This entry is part 25 of 27 in the series HIPAA Audit Tips

Gregory J. Ehardt, JD, LL.M. | HIPAA/Assistant Compliance Officer | HCA Adjunct Professor | Office of General Counsel | Idaho State University has joined the Clearwater HIPAA Compliance BootCamp™ Faculty.  Mr. Ehardt will be sharing his experiences and lessons learned from the recent OCR Investigation that resulted in a Settlement Agreement with HHS/OCR that included a Corrective Action Plan and $400K payment.  Here’s today’s big tip – Go to School On Idaho State University (ISU).

HIPAA Audit Tips –  Learn from ISU’s Greg Ehardt

Gregory J. Ehardt, JD, LL.M. | HIPAA/Assistant Compliance Officer | HCA Adjunct Professor | Office of General Counsel | Idaho State University

Gregory J. Ehardt, JD, LL.M.

Last week the Settlement Agreement reached by ISU and HHS/OCR was announced.  ISU has agreed to pay $400,000 to the U.S. Department of Health Human Services (HHS) to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  The settlement involves the potential impermissable disclosure of unsecured electronic protected health information (ePHI) of approximately 17,500 patients at ISU’s Pocatello Family Medicine Clinic.

Blogosphere is Lit Up! Clearwater is Bringing the Real Deal

Yes, every pundit – many newly self-declared HIPAA experts – has a comment to make.  Clearwater Compliance has been assisting ISU throughout the investigation.  Mr. Gregory J. Ehardt, JD, LL.M. | HIPAA/Assistant Compliance Officer | HCA Adjunct Professor | Office of General Counsel has agreed to join the Clearwater HIPAA Compliance BootCamp™ Faculty for the remainder of 2013 and share his experiences managing this OCR Investigation process on behalf of ISU.  Mr. Ehardt will make presentations at each of the Clearwater Compliance  Clearwater HIPAA Compliance BootCamp™ sessions beginning May 29th.

Attend Mr. Ehardt’s Presentation at an Upcoming Clearwater HIPAA Compliance BootCamp™

Proven HIPAA Audit Tips – Other Actions You Should Take Now to Prepare for OCR HIPAA Investigations or Audits

We recommend that organizations who have not already done so complete some fundamental preparation activities which include, but are not limited to:

  1. Establish a formal Privacy and Security Risk Management & Governance Program. (45 CFR § 164.308(a)(1))
  2. Complete a HIPAA Security Evaluation. (45 CFR § 164.308(a)(8))
  3. Complete a Privacy Rule compliance assessment. (45 CFR §164.530)
  4. Complete a Breach Rule compliance assessment. (45 CFR §164.400)
  5. Complete a HIPAA Security Risk Analysis (45 CFR §164.308(a)(1)(ii)(A))
  6. Develop comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures. (45 CFR §164.530, 45 CFR §164.316 and 45 CFR §164.414 )
  7. Document and act upon a corrective action plan.

Join the 350+ companies (both covered entities and business associates) that work with Clearwater Compliance. We can help your organization jump-start your HIPAA Compliance program.

Wanna be even more ready for an audit or hip on HIPAA? Learn more…

The complete HIPAA Privacy, Security and Breach regulations are here.

If you’d like keep up to date on Audit Preparation, Risk Analysis or HIPAA-HITECH in general, please consider (all optional!):

Series Navigation<< HIPAA Audit Tips – Be Careful Claiming "Conduit"HIPAA Audit Tips – Conduit, Business Associate, or Something Else? >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.