Did you know there are fifteen significant ways in which The Omnibus Final Rule changes privacy and security provisions from those in the original HIPAA regulations? These changes have major financial, operational and legal risk management consequences for all hospitals, medical practices, health plans, and now their business associates and subcontractors that were not previously considered BAs. One of those changes mandates the Department of Health and Human Services to conduct investigations of claims made to it and the use of audits to ensure compliance with the HIPAA Privacy and Security requirements. Learn about the OCR Audit protocol, and how your organization can prepare. If your organization accesses, creates, receives, maintains or transmits protected health information or electronic protected health information, view this informative webinar.
This session is offered as a 60-minute Live Web Event using the GoToWebinar platform. The open format encourages questions during and after the session. Attendees will receive the presentation materials the day after the event.
No matter where your organization is in its HIPAA-HITECH compliance journey, you will benefit from learning:
- The requirements of the HIPAA Privacy and Breach Notification Rules
- The major changes brought about by the HITECH Act
- The causes of data breaches and complaint-driven investigations and what you can do to reduce the risk
- What the OCR audits are requiring from organizations according to their protocols
- The findings of compliance weaknesses from the initial OCR mandated audits
- How to evaluate the level of your organization’s compliance with the regulations
- Practical, actionable steps to take today to mitigate risk and help assure compliance
Date & Time
July 16th 2015
11:00 AM CDT
Although most healthcare covered entities think they’ve got their act totally together when it comes to the HIPAA Privacy Rule, preliminary OCR observations from the first proactive audits highlighted serious weaknesses in privacy training, safeguards, policies & procedures, sanctions, training and mitigation.
Consistently, six of the typically ten requirements of OCR Corrective Action Plans have included: develop and implement privacy & security policies and procedures; respond to incidents; provide training for employees; implement sanctions for employee non-compliance; implement safeguards; monitor results.
How many breaches could be avoided, or the risk reduced, by heightened focus on privacy procedures, training, sanctions, safeguards, incident response and monitoring?
The facts show…the majority of data breaches result from insider actions, not outside hackers-suggesting organizations should perform a Privacy Rule compliance assessment to learn exactly where they stand!
According to the recently-published Ponemon Institute 2012 Cost of Cyber Crime: US:
- The most expensive type of cyber-attack in the US, accounting for 58% of all cyber crime costs annually: malicious insiders
- The highest cost increase of a cyber-attack by 66% since 2010: malicious insiders
- The longest time to recover from a cyber-attack averaging 57.1 days: malicious insiders
In a 2011 Ponemon study, only 30% of breaches resulted from criminal attacks. The remaining 70% were internally driven, including unintentional employee action, malicious insider and snooping. Only 5% of the breaches on the HHS “Wall of Shame” are the result of “Hacking/IT Incident” or “Unknown”.
The remaining 95%? Avoidable activities by workforce members: unauthorized access or disclosure, theft, loss, or improper disposal.
Privacy-violation complaints to HHS have increased over 40% since HITECH was enacted in 2009, and may reach 12,000 this year. The top four issues comprise virtually the exact list since 2003: impermissible uses and disclosures; lack of safeguards; patient access; and disclosure of/access to more than the minimum necessary.
Unlike with a periodic security assessment, which is required by the HIPAA Security Rule, privacy assessments are not required by the law–but it would be smart to do one!
Learn Exactly Where You Stand In Compliance With the HIPAA Privacy Rule!
Receive practical, actionable advice and approaches to assessing your privacy compliance program while reducing the risk of a breach or complaint, or sizable penalty from an audit.
- Prepare for Mandatory Audits or Investigations
- Build Solid Educational Foundation of the Privacy and Breach Notification requirements
- Re-energize Overall Compliance Program
- Establish a Baseline for Progress Monitoring
- Understand your Gaps in Compliance
- Develop/Execute on a Prioritized Remediation Plan
- Reduce the Risk of a Costly Data Breach