HIPAA Privacy Rule Amendments, Audits & Penalties - New Push for Compliance

Event Information
Product Format
Prerecorded Event
Conference Date
Tue, May 29, 2012
120 Minutes
Product Description

The Health and Human Services (HHS) is currently implementing audits to meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA) for performing periodic audits of compliance with the HIPAA Privacy and Security Rules, and up to 150 random HIPAA compliance audits will be performed. In addition, new audit and enforcement activity is taking place related to the new HIPAA Breach Notification Rule – when a breach is reported, HHS inspectors can investigate to determine if a penalty is warranted. This means that the HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready, or face fines of up to $50,000 per day for each regulatory provision violated.

The HIPAA Privacy Rule is also undergoing significant changes that have increased both the breadth of entities subject to the rule and the compliance work needed, with expanded patient rights. The HITECH Act passed in 2009 brings about changes to things like who is a Business Associate and who is responsible for their compliance and any HIPAA violations they make. The new requirements have a direct impact on what needs to be put into the business associate agreements you establish and how to allow individuals to receive electronic copies of information held electronically, requiring that entities clearly define their HIPAA Designated Record Set, and proposed Accounting of Disclosures rule changes make defining the DRS even more important.  Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates will need to establish new compliance programs.

Key Highlights :

  • Fines and penalties for violations of the HIPAA regulations have been significantly increased and now include mandatory fines for willful negligence that begin at $10,000 minimum.
  • New regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.
  • New requirements for disclosers of health information to apply “minimum necessary” standards.
  • What HHS OCR is likely to ask you if you are selected for an audit, and what you'll have to have prepared already when they do.
  • EHR vendors must provide the new tools necessary for their users to meet HIPAA requirements.
  • Business Associates have new requirements to comply with HIPAA privacy protections and security safeguards and are subject to enforcement and penalties directly by HHS.
  • Sub-contractors of Business Associates, Health Information Exchanges, Regional Health Information Exchanges, and e-Prescribing gateways are now considered to be Business Associates
  • New limitations on marketing and fund-raising may change how entities can reach out to individuals.
  • The new penalty structure and the new audit program mean that you are more likely to be audited for HIPAA compliance, and you may be facing significantly higher penalties for non-compliance than ever before.
  • HIPAA Audits have been few and far between in the past, but that's changed- the HHS is auditing HIPAA covered entities and business associates even if there have been no complaints or problems reported.
  • The rules are that you need to comply with will be explained and we will describe the policies you can adopt that can help you come into compliance and be prepared for an audit.
  • The documentation needed to survive an audit and avoid fines will be described.
  • We will discuss what you'll need to think about to deal with current and future threats to the security of patient information.
  • Steps to follow to prepare for an audit and respond to an audit request will be outlined.
  • Individuals can now request certain restrictions on disclosures that you must honor.
  • And much more…


Order Below or Call 1-866-458-2965 Today

You can also order through:




About Our Speaker

Jim Sheldon Dean - HIPAA Compliance & Regulations Expert

Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...   More Info
More Events By The Speaker

Why AudioEducator?
  • Save money on travel.
  • Meet your specific training needs.
  • Keep learning after the event.
  • Save time training your whole staff.
Join Our Mailing List
Our Accreditation Partners
Facebook Twitter Linkedin Youtube RSS Feeds Google Plus