Maintaining Continuous HIPAA Compliance through Effective Monitoring and Auditing Practices

Why Should You Attend:

HIPAA ‘covered entities’ (providers, health plans, and clearinghouses) and ‘business associates’ should implement and maintain sound monitoring and auditing practices. Those practices should help covered entities and business associates avoid or reduce the risk of civil or criminal sanctions for HIPAA violations. The new leadership of the Department of Health and Human Services, Office for Civil Rights (OCR) has been very visible and vocal about the new HIPAA enforcement tone from the OCR.

This webinar will address aspects of the enforcement rule from a practical perspective; particularly the interpretation of ‘wilful neglect’ under the civil sanctions provision. In addition, the difference between a ‘breach’ and an ‘incident’ will be addressed.

The focus of monitoring and auditing efforts will vary, based on specific provisions of the HIPAA/HITECH laws. For example, the Privacy Rule requirements relate closely to behaviors of many different groups of employees, including clinicians, allied health practitioners, business office workers, information technology staff, volunteers and so on.

Periodic reports on the HIPAA compliance program should be provided to the governing body and senior management. This session will include examples of suggested reporting ‘metrics’ for those groups.

Areas Covered in the Webinar:

• Key areas to monitor or audit to demonstrate ‘good faith’ compliance efforts
• Difference between a ‘breach’ and an ‘incident’
• How to use an OCR ‘Resolution Agreement’ for a monitoring or auditing plan
• Tips to help your workforce identify and speak up about possible HIPAA violations
• Highlights of some of the most common exceptions under the HIPAA Privacy Rule
• Recommendations for follow-up steps based on audit findings
• How to select technologies to augment your current privacy monitoring program
• Suggestions for working with Human Resources based on monitoring or audit results

Who Will Benefit:

• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Compliance Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager
• Supervisors and Managers who use or disclose protected health information
• Lawyers and auditors who advise clients on HIPAA compliance

John Steiner
Former Chief Compliance Officer, Cancer Treatment Centers of America

John E. Steiner, Jr., Esq., CHC, CCEP, is the Former Chief Compliance and Privacy Officer and Associate General Counsel for Cancer Treatment Centers of America (CTCA), based in Schaumburg, Illinois. He is a member of the Executive Team and responsible for the design, implementation and administration of an enterprise compliance program. He is a national speaker on health law and compliance topics. He also is a nationally recognized author and editor of a variety of health care and compliance publications.

Prior to his current position, Mr. Steiner served as the Chief Compliance Officer for UK HealthCare of the University of Kentucky, Lexington, Kentucky, where he was responsible for the enterprise wide compliance program. He previously served as the Chief Compliance and Privacy Officer for the Cleveland Clinic Health System, an international referral center and multi-specialty, academic medical center in Cleveland, Ohio, and Florida. He was the first compliance officer in the history of the Cleveland Clinic and designed, implemented and administered the corporate compliance program for the health care system.

Mr. Steiner also was Senior Counsel for the American Hospital Association, where he served as an attorney and advocate for this national trade association and its 5,000 member hospitals. He obtained his BA from the Johns Hopkins University, his Certificate from the Johns Hopkins University Nitze School of Advanced International Studies, and his JD, with honors, from Chicago-Kent College of Law in Chicago, Illinois. He is the Vice Chairman of the American Bar Association Health Law Committee, a former board member of the Health Care Compliance Association and former chairman of the American Medical Group Association's Council of Compliance Officers.

Topic Background:

On January 25, 2013, the Department of Health and Human Services (HHS) issued the final HIPAA Omnibus Rule, which became effective on March 26, 2013 and required compliance by September 23, 2013. Modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules were included in the “Health Information Technology for Economic and Clinical Health Act” (HITECH).

The final rule and HITECH requirements place more comprehensive HIPAA requirements on Business Associates and change the enforcement and penalty framework for HIPAA violations.

Follow us :