The Health and Human Services (HHS) is currently implementing audits to meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA) for performing periodic audits of compliance with the HIPAA Privacy and Security Rules, and up to 150 random HIPAA compliance audits will be performed. In addition, new audit and enforcement activity is taking place related to the new HIPAA Breach Notification Rule – when a breach is reported, HHS inspectors can investigate to determine if a penalty is warranted. This means that the HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready, or face fines of up to $50,000 per day for each regulatory provision violated.
The HIPAA Privacy Rule is also undergoing significant changes that have increased both the breadth of entities subject to the rule and the compliance work needed, with expanded patient rights. The HITECH Act passed in 2009 brings about changes to things like who is a Business Associate and who is responsible for their compliance and any HIPAA violations they make. The new requirements have a direct impact on what needs to be put into the business associate agreements you establish and how to allow individuals to receive electronic copies of information held electronically, requiring that entities clearly define their HIPAA Designated Record Set, and proposed Accounting of Disclosures rule changes make defining the DRS even more important. Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates will need to establish new compliance programs.
Key Highlights :
Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...
More Events By The Speaker