIPAA Compliance Jim Sandford Vice President, Coalfire Housekeeping You may submit questions throughout the webinar using the question area in the control
More informationHIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1
HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps
More informationHIPAA, PHI and Email. How to Ensure your Email and Other ephi are HIPAA Compliant. www.fusemail.com
How to Ensure your Email and Other ephi are HIPAA Compliant How to Ensure Your Email and Other ephi Are HIPAA Compliant Do you know if the patient appointments your staff makes by email are compliant with
More informationOverview of Presentation
Now You See It, Now You Don t: Data aabreaches Marti Arvin Chief Compliance Officer, UCLA Cheryl Washington Chief Information Security and Privacy Officer, Office of the President Deborah Yano-Fong Chief
More informationGeneral HIPAA Implementation FAQ
General HIPAA Implementation FAQ What is HIPAA? Signed into law in August 1996, the Health Insurance Portability and Accountability Act ( HIPAA ) was created to provide better access to health insurance,
More informationPresented by Jack Kolk President ACR 2 Solutions, Inc.
HIPAA 102 : What you don t know about the new changes in the law can hurt you! Presented by Jack Kolk President ACR 2 Solutions, Inc. Todays Agenda: 1) Jack Kolk, CEO of ACR 2 Solutions a information security
More informationHIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS
HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS James J. Eischen, Jr., Esq. November 2013 San Diego, California JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher & Mack, LLP 26+ years of experience
More informationCommunity First Health Plans Breach Notification for Unsecured PHI
Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance
More informationIntelligent Vendor Risk Management
Intelligent Vendor Risk Management Cliff Baker, Managing Partner, Meditology Services LeeAnn Foltz, JD Compliance Resource Consultant, WoltersKluwer Law & Business Agenda Why it s Needed Regulatory Breach
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationHHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers
Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List
More informationArizona State University. HIPAA Compliance. Audit Report Number 15-08. May 7, 2015
This page left blank intentionally. Summary The Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit was included on the Arizona State University (ASU) FY 2015 annual audit plan approved
More informationPatient Privacy and HIPAA/HITECH
Patient Privacy and HIPAA/HITECH What is HIPAA? Health Insurance Portability and Accountability Act of 1996 Implemented in 2003 Title II Administrative Simplification It s a federal law HIPAA is mandatory,
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationWhy HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW
Why HIPAA Compliance Should Scare You and What You Should Ask Your Business Phone Service Provider NOW By Mike McAlpen, 8x8 Executive Director of Privacy, Security and Compliance The Champion For Business
More informationOCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement
OCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement Clinton Mikel The Health Law Partners, P.C. Alessandra Swanson U.S. Department of Health and Human Services - Office for Civil Rights Disclosure
More informationWhat Every Organization Needs to Know about Basic HIPAA Compliance and Technology. April 21, 2015
What Every Organization Needs to Know about Basic HIPAA Compliance and Technology April 21, 2015 Who are these handsome fellas? Jamie Wolbeck (VP Of Operations) jamiew@sccnet.com Ron Shelby (Sr. Account
More informationOCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013
ISACA - North Texas Chapter April 11, 2013 Introduction 1 2 Basic components of HIPAA and HITECH legislation HITECH and rising breaches 3 4 OCR HIPAA audits Key findings of the pilot audits 5 Approaches
More informationBest Practices in HIPAA Security Risk Assessments
BUSINESS WHITE PAPER Best Practices in HIPAA Security Risk Assessments Safeguard your protected health information (PHI) and mitigate the risk of a data breach or loss. WHITEPAPER Best Practices in HIPAA
More informationHIPAA Audit Risk Assessment - Risk Factors
I II Compliance Compliance I Compliance II SECTION ONE COVERED ENTITY RESPONSIBILITIES AREA ONE Notice of Privacy Practices 1 Is your full notice of privacy practices given to every new patient in your
More informationResearch and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman,
Research and the HIPAA Security Rule Prepared for the Association of American Medical Colleges by Daniel Masys, M.D. Professor and Chairman, Department of Biomedical Informatics Vanderbilt University School
More informationHIPAA Update Presented by:
HIPAA Update Presented by: www.thehealthlawfirm.com Main Office: 1101 Douglas Avenue Altamonte Springs, FL 32714 Phone: (407) 331-6620 Fax: (407) 331-3030 Website: www.thehealthlawfirm.com Today s Lecturers:
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationBy Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN
Major Changes to HIPAA Security and Privacy Rules Enacted in Economic Stimulus Package By Ross C. D Emanuele, John T. Soshnik, and Kari Bomash, Dorsey & Whitney LLP Minneapolis, MN The HITECH Act is the
More informationCustomer Success Story. Central Logic. Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance.
Customer Success Story Central Logic Comprehensive SRA helps healthcare software provider safeguard its customer s PHI and ensure HIPAA compliance. Page 2 of 6 Central Logic Comprehensive SRA helps healthcare
More informationTHE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE
THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve
More informationHIPAA Myths. WEDI Member Town Hall. Chris Apgar, CISSP Apgar & Associates
HIPAA Myths WEDI Member Town Hall Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right
More informationBusiness Associate Management Methodology
Methodology auxilioinc.com 844.874.0684 Table of Contents Methodology Overview 3 Use Case 1: Upstream of s I manage business associates 4 System 5 Use Case 2: Eco System of s I manage business associates
More informationNeed Assistance selecting an EMR/EHR? OCR Launches Full Scale HIPAA Audits in 2013 Are you ready for a HIPAA Audit?
OCR Launches Full Scale HIPAA Audits in 2013 Are you ready for a HIPAA Audit? The results of the Office of Civil Rights (OCR) pilot audit program shows: Small covered entities had more issues than larger
More informationSustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments
View the Replay on YouTube Sustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments FairWarning Executive Webinar Series October 31, 2013 Today s Panel Chris Arnold
More informationNeither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements
Neither You Nor Your Business Associates Can Afford to be Lax About Complying with HIPAA Requirements Sara Kashing, JD, Staff Attorney July/August 2012 The Therapist If you are considered a Covered Entity
More informationHow To Write A Community Based Care Coordination Program Agreement
Section 4.3 Implement Business Associate and Other Agreements This tool identifies the types of agreements that may be necessary for a community-based care coordination (CCC) program to have in place in
More informationHIPAA Overview and updates since HITECH and PPACA
HIPAA Overview and updates since HITECH and PPACA Presented by: Angela Miller, CMC, CHC Medical Auditing Solutions LLC 2013 (c)2013 Medical Auditing Solutions LLC 1 Learning Objectives Overview the high
More information