This webinar will discuss HIPAA audit and enforcement regulations and processes for 2022 and how they apply to covered entities and business associates. Attendees will learn how to prepare for HIPAA audit to avoid fines and penalties for HIPAA violations.
HHS OCR has focused heavily on compliance with the HIPAA rules on individual access of information, with approximately one enforcement settlement per month since September of 2019 (more than two dozen settlements so far), and the new Information Blocking rules provide a fresh impetus for HHS to keep up the pressure. At the same time, enforcement actions continue for other violations, such as improper release of patient information, systemic noncompliance, lack of security risk analysis, and improperly addressed business relationships between affiliated entities.
Recent enforcement actions show a willingness for HHS to work in conjunction with State Attorneys General to bring about settlements for violations of several laws at once, a new emphasis on the importance of prompt action on requests for individual access of Protected Health Information (PHI), and a new crack-down on doctors’ responding to patients’ social media posts and including PHI in the posting.
New guidance from HHS about the liability of Business Associates for compliance makes it more clear what Business Associates are liable for, and what responsibilities for HIPAA compliance remain in the Covered Entities’ hands. Both Covered Entities and Business Associates need to be prepared for the enforcement distinctions and responsibilities.
In this session we will discuss the enforcement actions that have been taken, and the lessons that can be learned from those actions. We will explore what kind of issues were most prevalent and what kind of entities had the most problems, and show where entities need to improve their compliance the most based on real enforcement experience.
Even though the HIPAA audit program is on hold for at least the time being, that doesn’t mean there will be no enforcement of the HIPAA rules. In fact, preparing for a HIPAA Audit is one of the best ways to be ready to respond to any enforcement action, and going through an internal HIPAA Audit will help you find issues before they become problems that can lead to penalties.
USDHHS has published a protocol for the HIPAA audits, so it is possible to know how to prepare for an audit or enforcement review. Nearly any health care covered entity may be subject to an audit or enforcement investigation; all entities need to know what kinds of questions they’ll be asked, what information they'll need to provide and how to prevent issues that could lead to violations and fines. Being ready to reply to an inquiry can help minimize potential penalties.
Medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The titles are:
Why Should You Attend:
While the worldwide pandemic has prompted some relaxation of HIPAA requirements in specific circumstances to ease provision of medical services while preserving social distancing requirements and addressing emergency vaccination needs, enforcement of HIPAA has continued.HHS OCR has focused heavily on compliance with the HIPAA rules on individual access of information, with approximately one enforcement settlement per month since September of 2019 (more than two dozen settlements so far), and the new Information Blocking rules provide a fresh impetus for HHS to keep up the pressure. At the same time, enforcement actions continue for other violations, such as improper release of patient information, systemic noncompliance, lack of security risk analysis, and improperly addressed business relationships between affiliated entities.
Recent enforcement actions show a willingness for HHS to work in conjunction with State Attorneys General to bring about settlements for violations of several laws at once, a new emphasis on the importance of prompt action on requests for individual access of Protected Health Information (PHI), and a new crack-down on doctors’ responding to patients’ social media posts and including PHI in the posting.
New guidance from HHS about the liability of Business Associates for compliance makes it more clear what Business Associates are liable for, and what responsibilities for HIPAA compliance remain in the Covered Entities’ hands. Both Covered Entities and Business Associates need to be prepared for the enforcement distinctions and responsibilities.
In this session we will discuss the enforcement actions that have been taken, and the lessons that can be learned from those actions. We will explore what kind of issues were most prevalent and what kind of entities had the most problems, and show where entities need to improve their compliance the most based on real enforcement experience.
Even though the HIPAA audit program is on hold for at least the time being, that doesn’t mean there will be no enforcement of the HIPAA rules. In fact, preparing for a HIPAA Audit is one of the best ways to be ready to respond to any enforcement action, and going through an internal HIPAA Audit will help you find issues before they become problems that can lead to penalties.
USDHHS has published a protocol for the HIPAA audits, so it is possible to know how to prepare for an audit or enforcement review. Nearly any health care covered entity may be subject to an audit or enforcement investigation; all entities need to know what kinds of questions they’ll be asked, what information they'll need to provide and how to prevent issues that could lead to violations and fines. Being ready to reply to an inquiry can help minimize potential penalties.
Areas Covered in the Webinar:
- Fines and penalties for violations of the HIPAA regulations include mandatory fines for willful neglect of the rules that begin at over $10,000 minimum, but showing due diligence can reduce culpability and penalties.
- Find out what HHS OCR is likely to ask you if you are selected for an audit or enforcement review, and what you'll have to have prepared already when they do.
- The HIPAA Audit Protocol will be examined along with the sets of questions asked at other HIPAA audits previously.
- HIPAA enforcement actions will be explored, to illustrate violations that can be avoided and the proper practices that can help compliance.
- Relaxation of enforcement for the pandemic will be explained, including how it works during and after the emergency.
- Learn how having a good compliance process can help you stay compliant more easily.
- Find out what you'll need to have documented to survive an audit or enforcement review and avoid fines.
- Learn how to use the contents of the HIPAA Audit Protocol as the foundation of your compliance activities and documentation.
Who Will Benefit:
This webinar will provide valuable assistance to all personnel in:Medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The titles are:
- Compliance director
- CEO
- CFO
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
Course Content
- Fines and penalties for violations of the HIPAA regulations include mandatory fines for willful neglect of the rules that begin at over $10,000 minimum, but showing due diligence can reduce culpability and penalties.
- Find out what HHS OCR is likely to ask you if you are selected for an audit or enforcement review, and what you'll have to have prepared already when they do.
- The HIPAA Audit Protocol will be examined along with the sets of questions asked at other HIPAA audits previously.
- HIPAA enforcement actions will be explored, to illustrate violations that can be avoided and the proper practices that can help compliance.
- Relaxation of enforcement for the pandemic will be explained, including how it works during and after the emergency.
- Learn how having a good compliance process can help you stay compliant more easily.
- Find out what you'll need to have documented to survive an audit or enforcement review and avoid fines.
- Learn how to use the contents of the HIPAA Audit Protocol as the foundation of your compliance activities and documentation.
Speaker
Jim Sheldon-DeanCourse Provider
Jim Sheldon-Dean,
