Get ready for your HIPAA Compliance Audit Webinar
Every Covered Entity and Business Associate is liable to be audited for HIPAA Compliance by U. S. Department of Health and Human Services (HHS). HIPAA Compliance Audits are now underway. HHS finalized HIPAA Compliance Audit procedures is screening Covered Entities picked randomly from the National Provider Identifier (NPI) database to identify the first group of Covered Entities to be audited. The first group of Business Associates audited for HIPAA Compliance will be selected from Business Associates of the first group of Covered Entities. This is an enforcement audit.
Why Should You Attend
Every Covered Entity and Business Associate is liable - without prior notice - to be audited for HIPAA Compliance training by HHS
You will have only 2 weeks after receiving your HIPAA Compliance Audit notification and data request to upload all requested documents to an HHS HIPAA Compliance Audit Portal
The HIPAA Compliance Audit data request you receive will specify content and file organization, file names and any other document submission requirements
Auditors will not contact an audited entity for clarifications or ask for additional information - it is essential that submitted documents are current, accurately reflect the entity´s HIPAA Compliance program and demonstrate HIPAA Compliance
Only data submitted on time will be assessed
Failure to respond on time may be referred to the HHS training office subjecting the entity to a thorough HIPAA Compliance review
Some of the first group of audited entities will be selected for comprehensive on-site HIPAA Compliance Audits, instead of the more limited review of uploaded documents (called a "desk audit" by HHS)
HHS conducted pilot audits of Covered Entities to help design the current official HIPAA Compliance Audit Program. Results of the pilot audit published by HHS revealed:
Widespread non-compliance by Covered Entities of all sizes - and HHS made special mention that Small Entities "struggle" with HIPAA Privacy, Security and Breach Notification Rule Compliance
HHS says more than 90% of Health Care Providers are Small Entities, according to Federal guidelines
The most common cause of failure was the audited entity was unaware of the HIPAA Compliance requirement
80% of Health Care Providers failed to have an accurate or complete Risk Analysis - mandatory for all Covered Entities since 2005 and all Business Associates
HIPAA Compliance Audits are just one example of increased HIPAA Compliance enforcement. Massive data breaches, theft of Protected Health Information (PHI) and public and political pressure demand close scrutiny of the HIPAA Compliance program of every Covered Entity and Business Associate, regardless of size. From September 2009 through May 31, 2015 HHS received more than 173,000 reports of breaches of PHI affecting less than 500 individuals and approximately 1,240 reports of breaches affecting 500 or more individuals.
Areas Covered In This Webinar
This webinar will concentrate on topics that HHS has announced will be the focus of the first round of "desk audits". They reflect significant areas of non-compliance revealed in the 2012 pilot audits and HHS HIPAA violation investigations concluded by Resolution Agreements and Corrective Action Plans. They include:
HIPAA Risk Analysis
Risk Management based on Risk Analysis
Notice of Privacy Practices (for Covered Entities)
Minimum Necessary Standard
Access of Individuals to their PHI
This webinar is vital because, in focusing on preparation for a HIPAA Compliance Audit, Covered Entities and Business Associates may review, prioritize and structure their HIPAA Compliance programs. If you have HIPAA Compliance documentation ready to submit on two weeks’ notice to HHS you are implementing an effective HIPAA Compliance workforce training program.
In addition, every Covered Entity or Business Associate may face an HHS HIPAA Compliance investigation at any time due to a complaint or a Breach. If you are "audit ready" you will be ready for an investigation - and better able to avoid complaints and prevent health and human services breaches.
What to Expect - HHS HIPAA Compliance Audit Topics and Procedures
Specific Steps to Prepare for an HHS HIPAA Compliance Audit
Who Will Benefit
HIPAA Compliance Officials
Health Care Provider Practice Managers
Information Systems Managers
Paul R. Hales
Paul R. Hales, J.D. is an attorney at law in St. Louis, Missouri whose practice has included specialization in the HIPAA Privacy and Security Rules from the dates they became effective. He provides assistance and counseling on the new, more demanding compliance requirements of the HITECH modifications to HIPAA. Mr. Hales is licensed to practice before the Supreme Court of the United States, Federal Appellate and District Courts, the State Courts of Missouri and is a graduate of Columbia University Law School.