How to Prepare for an OCR HIPAA Breach Investigation
Jay Hodes is a leading expert in HIPAA compliance and President of Colington Consulting. His company provides HIPAA consulting services for healthcare providers and business associates. Mr. Hodes has over 30 years of combined experience in risk assessments, site security evaluation, regulatory compliance, policy and procedures assessments, and Federal law enforcement management. He is the former Assistant Inspector General for Investigations at the U.S. Department of Health and Human Services.
Mr. Hodes has been the keynote speaker and provided presentations regarding HIPAA compliance and patient privacy in many professional healthcare organizations. He has published over 50 educational articles regarding HIPAA compliance, been featured in Part B News articles, the Report on Patient Privacy, provided a guest post in the Electronic Health Reporter, interviewed and provided comments to Hospital Access Management regarding HIPAA privacy issues resulting from the Orlando mass shooting incident, and interviewed three times by Renal & Urology News and the Virtru.com blog regarding HIPAA requirements and safeguards, and interviewed by PracticeSuite EMR as part of their Expert Interview Series.
Mr. Hodes is a member of the Health Care Compliance Association, American Institute of Healthcare Compliance, Healthcare Information and Management Systems Society, American Society for Industrial Security, the Practice Management Association of Northern Virginia, and the Health Technology Forum: DC, Health and Medical Technology Innovation Roundtable at George Mason University. In his free time, Mr. Hodes is a volunteer for Lab Rescue of the Labrador Retriever Club of the Potomac and the non-profit organization, Outer Banks (NC) Sporting Events.
Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If your organization is the subject of an OCR investigation, you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the understanding of the fundamentals of a HIPAA and how you will be required to demonstrate your organization’s compliance program.
If your healthcare practices, business, or organization needs to understand how to be prepared for a HIPAA investigation and make sure your current safeguards are adequate and can withstand government scrutiny, please join us for this informative and interactive course.
- Understanding HIPAA, HITECH and the Omnibus Rule
- What are the HIPAA Security and Privacy Rules?
- What is a HIPAA Risk Management Plan?
- What is meant by “Required” and “Addressable” Implementation Specifications?
- What are Administrative, Technical, and Physical Safeguards Requirements?
- What will OCR accept for a HIPAA Risk Assessment?
- How to document HIPAA training requirements
- How to prevent HIPAA data breaches from occurring
- What are the penalties and fines for non-compliance?
- How to Prepare for an OCR Investigation and Data Request
- HIPAA Violation Case Examples
Who Should Attend
- Compliance Officer
- HIPAA Privacy Officer
- HIPAA Security Officer
- Medical/Dental Office Managers
- Practice Managers
- Information Systems Manager
- Chief Information Officer
- General Counsel/lawyer
- Practice Management Consultants
- Any Business Associates that access protected health information
Why Should Attend
In 2016, there was a trend towards higher settlements payments. There were 7 settlements over $1 million including $5.5 million, $3.9 million, and $2.75 million and 12 overall resolutions settlements. In 2017, there was continued HIPAA enforcement with a number of new settlements announced and the trend will continue.
Roger Severino, the Director of OCR, has said “enforcement is a key aspect of HIPAA” and organizations must embrace a “new posture of preventive security.” If your organization experiences a HIPAA breach, OCR will be conducting an investigation and request compliance policies and procedures, risk assessment reports and training records. Find out how to prepare. The instructor for this webinar has worked with organizations under investigation by OCR.
Attendees will leave the webinar clearly understanding of all the requirements that must be in place for HIPAA and how to demonstrate compliance if investigated.