How to Prevent HIPAA Breaches in Your Agency
Since the compliance date of the Privacy Rule in April 2003, the Office of Civil Rights (OCR) has received over 158,834 HIPAA complaints. As of June 30, 2017 the Office of Civil Rights has investigated and resolved over 25,257 cases of HIPAA covered entities and their business associations. To date, through the settlement process, the OCR has settled 52 cases to the tune of $72,929,182 and in 2016 alone levied $23 million in fines.
You only have to view the Office of Civil Rights HIPAA page on investigations to see it has been a very busy year for them thus far! For example:
- Careless handling of HIV information jeopardizes patient’s privacy, costs entity $387k - May 23, 2017
- Texas health system settles potential HIPAA violations for disclosing patient information - May 10, 2017
- $2.5 million settlement shows that not understanding HIPAA requirements creates risk - April 24, 2017
- No Business Associate Agreement? $31K Mistake - April 20, 2017
- Overlooking risks leads to breach, $400,000 settlement - April 12, 2017
- $5.5 million HIPAA settlement shines light on the importance of audit controls - February 16, 2017
- Lack of timely action risks security and costs money - February 1, 2017
- HIPAA settlement demonstrates importance of implementing safeguards for ePHI - January 18, 2017
- First HIPAA enforcement action for lack of timely breach notification settles for $475,000 - January 9, 2017
It’s no wonder HIPAA continues to stay at the forefront of agency concerns, especially since the OCR began itsdesk reviews as part of their 2016 Phase 2 HIPAA Audit Program (with on-site reviews occuring in 2017). This workshop will:
- Differentiate the HIPAA Privacy Rule from the HIPAA Security Rule
- Review highlights of the HIPAA Omnibus rules that every agency should know related to risk assessment
- Review essential areas of a HIPAA risk assessment/analysis
- Point out key areas of agency vulnerabilities including challenges for covered entities and business associates
- Identify top security challenges and cyber security threats in the healthcare industry
The presenter of this workshop is Matthew A. Fisher, Partner for Poyner Spruill, LLP. Matt’s practice focuses on the representation of health care providers, with an emphasis on HIPAA compliance, privacy and information security matters and Certificate of Need law. He advises clients on privacy and HIPAA compliance issues, the litigation of Certificate of Need awards and denials and assists health care providers with the development of Certificate of Need applications. He also represents health care clients on licensure and certification issues, including appeals challenging certification and licensure survey decisions and penalties, and issues pertaining to DMA provider payment denial.