What to Expect in a Federal HIPAA Audit & How to Avoid Audit
I will be speaking to real life audits conducted by the Federal government for Phase 2 and beyond (Iīve been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you).
It seems almost daily I am receiving calls from nervous practice managers and compliance officers all over the USA regarding a HIPAA audit letter or call they have received
This lesson will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2017.
The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information all over regarding the doīs and donīts with HIPAA - I want to add clarity for compliance officers and practice managers
I will uncover myths versus reality as it relates to this very enigmatic law based on over 1000 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors.
In addition, this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. - MAJOR RISKS HERE - I will discuss real life cases I have been a part of and how to avoid being dragged into litigation altogether.
Why you should attend:
Be prepared for the imminent Federal audit!
Protect your practice or business!
What factors might spurn a HIPAA audit? ...are you doing these things?
Why are the Feds enforcing after all these years?
You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.
Court cases that are also changing the landscape of HIPAA and patientīs ability to sue.
TRIAL ATTORNEYS ARE JUST AS DANGEROUS AS THE FEDERAL GOVERNMENT THESE DAYS!!
Do you have an affective HIPAA compliance program?
New laws and funding mean increased risk for both business associates and covered entities!
HIPAA Omnibus - Do you know whatīs involved and what you need to do?
What does Omnibus mean for covered entities and business associates?
Why should you be concerned?
It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to what we need to do as compliance officers.
Areas Covered in the Session:
History of HIPAA
HIPAA Omnibus Rule
How to perform a HIPAA Security Risk Assessment
What is involved in a Federal audit and how is it conducted
Risk factors for a federal audit
EHR and HIPAA
Business Continuity/Disaster Recovery Planning
Business Associates and HIPAA
In depth discussions on IT down to the nuts and bolts
Risk factors that can cause an audit (low hanging fruit)
New rules which grant states ability to sue citing HIPAA on behalf of a patient
New funding measures
....much, much more
Day 1 Schedule
Lecture 1: HIPAA Privacy Rule vs HIPAA Security Rule
Lecture 2: History of HIPAA Audit Program
Lecture 3: HIPAA -History
Lecture 4: HITECH Act
Lecture 5: Information Technology
Lecture 6: Breach Notification Rule
Lecture 7:Omnibus Rule
Lecture 8: Business Associates and HIPAA Audits
Lecture 9: Current Court Cases (precedence)
Lecture 10: Paper Based PHI Concerns
Lecture 11: Disaster Recovery Concerns (Paper)
Lecture 12: Psych and Infectious Disease
Day 2 Schedule
Lecture 1: Phase 2 Audit Program
Lecture 2: Choosing a HIPAA Consultant
Lecture 3: Choosing an IT Group
Lecture 4: Disaster Recovery Concerns (Electronic)
Lecture 5: Physical Setup
Lecture 6: Overseas Outsourcing
Lecture 7: BYOD
Lecture 8: Texting and Emailing
Lecture 9: What the Feds are Looking For (low hanging fruit)
Lecture 10: What are Factors That Can Get Your Practice Audited
Lecture 11: State Laws and Patient Ability to Sue
Lecture 12: How to Conduct a Risk Assessment
Lecture 13: How to Write Policies and Procedures
Brian L Tuttle
Sr Compliance Consultant & IT Manager, InGauge Healthcare Solutions
Brian L Tuttle, CPHIT, CHP, CHA, CBRA, CISSP, CCNA
Brian Tuttle is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 17 yearsī experience in Health IT and Compliance Consulting.