Get ready for your HIPAA Compliance Audit

Paul-R. Hales
Speaker: Paul R. Hales
Attorney, Attorney at Law LLC
View Profile
Duration: 60 Minutes
Product Code: 300002
Level: Beginner
Key Take Away

Learn how vital it is for Covered Entities of all sizes to be prepared for a HIPAA Privacy, Security and Breach Notification Rule Compliance.

Overview

Every Covered Entity and Business Associate is liable to be audited for HIPAA Compliance by U. S. Department of Health and Human Services (HHS). HIPAA Compliance Audits are now underway. HHS finalized HIPAA Compliance Audit procedures is screening Covered Entities picked randomly from the National Provider Identifier (NPI) database to identify the first group of Covered Entities to be audited. The first group of Business Associates audited for HIPAA Compliance will be selected from Business Associates of the first group of Covered Entities. This is an enforcement audit.

why should you attend
  • Every Covered Entity and Business Associate is liable - without prior notice - to be audited for HIPAA Compliance training by HHS
  • You will have only 2 weeks after receiving your HIPAA Compliance Audit notification and data request to upload all requested documents to an HHS HIPAA Compliance Audit Portal
  • The HIPAA Compliance Audit data request you receive will specify content and file organization, file names and any other document submission requirements 
  • Auditors will not contact an audited entity for clarifications or ask for additional information - it is essential that submitted documents are current, accurately reflect the entity's HIPAA Compliance program and demonstrate HIPAA Compliance
  • Only data submitted on time will be assessed
  • Failure to respond on time may be referred to the HHS training office subjecting the entity to a thorough HIPAA Compliance review
  • Some of the first group of audited entities will be selected for comprehensive on-site HIPAA Compliance Audits, instead of the more limited review of uploaded documents (called a "desk audit" by HHS)
  • HHS conducted pilot audits of Covered Entities to help design the current official HIPAA Compliance Audit Program. Results of the pilot audit published by HHS revealed:
  • Widespread non-compliance by Covered Entities of all sizes  - and HHS made special mention that Small Entities "struggle" with HIPAA Privacy, Security and Breach Notification Rule Compliance
  • HHS says more than 90% of Health Care Providers are Small Entities, according to Federal guidelines
  • The most common cause of failure was the audited entity was unaware of the HIPAA Compliance requirement
  • 80% of Health Care Providers failed to have an accurate or complete Risk Analysis - mandatory for all Covered Entities since 2005 and all Business Associates 
  • HIPAA Compliance Audits are just one example of increased HIPAA Compliance enforcement. Massive data breaches, theft of Protected Health Information (PHI) and public and political pressure demand close scrutiny of the HIPAA Compliance program of every Covered Entity and Business Associate, regardless of size. From September 2009 through May 31, 2015 HHS received more than 173,000 reports of breaches of PHI affecting less than 500 individuals and approximately 1,240 reports of breaches affecting 500 or more individuals.
Areas Covered in this Webinar

This webinar will concentrate on topics that HHS has announced will be the focus of the first round of "desk audits". They reflect significant areas of non-compliance revealed in the 2012 pilot audits and HHS HIPAA violation investigations concluded by Resolution Agreements and Corrective Action Plans. They include:

  1. HIPAA Risk Analysis 
  2. Risk Management based on Risk Analysis
  3. Breach Notification
  4. Notice of Privacy Practices (for Covered Entities)
  5. Minimum Necessary Standard
  6. Access of Individuals to their PHI 
  7. Authorizations
  8. Workforce Training

This webinar is vital because, in focusing on preparation for a HIPAA Compliance Audit, Covered Entities and Business Associates may review, prioritize and structure their HIPAA Compliance programs. If you have HIPAA Compliance documentation ready to submit on two weeks’ notice to HHS you are implementing an effective HIPAA Compliance workforce training program.

In addition, every Covered Entity or Business Associate may face an HHS HIPAA Compliance investigation at any time due to a complaint or a Breach. If you are "audit ready" you will be ready for an investigation - and better able to avoid complaints and prevent health and human services breaches.


Learning Objectives
  • What to Expect - HHS HIPAA Compliance Audit Topics and Procedures
  • Specific Steps to Prepare for an HHS HIPAA Compliance Audit

Who Will Benefit
  • HIPAA Compliance Officials 
  • Top Management
  • Health Care Provider Practice Managers 
  • Risk Managers
  • Compliance Managers
  • Information Systems Managers 
  • Legal Counsel
Speakers Profile
Paul R. Hales

Paul R. Hales, J.D. is an attorney at law in St. Louis, Missouri whose practice has included specialization in the HIPAA Privacy and Security Rules from the dates they became effective. He provides assistance and counseling on the new, more demanding compliance requirements of the HITECH modifications to HIPAA. Mr. Hales is licensed to practice before the Supreme Court of the United States, Federal Appellate and District Courts, the State Courts of Missouri and is a graduate of Columbia University Law School.

View All Webinars By This Speaker