HIT Audit Workshop. Jeffrey W. Short.
|
|
- Sophie Simpson
- 8 years ago
- Views:
Transcription
1 HIT Audit Workshop Jeffrey W. Short 1
2 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations 2
3 Meaningful Use Audits 3
4 Meaningful Use Audits Medicare & Medicaid Meaningful Use Incentive Payment Program provide financial incentives to qualifying practitioners and hospitals to use Certified Electronic Health Record Technology. Eligible providers must satisfy measures and objectives in Stages (1-3) to receive an incentive payment. Eligible Providers who attest for an incentive payment may be audited. Pre-Payment/Post-Payment Audits Audits will be conducted by: Designated State Contractor (Medicaid) Figliozzi and Company (Medicare & Dual-Eligible)
5 Meaningful Use Audits What do Auditors Look For: An audit may include a review of any of the documentation needed to support the information that was entered in the attestation. Red Flags: Incomplete EHR Mismatched Denominator & Numerator Misaligned reporting periods Failure to conduct a HIPAA Risk Analysis
6 Meaningful Use Audits Risks for an Audit Failure: Repayment of Meaningful Use Incentive Payment. Payment Adjustment for Medicare Meaningful Use Eligible Providers: Eligible Professionals: 1%-5% reduction in Medicare physician fees schedule. Eligible Hospitals: reduction in the percentage increase to the IPPS payment rate. Critical Access Hospital: reduction in reimbursement to cost report. Possible Legal Risks: False Claims Act HIPAA investigation & Penalty
7 Audit Preparation Meaningful Use Audits Build a Meaningful Use Compliance Team Audit preparation begins before the applicable reporting period. Eligible providers should retain documentation to support: 1. Attestation data for all objectives and clinical quality measures; and 2. payment calculations, such as cost report data, that follows applicable documentation retention processes. Eligible provider should be able to provide documentation to support each measure to which he or she attested, including any exclusions claimed.
8 Meaningful Use Objectives Clinical Decision Support Rule Generate Lists of Patients by Specific Conditions Meaningful Use Audits Audit Validation Functionality is available, enabled, and active in the system for the duration of the EHR reporting period. One report listing patients of the provider with a specific condition. Suggested Documentation One or more screenshots from the certified EHR system that are dated during the EHR reporting period selected for attestation. Report with a specific condition that is from the certified EHR system and is dated during the EHR reporting period selected for attestation. Patient identifiable information may be masked/blurred before submission.
9 Meaningful Use Objectives Electronic Exchange of Clinical Information Meaningful Use Audits Audit Validation One test of certified EHR technology s capacity to electronically exchange key clinical information to another provider of care with a distinct certified EHR or other system capable of receiving the information was performed during the EHR reporting period. Suggested Documentation Dated screenshots from the EHR system that document a test exchange of key clinical information (successful or unsuccessful) with another provider of care during the reporting period. A dated record of successful or unsuccessful electronic transmission (e.g., , screenshot from another system, etc.). A letter or from the receiving provider confirming a successful exchange, including specific information such as the date of the exchange, name of providers, and whether the test was successful.
10 HIPAA Audits 10
11 Audit Requirement The HITECH Act requires HHS to conduct periodic audits to ensure HIPAA compliance by covered entities and business associates. The Office for Civil Rights (OCR) piloted a program in 2012 where it performed 115 audits of covered entities. OCR plans to start the audit program back up in 2015, utilizing a combination of desk and field audits. The 2015 version of the audit program will involve both covered entities and business associates. OCR will identify covered entity audit subjects through a survey that will be sent out in late 2014, and will identify business associate audit subjects based on lists provided by covered entities.
12 Audit Program Objectives The purposes of the Audit Program include: assessing the current level of HIPAA compliance at covered entities and business associates Examining mechanisms of HIPAA compliance Identifying best practices to share with other covered entities and business associates Identifying risks, weaknesses, and vulnerabilities for appropriate corrective action OCR may initiate an enforcement action if an audit reveals serious compliance issues.
13 Audit Risks/Concerns Could expose HIPAA compliance issues to OCR that otherwise wouldn t be known to OCR Could expose patterns or trends of non-compliance Cooperation with audits will require substantial time and resources. Inability to respond to audit requests in a timely manner could demonstrate organization s lack of preparedness to effectively coordinate and communicate HIPAA matters.
14 How to Prepare for an Audit Ready your personnel Subject matter experts Which individuals can speak to each aspect of HIPAA implementation? Who handles access requests? Who monitors system activity? Who is responsible for business associate contracts? Who handles privacy complaints? All levels of workforce HIPAA Awareness and Practices
15 How to Prepare for an Audit Mock Audit Conduct a HIPAA audit based on the OCR audit protocol. Consider protecting under the attorney-client privilege Risk Analysis If an entity has not assessed HIPAA compliance and conducted an IT security risk analysis in the last 12 months, it should do so now. Failure to conduct and document a security risk analysis was a common finding in the pilot audits. Incident Response Conduct a trial run of the organization s Incident Response Plan and make any adjustments needed.
16 Training How to Prepare for an Audit Employee training should be consistent and current. Employee training should be documented. Business Associates HITECH-compliant Business Associate Agreements should be in place with all vendors that access PHI while performing services on covered entity s behalf. Timely Response Ensure that the necessary people will receive OCR s notice of intent to audit in a timely fashion. Prepare for absences and vacations of key people.
17 Data Breach Audits 17
18 HIPAA Breach Notification Rule Covered Entities are required to give notice to individuals, HHS, and in some cases the media when there is a breach: An acquisition, access, use, or disclosure not permitted by the HIPAA Privacy Rule of personal health information ( PHI ) That is unsecured No exception applies, and It compromises security or privacy per risk assessment Business Associate must give notice of breach to Covered Entity Covered Entity or Business Associate must rebut presumption of breach and document the risk assessment
19 Data Involved in Breach Critical Data Demographic Information Social Security Number Drivers License Number Birth Date Protected Health Information Clinical Information Diagnosis Procedure Codes Sensitive PHI Threat Actions Malware Hacking Social Misuse Physical Error Environmental
20 Next Steps Activate data breach response team and confirm leader Devise an investigation plan Determine applicable state and federal law requirements Submit notice of claim to insurance agency Engage outside resources as needed for forensics, legal call center, breach notification mailing and credit monitoring services Prepare breach notification letters to individuals Prepare press release and website posting Submit breach report to Office for Civil Rights and state agency Create or review call center scripts Train internal staff and external call center staff as needed
21 Tasks for Legal Counsel Determine the breach notifications laws that are applicable in the jurisdictions in which the client operates Review the entity s breach notification policy in conjunction with these applicable laws and regulations, making changes as appropriate Be conscious of documents and communications that are subject to attorney-client privilege and those that are not Advise on application of breach notification rules to data breach incidents
22 Practice Tips Perform system risk assessment Implement company-wide security training Enable network security monitoring Review access and security log files Require physical access controls for facilities and computers Review hardware and software contracts for security obligations and liabilities Secure cyber liability insurance Conduct a mock breach investigation and response
23 Software Vendor Audits 23
24 Software Vendor Rights Frequently, Vendor license agreements contain provision granting the vendor the right to audit for license compliance Vendor s that do not have specific contract rights to conduct an audit will contact with allegations of non-compliance and ask for an audit to avoid a legal claim of copyright infringement being filed But how did they find out? 24
25 What you should do Carefully consider any contractual language granting audit rights to ensure appropriate scope, processes and remedies for non-compliance Educate your IT staff to involve legal whenever any software audit or license review is requested by a vendor 25
26 What to do during an audit Require a pre-conference that limits scope of audit to identified contracts and their audit provisions Discuss and mutually agree to audit tools and processes in advance, with assignments and deliverables Have all iterations of audit analytics mutually reviewed Reserve right to submit a statement of disagreement with license entitlement process or tabulations Draft and execute an NDA that outlines the audit scope 26
27 FTC Investigations 27
28 FTC Enforcement Action against LabMD Background LabMd is a clinical laboratory company that handles PHI and other sensitive personal information The FTC filed complaint against LabMD in August of 2013 alleging that it failed to take appropriate measures to protect sensitive, personal information LabMD claimed that the FTC did not have authority to address these types of data security issues The FTC rejected LabMD s arguments and is moving forward with its complaint
29 FTC Enforcement Action against LabMD, cont. The Implications of the FTC s Actions against LabMD In its denial of LabMD s motion to dismiss, the FTC was clear that it has authority to address these types of issues to protect consumers from unwanted privacy intrusions, fraudulent misuse of their personal information, or identity theft. Despite the absence of regulations, the FTC will continue to institute enforcement actions against companies with inadequate data security protocols. Companies that store, transmit and use consumer information are expected to reasonable and appropriate data security safeguards to protect consumer information.
30 FTC Enforcement Action against LabMD, cont. What can you do to avoid this? Review your data security practices for compliance not only with HIPAA, but with other applicable data security standards such as the FTC, SEC, PCI, etc. Make certain your policies are consistent with your capabilities as an organization. Train your employees. Address any deficiencies promptly when brought to your attention Document your data security practices and remedial measures that you take
31 Questions? 31
HIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationPreparing for HIPAA and Meaningful Use Compliance Audits
Preparing for HIPAA and Meaningful Use Compliance Audits Presented by: David Holtzman VP of Compliance, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com
More informationChecklist and Related Guidance for Meaningful Use Audits
Checklist and Related Guidance for Meaningful Use Audits This checklist was prepared by Jill M. Girardeau, Partner, Womble Carlyle Sandridge & Rice, LLP and Dina Marty, Counsel, Wake Forest Baptist Medical
More informationHealth Informa.on Technology Audits: "Meaningful Use" and HIPAA. January 23, 2015 Eli Poliakoff Gary Capps
Health Informa.on Technology Audits: "Meaningful Use" and HIPAA January 23, 2015 Eli Poliakoff Gary Capps 1 HITECH - Related Audits Health Informa.on Technology for Economic and Clinical Health Act ("HITECH")
More informationSunday March 30, 2014, 9am noon HCCA Conference, San Diego
Meaningful Use as it Relates to HIPAA Compliance Sunday March 30, 2014, 9am noon HCCA Conference, San Diego CLAconnect.com Objectives and Agenda Understand the statutory and regulatory background and purpose
More informationHow To Understand And Understand The Benefits Of A Health Insurance Risk Assessment
4547 The Case For HIPAA Risk Assessment Leader s Guide IMPORTANT INFORMATION FOR EDUCATION COORDINATORS & PROGRAM FACILITATORS PLEASE NOTE: In order for this program to meet Florida course requirements,
More informationThe HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.
The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery
More informationEHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2013
Overview EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2013 Providers who receive an EHR incentive payment for either the Medicare or Medicaid EHR Incentive Program
More informationStage 2 EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2014
Stage 2 EHR Incentive Programs Supporting Documentation For Audits Last Updated: February 2014 Overview Providers who receive an EHR incentive payment for Stage 2 of the Medicare or Medicaid EHR Incentive
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationHIPAA Hot Topics. Audits, the Latest on Enforcement and the Impact of Breaches. September 2012. Nashville Knoxville Memphis Washington, D.C.
HIPAA Hot Topics Audits, the Latest on Enforcement and the Impact of Breaches September 2012 Nashville Knoxville Memphis Washington, D.C. Overview HITECH Act HIPAA Audit Program: update and initial results
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationHIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services
HIPAA Secure Now! How MSPs Can Profit From Selling HIPAA security services How MSPs can profit from selling HIPAA security services Managed Service Providers (MSP) can use the Health Insurance Portability
More informationHIPAA COMPLIANCE PLAN FOR 2013
HIPAA COMPLIANCE PLAN FOR 2013 Welcome! Presentor is Rebecca Morehead, Practice Manager Strategist www.practicemanagersolutions.com Meaningful Use? As a way to encourage hospitals and providers to adopt
More informationData Breach, Electronic Health Records and Healthcare Reform
Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA
More informationMeaningful Use Audits. NextGen Physician Consulting Services
Meaningful Use Audits NextGen Physician Consulting Services Agenda Audit Overview Documentation for measures requiring numerator and denominator data Documentation for attestation only measures Security
More informationPrivacy and Security Meaningful Use Requirement HIPAA Readiness Review
Privacy and Security Meaningful Use Requirement HIPAA Readiness Review REACH - Achieving - Achieving meaningful meaningful use of your use EHR of your EHR Patti Kritzberger, RHIT, CHPS ND e-health Summit
More informationSecurity Is Everyone s Concern:
Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationInterpreting the HIPAA Audit Protocol for Health Lawyers
Interpreting the HIPAA Audit Protocol for Health Lawyers This webinar is brought to you by the Health Information and Technology Practice Group (HIT), and is co-sponsored by the Business Law and Governance
More informationOverview of the HIPAA Security Rule
Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this
More informationEthics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015
Ethics, Privilege, and Practical Issues in Cloud Computing, Privacy, and Data Protection: HIPAA February 13, 2015 Katherine M. Layman Cozen O Connor 1900 Market Street Philadelphia, PA 19103 (215) 665-2746
More informationUpdated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview
Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance
More informationBUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS
BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM This Business Associate Addendum ( Addendum ), effective, 20 ( Effective Date ), is entered into by and between University of Southern California, ( University
More informationData Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm
Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security
More informationHow To Protect Your Health Care From Being Stolen From Your Computer Or Cell Phone
Compliance Simplified Achieve, Illustrate, Maintain Industry leading Education Todays Webinar Please ask questions Todays slides are available http://compliancy- group.com/slides023/ Certified Partner
More informationUniversity Healthcare Physicians Compliance and Privacy Policy
Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of
More informationMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis Meeting the Measure Security in Transition Executive Summary Is your organization adopting Meaningful Use, either to gain incentive payouts or to avoid penalties?
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationHIPAA Security Risk Analysis for Meaningful Use
HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA
More informationWelcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013
Welcome to ChiroCare s Fourth Annual Fall Business Summit October 3, 2013 HIPAA Compliance Regulatory Overview & Implementation Tips for Providers Agenda Green packet Overview of general HIPAA terms and
More informationWhat do you need to know?
What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,
More informationThe benefits you need... from the name you know and trust
The benefits you need... Privacy and Security Best at Practices the price you can afford... Guide from the name you know and trust The Independence Blue Cross (IBC) Privacy and Security Best Practices
More informationHHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers
Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List
More informationHow to prepare for an EHR incentive audit
How to prepare for an EHR incentive audit What is an EHR incentive program? The Medicare and Medicaid EHR Incentive Programs provide incentive payments to eligible professionals, eligible hospitals, and
More informationThe Medicare and Medicaid EHR incentive
Feature The Meaningful Use Program: Auditing Challenges and Opportunities Your pathway to providing value By Phyllis Patrick, MBA, FACHE, CHC Meaningful Use is an area ripe for providing value through
More information12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule
HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record
More informationZip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.
Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationHIPAA and the HITECH Act Privacy and Security of Health Information in 2009
HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:
More informationNavigating a Meaningful Use Audit: Are You Ready? Brian Flood
Navigating a Meaningful Use Audit: Are You Ready? Brian Flood 2014 Husch Blackwell LLP Agenda For This Segment ARRA, HITECH, and Meaningful Use What is Meaningful Use? Progress to Date How providers meet
More informationHIPAA Security Overview of the Regulations
HIPAA Security Overview of the Regulations Presenter: Anna Drachenberg Anna Drachenberg has been assisting healthcare providers and hospitals comply with HIPAA and other federal regulations since 2008.
More informationBusiness Associates and HIPAA
Business Associates and HIPAA What BAs need to know to comply with HIPAA privacy and security rules by Dom Nicastro White paper The lax days of complying with privacy and security laws are over for business
More informationInformation Protection Framework: Data Security Compliance and Today s Healthcare Industry
Information Protection Framework: Data Security Compliance and Today s Healthcare Industry Executive Summary Today s Healthcare industry is facing complex privacy and data security requirements. The movement
More informationGuided HIPAA Compliance
Guided HIPAA Compliance HIPAA Solutions for Office Managers and Practitioners SecurityMetrics We protect business Since its founding in 2000, privately-held SecurityMetrics has grown from a small security
More informationWhite Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES
White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationSAMPLE BUSINESS ASSOCIATE AGREEMENT
SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT
More informationAHLA. B. HIPAA Compliance Audits. Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA
AHLA B. HIPAA Compliance Audits Marti Arvin Chief Compliance Officer UCLA Health System and David Geffen School of Medicine Los Angeles, CA Anna C. Watterson Davis Wright Tremaine LLP Washington, DC Fraud
More informationPreparing for and Responding to an OCR HIPAA Audit
Preparing for and Responding to Carole Klove Carole.Klove@ucsfmedctr.or g Gerry Hinkley gerry.hinkley@pillsburylaw.com SIXTH NATIONAL HIPAA SUMMIT WEST October 10-12, 2012 Overview Background What to expect
More informationHow to Leverage HIPAA for Meaningful Use
How to Leverage HIPAA for Meaningful Use The overlap between HIPAA and Meaningful Use requirements 2015 SecurityMetrics How to Leverage HIPAA for Meaningful Use 2 About this ebook Who should read this
More informationDeveloping HIPAA Security Compliance. Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant
Developing HIPAA Security Compliance Trish Lugtu CPHIMS, CHP, CHSS Health IT Consultant Learning Objectives Identify elements of a HIPAA Security compliance program Learn the HIPAA Security Rule basics
More informationWhat s New with HIPAA? Policy and Enforcement Update
What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final
More informationAgenda. OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2. Linda Sanches, MPH Senior Advisor, Health Information Privacy 4/1/2014
OCR Audits of HIPAA Privacy, Security and Breach Notification, Phase 2 Linda Sanches, MPH Senior Advisor, Health Information Privacy HCCA Compliance Institute March 31, 2014 Agenda Background Audit Phase
More informationCan Your Diocese Afford to Fail a HIPAA Audit?
Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous
More informationAre You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.
Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP
More informationHIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist
HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various
More informationAre You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS. What would you do? Session Objectives
Are You Ready for an OCR Audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? Your organization received a certified letter sent from the Office for Civil Rights (OCR)
More informationReady or Not: OCR s Second Round of HIPAA Audits Are Just Around the Corner
Ready or Not: OCR s Second Round of HIPAA Audits Are Just Around the Corner OPRA 2015 Fall Conference November 4, 2015 Presented By: Lisa Pierce Reisz Vorys, Sater, Seymour and Pease LLP 614.464.8353 lpreisz@vorys.com
More informationNew HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010
New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationHIPAA: Protecting Your. Ericka L. Adler. Practice and Your Patients
HIPAA: Protecting Your Ericka L. Adler Practice and Your Patients Rachel V. Rose Fallout from the Omnibus Rule Compliance strategies for medical practices 1. Know / manage your business associates and
More informationOCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement
OCR s Anatomy: HIPAA Breaches, Investigations, and Enforcement Clinton Mikel The Health Law Partners, P.C. Alessandra Swanson U.S. Department of Health and Human Services - Office for Civil Rights Disclosure
More informationBusiness Associates, HITECH & the Omnibus HIPAA Final Rule
Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS
More informationHIPAA Overview. Darren Skyles, Partner McGinnis Lochridge. Darren S. Skyles dskyles@mcginnislaw.com
HIPAA Overview Darren Skyles, Partner McGinnis Lochridge HIPAA Health Insurance Portability and Accountability Act of 1996 Electronic transaction and code sets: Adopted standards for electronic transactions
More informationPARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE
PARTICIPATION AGREEMENT For ELECTRONIC HEALTH RECORD TECHNICAL ASSISTANCE THIS AGREEMENT, effective, 2011, is between ( Provider Organization ), on behalf of itself and its participating providers ( Providers
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationReady for an OCR Audit? Will you pass or fail an OCR security audit? Tom Walsh, CISSP
Ready for an OCR Audit? Will you pass or fail an OCR security audit? Tom Walsh, CISSP Tom Walsh Consulting, LLC Overland Park, KS What would you do? You receive a phone call from your CEO. They just received
More informationCommunity Health Center Association of Connecticut Meaningful Use: Audit Preparedness And Other Challenges February 12, 2015
Community Health Center Association of Connecticut Meaningful Use: Audit Preparedness And Other Challenges February 12, 2015 Joan W. Feldman, Esq. William J. Roberts, Esq. Shipman & Goodwin LLP 2014. All
More informationHIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing
HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information
More informationMeaningful Use Stages 1 and 2 and How to Survive a Meaningful Use Audit. Charles Jarvis, Senior Manager
Meaningful Use Stages 1 and 2 and How to Survive a Meaningful Use Audit Charles Jarvis, Senior Manager Outline Overview Meaningful Use Stage 1 Differences between Stage 1 and Stage 2 Surviving a Meaningful
More informationHeather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com
Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually
More informationHow To Defend An Ehr Subsidy
Key Legal Issues Raised by Electronic Health Physician EHR Subsidies under Stark Records Technology and the Anti-Kickback Statute Friday, November 18, 2011 Attorney Advertising Prior results do not guarantee
More informationNEW PERSPECTIVES. Professional Fee Coding Audit: The Basics. Learn how to do these invaluable audits page 16
NEW PERSPECTIVES on Healthcare Risk Management, Control and Governance www.ahia.org Journal of the Association of Heathcare Internal Auditors Vol. 32, No. 3, Fall, 2013 Professional Fee Coding Audit: The
More information2/9/2012. 2012 HIPAA Privacy and Security Audit Readiness. Table of contents
2012 HIPAA Privacy and Security Audit Readiness Mark M. Johnson National HIPAA Services Director Table of contents Page Background 2 Regulatory Background and HITECH Impacts 3 Office of Civil Rights (OCR)
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationAm I a Business Associate?
Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have
More informationTools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits
Tools to Prepare and Protect Your Practice for HIPAA and Meaningful Use Audits Presented by: Don Waechter, Managing Partner Health Compliance Partners Ann Breitinger, Attorney Blalock Walters Legal Disclaimer
More informationHIPAA Risk Assessments for Physician Practices
HIPAA Risk Assessments for Physician Practices Eric Sandhusen Corporate Compliance Director and Privacy Officer Lloyd Torres Director of Ambulatory HIM DISCLAIMER The statements and opinions presented
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationOCR HIPAA Audit Readiness. ISACA - North Texas Chapter April 11, 2013
ISACA - North Texas Chapter April 11, 2013 Introduction 1 2 Basic components of HIPAA and HITECH legislation HITECH and rising breaches 3 4 OCR HIPAA audits Key findings of the pilot audits 5 Approaches
More informationCybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective
Cybersecurity in the Health Care Sector: HIPAA Responsibilities from a Legal and Compliance Perspective July 23, 2013 Gerry Hinkley, Pillsbury Allen Briskin, Pillsbury Pillsbury Winthrop Shaw Pittman LLP
More informationAudit Alert: Are You Prepared? You Have A Good Chance of Being Selected
Audit Alert: Are You Prepared? You Have A Good Chance of Being Selected HIT Summit July 26, 2014 Lee Castonguay Hawaii Pacific Regional Extension Center lcastonguay@hawaiihie.org Or How to keep your incentive
More informationA s a covered entity or business associate, you have
Health IT Law & Industry Report VOL. 7, NO. 19 MAY 11, 2015 Reproduced with permission from Health IT Law & Industry Report, 07 HITR, 5/11/15. Copyright 2015 by The Bureau of National Affairs, Inc. (800-372-1033)
More informationHIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations
HIPAA Data Breaches: Managing Them Internally and in Response to Civil/Criminal Investigations Health Care Litigation Webinar Series March 22, 2012 Spence Pryor Paula Stannard Jason Popp 1 HIPAA/HITECH
More informationKey HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences
Key HIPAA HITECH Changes Gina Kastel, Partner, Health and Life Sciences Agenda Business Associates Restrictions on Disclosures Access to PHI Notice of Privacy Practices Fundraising 2 Business Associates
More informationSTANDARD ADMINISTRATIVE PROCEDURE
STANDARD ADMINISTRATIVE PROCEDURE 16.99.99.M0.26 Investigation and Response to Breach of Unsecured Protected Health Information (HITECH) Approved October 27, 2014 Next scheduled review: October 27, 2019
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationHIPAA Audits Are Here!
HIPAA Audits Are Here! How to prepare for and what to expect when OCR comes knocking May 12, 2016 James B. Wieland, Principal, Ober Kaler Emily H. Wein, Principal, Ober Kaler David Holtzman, VP of Compliance,
More informationMeaningful Use Audit Red Flags: Pay Careful Attention To The Security Risk Analysis - Or Else
Meaningful Use Audit Red Flags: Pay Careful Attention To The Security Risk Analysis - Or Else Jim Tate Founder: EMR Advocate, Inc. Managing Partner: HITECH Answers Author of The Incentive Roadmap The Meaningful
More informationFIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS
FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher
More informationArt Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches
Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA
More informationTODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures
TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing
More informationHIPAA - Breaking News!
Health IT and Meaningful Use Update Nebraska Healthcare Quality Forum June 4, 2014 Barbara E. Person and Michael W. Chase Baird Holm LLP #1258792 HIPAA - Breaking News! Office for Civil Rights (OCR) will
More informationSurviving a HIPAA Audit: What you need to know NOW So you can cope THEN. Jonathan Krasner www.beinetworks.com www.hipaasecurenow.
Surviving a HIPAA Audit: What you need to know NOW So you can cope THEN Jonathan Krasner www.beinetworks.com www.hipaasecurenow.com Healthcare IT Landscape Meaningful Use Incentives Technology Advances
More informationIAPP Practical Privacy Series. Data Breach Hypothetical
IAPP Practical Privacy Series Data Breach Hypothetical Presented by: Jennifer L. Rathburn, Partner, Quarles & Brady LLP Frances Wiet, CPO and Assistant General Counsel, Takeda Pharmaceuticals U.S.A., Inc.
More informationSustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments
View the Replay on YouTube Sustainable HIPAA Compliance: Protecting Patient Privacy through Highly Leveraged Investments FairWarning Executive Webinar Series October 31, 2013 Today s Panel Chris Arnold
More information