HIPAA Audit and Enforcement Update — Changes to Penalties and Latest Decisions | Compliance Seminars

When considering what to focus on for compliance and internal audits, there is no better source of information about issues to avoid than the list of enforcement actions taken in HIPAA compliance that have resulted in penalties for the violators. The details of the enforcement actions, including the reasons, penalties, and corrective action plans involved with each, provide indicators of issues to be on the lookout for, that can cause significant pain if left unaddressed.


In addition, the maximum penalties for HIPAA violations have been revised, so that the maximums for each tier of a violation more closely reflect the maximums identified in the HITECH Act, and are now related to the culpability of the organization. Organizations that try to meet requirements will receive lower maximum fines than those that are negligent. And the maximums have also been revised to reflect a cost-of-living increase.


The random HIPAA Compliance Seminars Audit program had a year of trial audits in 2012 and a second round of audits, this time including HIPAA Business Associates, concluded in 2017. The law calls for a permanent Audit program, but HHS has indicated that the HIPAA audit program will be on hold for at least the time being, and that the next product will be a report on best practices learned in the audits conducted so far. But that doesn’t mean there will be no enforcement of the HIPAA rules. In fact, preparing for a HIPAA Audit is one of the best ways to be ready to respond to any enforcement action, and going through an internal HIPAA Audit will help you find issues before they become problems that can lead to penalties.


In this session we will review the enforcement actions taken by HHS and state Attorneys General to illustrate the issues concerned and explain how to avoid them, and the penalties that can result when they are not avoided. Issues will be explored in depth in several areas in order to explain the regulatory requirements and the means for meeting them.


We will also discuss the HIPAA audit program and how it works, and discuss the areas that caused the most issues in the 2012 audits and the areas that were targeted in the 2016 audits. We will explore what kind of issues were most prevalent and what kind of entities had the most problems, and show where entities need to improve their compliance the


most. We will also explore the typical risk issues that lead to breaches of health information and see how those issues may be targets for auditors and enforcement action in the future.


Knowing what questions are likely to be asked and have been asked at prior HIPAA compliance audits can make preparing for and surviving a HIPAA audit or enforcement review much easier. USDHHS has published an updated, July 2018 protocol for the HIPAA audits, so it is possible to know how to prepare for an audit or enforcement review. Nearly any health care covered entity may be subject to an audit or enforcement investigation; all entities need to know what kinds of questions they’ll be asked, what information they'll need to provide and how to prevent issues that could lead to violations and fines.


We will examine the updated 2018 HIPAA Audit Protocol as well as other questionnaires that have been used in the past and may be used to help prepare an organization for a future review. We will present methods for using the contents of the HIPAA Audit Protocol to build your own compliance plan by extracting the contents and relating your compliance activities and documentation directly to the questions that might be asked, thereby creating a compliance management tool to ensure continued compliance improvement.


We will review the contents of the 2018 HIPAA Audit Protocol to show what documentation needs to be on hand should your organization be selected for an audit or enforcement action. We will explain the enforcement regulations and the recent changes that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000. Documentation requirements for compliance will be explored.


The results of prior HHS audits and enforcement actions (and their penalties) will be discussed, including recent actions involving multi-million-dollar fines and settlements. A plan for attaining compliance will be presented. The steps to follow to prepare for an audit and respond to an audit request will be outlined. In addition, upcoming trends in information security risks will be discussed so you can start to plan for the work you'll need to do to stay in compliance and keep patient information private and secure.


Webinar Takeaway


  • Fines and penalties for violations of the HIPAA regulations have been updated to reflect the culpability of an organization and cost-of-living increases, and now include mandatory fines for willful neglect of the rules that begin at $10,000 minimum and can reach $50,000 per day, with maximums over $1.7 million.

  • HIPAA enforcement actions resulting in settlements or penalties of up to $16 million will be discussed, explaining the type of each violation and its impact.

  • The key issues driving each enforcement action will be explained, including such topics as breaches, communications, ransomware, and privacy rule violations.

  • Find out what HHS OCR is likely to ask you if you are selected for an audit or enforcement review, and what you'll have to have prepared already when they do.

  • The HIPAA Audit Protocol will be examined along with the sets of questions asked at other HIPAA audits previously.

  • Find out what the rules are that you need to comply with and what policies you can adopt that can help you come into compliance.

  • Learn how having a good compliance process can help you stay compliant more easily.

  • Find out what you'll need to have documented to survive an audit or enforcement review and avoid fines.

Learn how to use the contents of the HIPAA Audit Protocol as the foundation of your compliance activities and documentation.

Can't Make this LIVE Webinar?


Simply select the Recorded option when registering and we will send you the link to view the recorded version


Who will Benefit


Compliance director

CEO

CFO

Privacy Officer

Security Officer

Information Systems Manager

HIPAA Officer

Chief Information Officer

Health Information Manager

Healthcare Counsel/lawyer

Office Manager

Contracts Manager


Industries who can attend

This 180-minute online course is intended for professionals in the Healthcare Industry.


For more information Visit us -  https://worldcomplianceseminars.com/

Comments

Post a Comment

Popular posts from this blog

Trends in FDA Compliance and Enforcement for Regulated Computer Systems

Image
  FDA requires that all computer systems used to produce, manage and report on “GxP” (GMP, GLC, GCP) related products be validated and maintained in accordance with specific rules. This webinar will help you understand the FDA’s current thinking on computer systems that are validated and subject to inspection and audit. As a “GxP” system, following Good Manufacturing, Laboratory and Clinical Practices, the computer system must be validated in accordance with FDA requirements . If electronic records and/or electronic signatures (ER/ES) are incorporated into the system, FDA’s CFR Part 11 guidance on ER/ES must be followed.   This webinar will focus on the key areas that are most important, including security and data integrity. Implementing and following the System Development Life Cycle (SDLC) methodology is the best approach for computer system validation and maintaining data integrity. The life cycle approach takes all aspects of validation into account throughout the life of the sys
Read more

General Data Protection Regulation (GDPR) Compliance Training

  The General Data Protection Regulation (GDPR), introduced by the European Union, took effect on May 25, 2018. This regulation has changed how organizations handle personal data of data subjects, including customers, employees, and prospects. Organizations had to revamp their processes and systems to be compliant with the new stringent data protection standards. The purpose of the GDPR is to create better data protection policies and to hold the organizations that handle personal data more accountable. But the transition isn’t easy. The new processes have to be systemic and self-serving rather than ad hoc, manual, and intrusive. This Compliance Seminar would help organization which is affected by the GDPR. It includes a comprehensive and structured plan to achieve GDPR compliance Why should you attend With the introduction of the GDPR, organizations are under intense scrutiny regarding how they use the personal data of customers, employees, and prospects. Non-compliance can lead to h
Read more

Pharmaceutical Training on Excipients: Compliance with Compendial and GMP Requirements Training Online

  Excipients are the substances that are in any pharmaceutical preparation besides the drug. From ingredients that improve drug delivery, to ingredients that improve stability of the drug to ingredients which improve the color and taste of the drug, each component has a key role in pharmaceutical delivery and must be evaluated as such Why Should You Attend Excipients must be evaluated with each drug they are included with to ensure that they can be used safely while ensuring the drug can be used as intended. However, there are a number of challenges with excipient testing. Balancing the needs of the various compendials, such as USP, EP and JP, with cGMP can be a challenge. The goal of this webinar is to ensure that you know what needs to be done for each type of testing, the goals of each, and how you can use the various components of testing to reinforce each other to ensure the proper usage of excipients. Webinar Takeaway Types of excipients Compendial excipient testing cGMP excipie
Read more