In September of 2017, OCR shared preliminary results of their Phase 2, nation-wide, HIPAA Audits.
As it relates to HIPAA Security Risk Analysis and Management the results were pretty shocking.
OCR reported that 83% of those they audited had a score of "inadequate" or "failure" on their performance of an information security risk analysis while 94% had a score of "inadequate" or "failure" on their efforts of establishing or maintaining an information security risk management plan.
A couple months ago the OCR announced their $3.5 million settlement with Fresenius Medical Care North America (FMCNA). The main reason cited by the OCR was that Fresenius "failed to heed HIPAA’s risk analysis and risk management rules." OCR Director Roger Severino had some very clear and strong words about the importance of performing a HIPAA Security Risk Analysis.
He said, "The number of breaches, involving a variety of locations and vulnerabilities, highlights why there is no substitute for an enterprise-wide risk analysis for a covered entity. Covered entities must take a thorough look at their internal policies and procedures to ensure they are protecting their patients' health information in accordance with the law."
Why you should Attend
HIPAA enforcement is on the rise. The primary enforcement body is the U.S. Health and Human Services (HHS) Office for Civil Rights (OCR).
They've warned that the most common HIPAA compliance error they consistently see is failure to perform an adequate HIPAA Security Risk Analysis. If health care organizations participated in Meaningful Use or MACRA (The Medicare Access and CHIP Reauthorization Act of 2015) then they are required to annually certify to performing a HIPAA Security Risk Analysis.
Even if an organization did not participate in these programs, if they are required to comply with HIPAA then they need to perform this analysis periodically.
Areas Covered in the Session
- Recent enforcement and fines resulting from HIPAA Security Risk Analysis failures
- Outlook of future enforcement
- HIPAA Security Risk Analysis requirements
- How to perform a HIPAA Security Risk Analysis
- Remediating findings from the risk analysis
Who Will Benefit
- Any Healthcare Organization that is required to follow HIPAA
- Physician Practices Participating in MACRA
- Hospitals and Organizations that Accepted Government Financial Incentives to Implement Electronic Health Records
- Compliance Officer
- HIPAA Privacy and Security Officers
C.J. Wolf, MD, M.Ed. has been involved in healthcare for over 20 years beginning with his years in medical school. Early in his career, Dr. Wolf made a change to healthcare administration, reimbursement and compliance. He has worked in various coding, reimbursement or Chief Compliance Officer roles for Intermountain Healthcare, the University of Texas MD Anderson Cancer Center, the University of Texas System and Merit Medical Systems. He currently is Sr. Compliance Executive at Healthicity.
Dr. Wolf has a passion for teaching and education. He has developed and taught curricula for adult employees seeking national coding certifications, trade workshops and seminars, and has served as adjunct faculty for Salt Lake Community College and currently is Faculty at Brigham Young University-Idaho. In addition to his medical degree from the University of Illinois at Chicago College of Medicine, Dr. Wolf holds a master of education (M.Ed.) from the University of Texas at Brownsville. He completed his B.S., magna cum laude, from Brigham Young University, Provo, UT.
He holds the following professional certifications:
AAPC (American Academy of Professional Coders): CPC (Certified Professional Coder), COC (Certified Outpatient Coder)
HCCA (Health Care Compliance Association): CHC (Certified in Healthcare Compliance)
SCCE (Society of Corporate Compliance and Ethics): CCEP (Certified Compliance & Ethics Professional)
IIA (Institute of Internal Auditors): CIA (Certified Internal Auditor)