HIMSS14 Preview: Tips for Being Ready for a HIPAA Audit
The HHS Office for Civil Rights will start ramping up HIPAA privacy/security rule audits during 2014 and a session on February 24 at HIMSS14 will get into details on what providers need to know. Susan McAndrew, deputy director for privacy in OCR, will walk through the rationale and components of the audit program.
The HHS Office for Civil Rights will start ramping up HIPAA privacy/security rule audits during 2014 and a session on February 24 at HIMSS14 will get into details on what providers need to know.
Susan McAndrew, deputy director for privacy in OCR, will walk through the rationale and components of the audit program.
James Wieland, a principal and HIPAA attorney at the Ober/Kaler law firm in Baltimore, then will discuss tricky areas within the revised HIPAA privacy, security and breach notification rules that became effective in 2013. Hell discuss new policies for assessing a breach of protected health information and how to balance factors to decide if it is reportable, new liability issues with business associates and the need to monitor their compliance with HIPAA, and the scope of responsibility downstream to business associates and subcontractors when a patient requests that certain information not be disclosed, among other issues.
Wieland also will talk about legal traps that could cause unnecessary problems for covered entities, such as overly broad contract language that gives a covered entity more control over a business associate than it really needs to have, which could expose the covered entity to an unnecessary level of liability. Lawyers, he explains, want to control everything a business associate does. But business associates will be judged on the extent that a covered entity can control its activities. If a covered entity doesnt have the knowledge and duties of a business associate, then it shouldnt put itself in position of being responsible for actions of the business associate.
Another tip Wieland will pass on is to arrange with a credit/ID protection agency--in advance of a breach--to offer such services after a breach occurs. The cost of credit insurance has fallen significantly and having the service already contracted shows an organizations commitment to protect patients, he says. Plus, the cost is even lower when arranging services in advance.
For McAndrew and Wieland, the goal of the session is pretty simple, he says. Theyll get some useful tools for managing HIPAA compliance. Education session 18, HIPAA Compliance: Stepping It Up in 2014, is scheduled at 10 a.m. on Tuesday, Feb. 24.
Susan McAndrew, deputy director for privacy in OCR, will walk through the rationale and components of the audit program.
James Wieland, a principal and HIPAA attorney at the Ober/Kaler law firm in Baltimore, then will discuss tricky areas within the revised HIPAA privacy, security and breach notification rules that became effective in 2013. Hell discuss new policies for assessing a breach of protected health information and how to balance factors to decide if it is reportable, new liability issues with business associates and the need to monitor their compliance with HIPAA, and the scope of responsibility downstream to business associates and subcontractors when a patient requests that certain information not be disclosed, among other issues.
Wieland also will talk about legal traps that could cause unnecessary problems for covered entities, such as overly broad contract language that gives a covered entity more control over a business associate than it really needs to have, which could expose the covered entity to an unnecessary level of liability. Lawyers, he explains, want to control everything a business associate does. But business associates will be judged on the extent that a covered entity can control its activities. If a covered entity doesnt have the knowledge and duties of a business associate, then it shouldnt put itself in position of being responsible for actions of the business associate.
Another tip Wieland will pass on is to arrange with a credit/ID protection agency--in advance of a breach--to offer such services after a breach occurs. The cost of credit insurance has fallen significantly and having the service already contracted shows an organizations commitment to protect patients, he says. Plus, the cost is even lower when arranging services in advance.
For McAndrew and Wieland, the goal of the session is pretty simple, he says. Theyll get some useful tools for managing HIPAA compliance. Education session 18, HIPAA Compliance: Stepping It Up in 2014, is scheduled at 10 a.m. on Tuesday, Feb. 24.
More for you
Loading data for hdm_tax_topic #reducing-cost...