HIPAA Security Spot Audits Begin: Chicken Littles and Annual Traditions

Date: February 13th 2012 from 1pm to 2pm EST

The Health Information Technology “Chicken Littles” who have been writing and saying for the past year that the Office for Civil Rights (“OCR”) of the U.S. Department of Health and Human Services (“HHS”) will ramp up Health Insurance Portability and Accountability Act (HIPAA) Security enforcement have been proven at least partially correct. Spot audits of healthcare providers, health plans and HIPAA Business Associates have begun.

On December 1, 2011, OCR published its sample audit letter, indicating that the entity that receives such a letter will be the subject of an audit, conducted by KPMG LLP, within 30 to 90 days of receipt of the letter. Approximately 20 of these letters have gone out, mostly to health care providers but some to health plans and health care clearinghouses as well. OCR intends to audit at least 150 entities in this first “pilot” audit project

The audits will assess, among other things, technical, physical and administrative safeguards for patient-identifiable information, steps to prevent data breaches, protocol for response to and remediation of breaches and documentation of a current HIPAA Security Risk Analysis. The auditors will, of course, review the key information systems, but they will also look for indications that security is an integral part of the business. The time to document such efforts, and training of the work force on security safeguards, is before an Audit Letter is received.

This webinar will provide practical information from a veteran attorney with broad experience in this field. It will address proactive steps, including internal mock audits, to be taken as the landscape shifts in the face of enhanced enforcement of the HIPAA Security Rule and the HITECH Act.

Speaker: Kenneth N. Rashbaum, Esq.

Kenneth N. Rashbaum, Esq., is an attorney in New York City. His practice focuses upon counsel to health care providers and life sciences corporations on privacy and security compliance and implementation. He has over twenty-five years’ experience in health care and the pharmaceutical industry as a litigator, trial lawyer and counselor, has presented numerous Grand Rounds and in-service lectures on a spectrum of compliance issues, and speaks and writes across the U.S. on health information system, privacy and security and operational design. www.rashbaumassociates.com