The random HIPAA Compliance Audit program had a year of trial audits in 2012. The US Department of Health and Human Services reviewed the results of that work and performed a second round of audits, this time including HIPAA Business Associates, beginning in 2016 and concluding in 2017. The law calls for a permanent Audit program, but HHS has indicated that the HIPAA audit program will be on hold for at least the time being, and that the next product will be a report on best practices learned in the audits conducted so far. However, that doesn’t mean there will be no enforcement of the HIPAA rules. Knowing what questions are likely to be asked and have been asked at prior HIPAA compliance audits can make preparing for and surviving a HIPAA audit or enforcement review much easier. USDHHS has published the updated protocol being used for the HIPAA audits, so it is now possible to know how to prepare for an audit or enforcement review. In fact, preparing for a HIPAA Audit is one of the best ways to be ready to respond to any enforcement action, and going through an internal HIPAA Audit will help you find issues before they become problems that can lead to penalties. In this practical webinar, you will be equipped with the tools and information to ensure compliance with the current HIPAA regulations.
In this session, you will learn about the HIPAA audit program and how it works, including a review of the targeted areas that caused the most issues in the 2012 and 2016 audits. You will analyze the audit findings, including the types of issues most prevalent and what kind of entities had the most problems, and show where entities need to improve their compliance the most. You will examine the updated HIPAA Audit Protocol, as well as other questionnaires that have been used in the past and may be used to help prepare an organization for a future review, including determining what documentation needs to be on hand should your organization be selected for an audit or enforcement action. You will also explore the typical risk issues that lead to breaches of health information and see how those issues may be targets for auditors and enforcement action in the future. This will help you to determine how to create a framework of security policies necessary for compliance.
You will then learn about methods for using the contents of the HIPAA Audit Protocol to build your own compliance plan by extracting the contents and relating your compliance activities and documentation directly to the questions that might be asked, thereby creating a compliance management tool to ensure continued compliance improvement. You will outline the steps to follow to prepare for an audit and respond to an audit request. In addition, you will learn about upcoming trends in information security risks, so you can start to plan for the work you’ll need to do to stay in compliance and keep patient information private and secure.
Nearly any health-care covered entity may be subject to an audit or enforcement investigation; necessitating that all entities know what questions they’ll be asked, what information they’ll need to provide, and how to prevent issues that could lead to violations and fines.
Upon course completion, you will be able to:
- Find and correct some of the most prevalent security and privacy compliance issues, based on the experience gained in the 2012 and 2016 HIPAA Random Audit Program audits and in the HIPAA Breach Notification process
- Recognize and avoid fines and penalties for violations of the HIPAA regulations that have been significantly increased and now include mandatory fines for willful neglect of the rules that begin at $10,000 minimum and can reach $50,000 per day
- Examine the HIPAA Audit Protocol, along with the sets of questions asked at other HIPAA audits previously
- Determine what HHS OCR is likely to ask you if you are selected for an audit, and what you’ll have to have prepared already when they do
- Describe the rules you need to comply with and what policies you can adopt that can help you come into compliance
- Determine how the HIPAA rules have changed and how you may need to change how you work to keep up with them
- Identify if your documentation procedures are compliant to survive an audit or enforcement review
- Export the contents of the HIPAA Audit Protocol and use them as the foundation of your compliance activities and documentation