HIPAA Enforcement Examples - Where Others Have Gone Wrong

Why Should You Attend:

HIPAA enforcement is now a significant reality, and settlements for violations are being announced more and more frequently. Now, with the increase in breach reporting and the new random audit program, enforcement of HIPAA is something that every HIPAA entity and business associate needs to be aware of and prepared for, by examining why prior enforcement occurred and what could be done to prevent such problems.

This webinar will review:

• The HIPAA enforcement actions that have taken place and examine why the enforcement took place and what could have been done to prevent the incident that led to the enforcement.
• The requirements that were not met and discuss what HIPAA entities need to do to ensure that the proper policies, procedures, training, and documentation of their application are in place to prevent problems and limit the organization's exposure in incidents.
• The HIPAA audit program and how it works, and discuss the areas that caused the most issues in the 2012 audits.
• The kind of issues and entities that had the most problems, and highlight areas where entities need to improve their compliance the most, and also explore the typical risk issues that lead to breaches of health information and see how those issues may be a target for auditors in 2015.
• The HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and business associates.
• The new trends in information security risks so you can start to plan for the work you'll need to do to stay in compliance and keep patient information private and secure.

The course will also detail the recent changes that increased fines and created new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000. The results of prior enforcement actions and HHS audits (and their penalties) will be discussed, including recent actions involving multi-million dollar fines and settlements.

Areas Covered in the Webinar:

• The HIPAA enforcement processes and how they apply to covered entities and business associates.
• The HIPAA Privacy, Security, and Breach Notification regulations (and the recent changes to them) and how their compliance will be evaluated in enforcement circumstances.
• Recent changes to the HIPAA enforcement regulations that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000.
• The information and documentation that needs to be prepared in advance so that you can be ready for an enforcement review or an audit without notice.
• The results of prior HHS enforcement actions and audits (and their penalties), including recent actions involving multi-million dollar fines and settlements.
• Identification of weaknesses in organizational compliance.
• Questions asked in prior audits and enforcement reviews.
• Future threats to the security of patient information.
• The importance of a good compliance process to help you stay compliant more easily.

Who Will Benefit:

This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). This includes:

• Compliance Directors
• CEOs
• CFOs
• Privacy Officers
• Security Officers
• Information Systems Managers
• HIPAA Officers
• Chief Information Officers
• Health Information Managers
• Healthcare Counsels/Lawyers
• Office Managers
• Contracts Managers

Instructor Profile:

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Electronic Data Interchange Privacy and Security Workgroup, currently serves on the WEDI Breach Notification sub-workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before regional HFMA chapter meetings and state hospital associations.

Mr. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related websites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Mr. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

Instructor Profile:

For many years, HIPAA enforcement was not taken seriously, and enforcement actions used to consist of little more than a slap on the wrist and some advice on what to do better the next time. But all that has changed, and now the US Department of Health and Human Services Office for Civil Rights has begun vigorous enforcement of the HIPAA regulations, and is not hesitant about applying multi-million dollar fines.

Now that the rules have been in place for more than ten years, the days of advice and counseling have been replaced by a hard-nosed enforcement attitude, where HHS OCR is ready to make health care organizations that violate the rules feel some pain for their actions.

If you don't take the proper steps to ensure your patients' rights and health information are being protected according to the HIPAA Privacy, Security, and Breach Notification Rules, you can be hit with significant fines and penalties. With the increased HIPAA fines beginning at $10,000 in cases of willful neglect, following the privacy requirements, providing good information security, and being in compliance are more important than ever.

HIPAA compliance requires that you be prepared to handle Protected Health Information properly and follow the requirements in the HIPAA Privacy, Security, and Breach Notification Rules. If there is a problem that comes to the surface, through a complaint, breach, or audit, an enforcement action can result. Enforcement actions include financial settlements that can reach into the millions of dollars, as well as Corrective Action Plans that can take years to complete and can cost many times the expense of the monetary settlements.

Violations originated from such simple things as returning copiers to the leasing company without removing the PHI on the hard drive, moving offices without accounting for hard drives stored in a closet, and improperly disposing of printed materials, that all could have been prevented with the implementation of policies and procedures and training on them. Several settlements for violations involve improper consideration of the requirements in the Security Rule, which calls for extensive policies and procedures based on an accurate and thorough entity-wide risk analysis.

Every entity under the HIPAA regulations needs to know why the enforcement actions took place and what could have been done differently to prevent the violations that led to enforcement, so they can avoid those issues and their significant impact. Failure to do so can lead to financial settlements, fines, and/or corrective action plans that can severely impact your organization.

Follow us :