Share Your Research, Maximize Your Social Impacts
Main Menu
Searching By
PARTNERS
HIPAA Security Audit 2015 - How to Survive a HIPAA Security Audit
Date2015-02-05
Deadline2015-02-04
VenueOnline event, USA - United States 
KeywordsHIPAA Security Audit; Healthcare compliance training; Healthcare hipaa webinars
Websitehttps://bit.ly/1vQrPr5
Topics/Call fo Papers
Overview: Your organization's focus should be protecting the privacy and security of PHI and reducing the probability of a breach. Passing an OCR audit should be the result of an effective compliance culture, not your aim on goal.
Here are things you can do to ensure you're prepared for HIPAA compliance, and in turn, are ready for an audit:
Document your security, privacy and breach policies and review and update those policies periodically.
Regularly perform a security risk analysis to find any vulnerable areas and create an action plan to fix these possible vulnerable areas.
Update your risk analysis and risk management plans if they haven't been updated in 2+ ye.
Keep an organized archive of the business associates affiliated with your organization. Update your agreements with them when changes are made.
Train your staff so they understand the importance of maintaining a culture of HIPAA compliance and know the required steps to take to protect the PHI your organization handles.
Why is OCR cracking down with their audits? According to David Holtzman, a former senior advisor at OCR, "the healthcare industry is a generation behind banking in safeguarding information." In 2013, the healthcare industry saw a 138% increase in the exposure of sensitive records, as well as a 20% increase with medical identification theft.
No one looks forward to an audit. Audits are time-consuming and can be uncomfortable to endure. But no one wants to experience a security breach either, and the effects of a breach are much worse to endure than an audit. If you're already HIPAA compliant, then you're already prepared to survive an OCR audit.
Why should you attend: In 2012, the Department of Health and Human Services Office for Civil Rights (OCR) conducted on-site pilot audits during its first round of their HIPAA compliance audit program. A consulting firm OCR hired performed 115 pilot audits during that year. Starting the end of this year or beginning of 2015, OCR is resuming their HIPAA compliance audit program with its second round of audits - performed by OCR staff this time - that will address some red flags OCR found with security issues during 2012.
This time around, OCR's random audit of 350 covered entities and 50 business associates will assess the selected organizations' compliance with the HIPAA privacy, security and breach notification rules. If you're a covered entity, OCR's focus is going to be on risk analysis and risk management (security rule part), the material and timeliness of breach notifications (the breach notification rule part) and the notification of privacy practices updates to changes in the HIPAA Omnibus Rule and access to rights (the privacy rule part). If you're a business associate, their focus is on security risk analysis and risk management and breach reporting to your covered entities.
A desk audit involves you submitting certain content and documentation demonstrating the scope and timeliness of your efforts to comply with HIPAA and its rules. Only send the information asked for and send it on time! Auditors won't ask you for clarifications or for more information. They're only going to work with what they have and make their compliance decision off that. If you don't respond with a submission, you'll most likely receive a more formal review from the OCR.
Areas Covered in the Session:
Introduction to Speaker
Industry events and trends
Risk Management methodology
HIPAA Basics
Risk Analysis Documentation
Progress Documentation
Reporting Requirements
The Fire-Drill-what to do when the OCR letter arrives
How Meaningful Use and Figliozzi audits process
Case studies
Who Will Benefit:
HIPAA Privacy and Security Officers
Business Associates & Subcontractors
Healthcare Business Insurers
Health Information Management Professionals
Healthcare In-house Legal Counsel
Healthcare Risk Managers
EHR & PHR Vendors
State and Federal Government Policymakers
Healthcare Attorneys
Healthcare Consultants
Medical Records/Health Information Managers (HIM)
Clinic Owners & Operations Managers
Steven Marco , President of Modern Compliance Solutions, has a passion for IS Security and over 18 years as a leader in executing various regulatory compliance mandates and Health IT. A CISA since 1999, he helped pioneer Internet Security Services and manage risk for numerous Fortune 500 companies while at Deloitte & Touche. At Resources Global Professionals, he led IT through their Sarbanes Oxley 404 audit and successful IPO in 2002. He currently drives risk management services through data security and regulatory compliance consulting, while developing industry-leading compliance automation software called HIPAA One. Steve holds a Bachelor’s Degree from Ryerson University in Computer Information Systems Management and Corporate Law.
MentorHealth
Roger Steven
contact no: 8003851607
fax no: 302-288-6884
Event Link:http://bit.ly/1vQrPr5
webinars-AT-mentorhealth.com
www.mentorhealth.com
Here are things you can do to ensure you're prepared for HIPAA compliance, and in turn, are ready for an audit:
Document your security, privacy and breach policies and review and update those policies periodically.
Regularly perform a security risk analysis to find any vulnerable areas and create an action plan to fix these possible vulnerable areas.
Update your risk analysis and risk management plans if they haven't been updated in 2+ ye.
Keep an organized archive of the business associates affiliated with your organization. Update your agreements with them when changes are made.
Train your staff so they understand the importance of maintaining a culture of HIPAA compliance and know the required steps to take to protect the PHI your organization handles.
Why is OCR cracking down with their audits? According to David Holtzman, a former senior advisor at OCR, "the healthcare industry is a generation behind banking in safeguarding information." In 2013, the healthcare industry saw a 138% increase in the exposure of sensitive records, as well as a 20% increase with medical identification theft.
No one looks forward to an audit. Audits are time-consuming and can be uncomfortable to endure. But no one wants to experience a security breach either, and the effects of a breach are much worse to endure than an audit. If you're already HIPAA compliant, then you're already prepared to survive an OCR audit.
Why should you attend: In 2012, the Department of Health and Human Services Office for Civil Rights (OCR) conducted on-site pilot audits during its first round of their HIPAA compliance audit program. A consulting firm OCR hired performed 115 pilot audits during that year. Starting the end of this year or beginning of 2015, OCR is resuming their HIPAA compliance audit program with its second round of audits - performed by OCR staff this time - that will address some red flags OCR found with security issues during 2012.
This time around, OCR's random audit of 350 covered entities and 50 business associates will assess the selected organizations' compliance with the HIPAA privacy, security and breach notification rules. If you're a covered entity, OCR's focus is going to be on risk analysis and risk management (security rule part), the material and timeliness of breach notifications (the breach notification rule part) and the notification of privacy practices updates to changes in the HIPAA Omnibus Rule and access to rights (the privacy rule part). If you're a business associate, their focus is on security risk analysis and risk management and breach reporting to your covered entities.
A desk audit involves you submitting certain content and documentation demonstrating the scope and timeliness of your efforts to comply with HIPAA and its rules. Only send the information asked for and send it on time! Auditors won't ask you for clarifications or for more information. They're only going to work with what they have and make their compliance decision off that. If you don't respond with a submission, you'll most likely receive a more formal review from the OCR.
Areas Covered in the Session:
Introduction to Speaker
Industry events and trends
Risk Management methodology
HIPAA Basics
Risk Analysis Documentation
Progress Documentation
Reporting Requirements
The Fire-Drill-what to do when the OCR letter arrives
How Meaningful Use and Figliozzi audits process
Case studies
Who Will Benefit:
HIPAA Privacy and Security Officers
Business Associates & Subcontractors
Healthcare Business Insurers
Health Information Management Professionals
Healthcare In-house Legal Counsel
Healthcare Risk Managers
EHR & PHR Vendors
State and Federal Government Policymakers
Healthcare Attorneys
Healthcare Consultants
Medical Records/Health Information Managers (HIM)
Clinic Owners & Operations Managers
Steven Marco , President of Modern Compliance Solutions, has a passion for IS Security and over 18 years as a leader in executing various regulatory compliance mandates and Health IT. A CISA since 1999, he helped pioneer Internet Security Services and manage risk for numerous Fortune 500 companies while at Deloitte & Touche. At Resources Global Professionals, he led IT through their Sarbanes Oxley 404 audit and successful IPO in 2002. He currently drives risk management services through data security and regulatory compliance consulting, while developing industry-leading compliance automation software called HIPAA One. Steve holds a Bachelor’s Degree from Ryerson University in Computer Information Systems Management and Corporate Law.
MentorHealth
Roger Steven
contact no: 8003851607
fax no: 302-288-6884
Event Link:http://bit.ly/1vQrPr5
webinars-AT-mentorhealth.com
www.mentorhealth.com
Other CFPs
Last modified: 2015-01-07 18:00:11