How to do HIPAA Risk Analysis - Risk Management - Lessons from OCR
There is a secret to HIPAA compliance. The secret is that the HIPAA Rules are easy to follow, step-by-step, when you know the steps.
- What are OCR’s top priorities in HIPAA enforcement, learned from the Phase 2 Audits and OCR’s 2018 settlements
- Why HIPAA Risk Analysis – Risk Management is essential for all Covered Entities and Business Associates, regardless of size
- What HIPAA Risk Analysis – Risk Management really is
- How administrative staff can do a complete HIPAA Risk Analysis – Risk Management efficiently, step-by-step
- How Covered Entities and Business Associates failed the Audits, and what can be done to avoid failure
- What are some common misunderstandings about the Individual’s Right of Access to medical records
- How to communicate with patients electronically and comply with HIPAA by following the “3 step safeguard”
Overview of the webinar
The Phase 2 HIPAA Compliance Audit, increasing breaches of unsecured protected health information and rampant medical identity theft reveal a national crisis in HIPAA compliance. In addition, HIPAA enforcement during 2018 by the Office for Civil Rights (OCR) revealed that too many organizations still do not perform Risk Analysis -Risk Management correctly. This basic HIPAA requirement is the key to protecting your business, whether you are a Covered entity or a Business associate.
Who should attend?
- Hospital Trustees
- C-Suite Executives
- HIPAA Compliance Official
- HIPAA Privacy Officer
- HIPAA Security Officer
- Health Information Technology Supervisor
- Practice Manager
- Risk Manager
- Dentist
- Optometrist
- Chiropractor
- Physical Therapist
- Podiatrist
Why should you attend?
- The Office for Civil Rights (OCR), the HIPAA enforcement arm of the U. S. Department of Health and Human Services (HHS) continues to monitor compliance with HIPAA in 2019. Audit results from the Phase 2 Covered Entity HIPAA Compliance Audits showed that 87% failed the Risk Analysis Audit and 94% failed the Risk Management Audit! During 2018, OCR collected settlements and a judgment totaling $28.7 million, the highest amount yet in a year. In most of those cases, the core requirement of Risk Analysis – Risk Management was missing.
- HIPAA enforcement, driven by Congressional and public demand is increasing dramatically. HIPAA Risk Analysis – Risk Management is OCR’s highest compliance priority and is required of all Covered Entities and Business Associates. And it should be the foundation of every health care organization’s HIPAA compliance program.
- The HIPAA Rules do not explain how to do Risk Analysis – Risk Management and government guidance is confused, confusing and of no practical help. Attend this session to review, step-by-step, how you can comply calmly and confidently with this fundamental HIPAA requirement.
- The Audits also revealed noncompliance with other basic HIPAA requirements of the Privacy Rule concerning the Individual’s Right of Access to medical records, the Notice of Privacy Practices, and Breach Notification. Common misunderstandings about these requirements and how to comply with each of them will be explained.
Faculty - Mr.Paul R. Hales
Paul R. Hales received his Juris Doctor degree from Columbia University Law School and is licensed to practice law before the Supreme Court of the United States. He is an expert on HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis. Paul is the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and business associates.
