OCR Launches Phase 2 HIPAA Audits for Covered Entities and Business Associates: Are You Ready?

Duration: 90 Minutes
Every Covered Entity and Business Associate is liable to be audited for HIPAA Compliance by U. S. Department of Health and Human Services (HHS). HIPAA Compliance Audits are now underway. HHS finalized HIPAA Compliance Audit procedures and is screening Covered Entities picked randomly from the National Provider Identifier (NPI) database to identify the first group of Covered Entities to be audited. The first group of Business Associates audited for HIPAA Compliance will be selected from Business Associates of the first group of Covered Entities. This is an enforcement audit.
HIPAA Audits for Covered Entities
Instructor: Paul R Hales
Product ID: 501578
  • You will have only 2 weeks after receiving your HIPAA Compliance Audit notification and data request to upload all requested documents to an HHS HIPAA Compliance Audit Portal
  • The HIPAA Compliance Audit data request you receive will specify content and file organization, file names and any other document submission requirements
  • Auditors will not contact an audited entity for clarifications or ask for additional information - it is essential that submitted documents are current, accurately reflect the entity's HIPAA Compliance program and demonstrate HIPAA Compliance
  • Only data submitted on time will be assessed
  • Failure to respond on time may be referred to the HHS regional office subjecting the entity to a thorough HIPAA Compliance review
  • Some of the first group of audited entities will be selected for comprehensive on-site HIPAA Compliance Audits instead of the more limited review of uploaded documents (called a "desk audit" by HHS)
HHS conducted pilot audits of Covered Entities to help design the current official HIPAA Compliance Audit Program. Results of the pilot audit published by HHS revealed:
  • Widespread non-compliance by Covered Entities of all sizes - and HHS made special mention that Small Entities "struggle" with HIPAA Privacy, Security and Breach Notification Rule Compliance
  • HHS says more than 90% of Health Care Providers are Small Entities according to Federal guidelines
  • The most common cause of failure was the audited entity was unaware of the HIPAA Compliance requirement
  • 80% of Health Care Providers failed to have an accurate or complete Risk Analysis - mandatory for all Covered Entities since 2005 and all Business Associates
HIPAA Compliance Audits are just one example of increased HIPAA Compliance enforcement. Massive data breaches, theft of Protected Health Information (PHI) and public and political pressure demand close scrutiny of the HIPAA Compliance program of every Covered Entity and Business Associate, regardless of size. From September 2009 through May 31, 2015 HHS received more than 173,000 reports of breaches of PHI affecting less than 500 individuals and approximately 1,240 reports of breaches affecting 500 or more individuals.

Objectives of the Presentation
  • What to Expect - HHS HIPAA Compliance Audit Topics and Procedures
  • Specific Steps to Prepare for an HHS HIPAA Compliance Audit
Why Should you Attend
Widespread systemic compliance problems, fines in the millions of dollars, and even jail time for some medical providers. All due to a lack of preparation or even (un)intentional neglect of HIPAA regulations. The U.S. Department of Health and Human Services (HHS) announced an agreement in April 2015 with Cornell Prescription Pharmacy (CPP) a small store Denver, Colorado to settle HIPAA violations. CPP will make a payment of $125,000, pay its own legal and related costs and follow a two year corrective action plan designed and supervised by HHS. The press release issued by HHS announcing the agreement emphasized HIPAA compliance is mandatory for organizations "regardless of size". Investigators found Cornell Pharmacy failed reasonably safeguard Protected Health Information, implement HIPAA Privacy Rule policies and procedures or provide and document HIPAA workforce training. If CPP does not comply with the plan HHS will impose a Civil Money Penalty (CMP) for the violations it has already found. The CMP would be in addition to CPP's $125,000 payment and may be reflect any other HIPAA violations by CPP that comes to attention of HHS. This agreement demonstrates the new, higher level of strict HIPAA enforcement by HHS and the consequences for any small provider that does not implement the HIPAA Rules.

Who can Benefit
  • HIPAA Compliance Official (HIPAA Officer)
  • Compliance Director
  • Practice Manager
  • Privacy Officer
  • Security Officer
  • CEO
  • CFO
  • COO
  • Chief Information Officer
  • Information Systems Manager
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager
  • Chief Clinical Officer
  • Human Resources
  • Health Care Provider - Business Associate
  • HIPAA Compliance Officials
  • Top Management
  • Health Care Provider Practice Manager
  • Risk Manager - Compliance Manager
  • Information Systems Manager
  • Legal Counsel
Topic Background
Audits began in 2015 by the HHS prioritizing issues including computing device and storage media security controls, transmission security, and HIPAA safeguards such as procedures and staff training. The priorities in 2016 will include, but are not limited to physical access, encryption, and decryption of PHI. The Office of Civil Rights has begun to enforce these audits.
$300
Recorded Session for one participant
Get life time access with download option!
Book this course
Pay Now
  $450.00 Training CD
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
  $550.00 Training USB Flash Drive
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
For multiple location please contact our customer care team +1-510-857-5896.
How it works
Live Session - How it works
  • Login to onlinecompliancepanel with your registered username and password https://www.onlinecompliancepanel.com/login
  • The webinar joining link, username and password for joining the webinar will be updated on your OCP Account 24 hours prior to the webinar
  • Presentation handouts in Downloadable PDF format will be updated on your OCP Account 24 hours prior to the live session
  • Login to the audio conference on the scheduled date and time
  • Get answers to your queries through interactive Q&A sessions via chat at the end of the session
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account 24 hours after the completion of the session
  • Please let us know your thoughts and views at the end of the webinar, your valuable feedback will help us improve
Recorded Session - How it works
  • Login to onlinecompliancepanel with your registered username and password https://www.onlinecompliancepanel.com/login
  • Upon purchase of the recorded session a link will be updated on your OCP Account within 24 hours
  • Please click on the link to access the Recorded Session
  • Presentation handouts in downloadable PDF format will be updated on your OCP Account within 24 hours of the purchase of the product
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account after 48 hours of the product Purchase
  • Please share your valuable Feedback at the end of the session
Instructor Profile:
"Paul Hales received his Juris Doctor degree from Columbia University Law School and is licensed to practice law before the Supreme Court of the United States. He is an expert on HIPAA Privacy, Security, Breach Notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis. Paul is the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and business associates."


View More