HIPAA Compliance. Mandatory for 7 MILLION Covered Entities (CE) & Business Associates (BA) 70% of the market is NOT compliant!
|
|
- Isabel Harmon
- 5 years ago
- Views:
Transcription
1 1
2 HIPAA compliance Mandatory for 7 MILLION Covered Entities (CE) & Business Associates (BA) 70% of the market is NOT compliant! HITECH/EHR incentive requires: Stage 1. Risk Assessment for Meaningful Use Core Measure 15 Stage 2. Illustrate corrective actions Omnibus Rule HIPAA Compliance Compliance date was September 2013 Requires CEs/BAs to be HIPAA compliant CE must have (BAAs) Business Associate Agreements 2
3 Phase 1 Audit Results Only Covered Entities were audited ONLY 11% had no findings/observations 98% of health care providers had at least one negative finding Small-sized Covered Entities struggled with all three HIPAA Standards 3
4 BOTH Covered Entities and Business Associates will be audited Stricter audit protocols Phase 2 Audits OCR (Office of Civil Rights) have started sending Pre-Audit Screening surveys said no one ever 4
5 Pre-Audit Screening Surveys Randomly selected from National Provider Identifier (NPI) database and America s Health Insurance Plans databases A pool of 550 to 800 entities selected for surveys 2 weeks to respond 5
6 Phase 2 Pre-Audit Screening Surveys 6
7 Will focus on: Areas of greater risk to PHI Non-compliance issues observed during Phase 1 Risk Analysis/Assessments Phase 2 Audits Breach Notifications Notice of Privacy Practices Workforce member training Identifying best practices Uncover risks/vulnerabilities not yet identified 7
8 The Seven Fundamental Elements of an Effective Compliance Program 1. Implementing written policies, procedures and standards of conduct. 2. Designating a compliance officer and compliance committee. 3. Conducting effective training and education. 4. Developing effective lines of communication. 5. Conducting internal monitoring and auditing. 6. Enforcing standards through well-publicized disciplinary guidelines. 7. Responding promptly to detected offenses and undertaking corrective action. *Source HHS & OIG 8
9 Phase 2 Preparation Protocols Confirm the organization has recently completed a comprehensive assessment Risk Assessment. Confirm that all action items identified in the Risk Assessment have been completed or are on a reasonable timeline to completion. Ensure that the organization has a complete inventory of BAs and their contact information for purposes of the Phase 2 Audit data requests. If the organization has not implemented any of the Security Standards addressable implementation standards for any of its information systems, documentation requires: (1) Why any such addressable implementation standard was not reasonable and appropriate, (2) All alternative security measures that were implemented Ensure that the organization has implemented a breach notification policy that accurately reflects the content and deadline. requirements for breach notification under the Breach Notification Standards. For health care provider and health plan covered entities, ensure that the organization has a compliant Notice of Privacy Practices and not just a website privacy notice. 9
10 Phase 2 Preparation Protocols (Cont.) Ensure the organization has reasonable and appropriate safeguards in place for PHI that exists in any form, including paper and verbal PHI. Confirm that workforce members have received training on the HIPAA Standards that are necessary or appropriate for workforce members to perform their job duties. Confirm that the organization maintains an inventory of information system assets, including mobile devices (even in a bring-your-own-device environment). Confirm all systems and software that transmit electronic PHI employ encryption technology, or that the organization has a documented risk analysis supporting the decision not to employ encryption. Confirm the organization has adopted a facility security plan for each physical location that stores or otherwise has access to PHI, in addition to a security policy that requires a physical security plan. Review the organization s HIPAA security policies to identify any actions that have not been completed as required (physical security plan, disaster recovery plan, emergency access procedures, etc.). 10
11 HIPAA Misconceptions HHS and OCR aren't interested in my practice. It s really hard, complicated and I am better off ignoring it. HIPAA is just that form we have patients sign That s enough. All I need is a Risk Assessment. 11
12 Compliance Plan Step 1. Assess where you are against the regulation (GAP) The key to a risk analysis is auditing yourself against the administrative, technical, and physical aspects of HIPAA A risk analysis will help you attest to Meaningful Use Stage 1 Core Requirement 15 Step 2. Remediation Plan Prove that you remediated the deficiencies identified in the risk analysis Policies & Procedures, Training, and Attestation 12
13 Compliance Plan (Continued) Step 3. How do you prove it? Successful compliance plans address: Administration and Technical Policies and Procedures IT security Devices installed and maintained within your organization Physical Security within physical locations of your practice(s) (Meaningful Use Stage 2 Core Requirement 9 requires remediation of found deficiencies during the risk analysis to be documented and completed) Step 4. Maintain your compliance As the regulations, staff, and practice changes 13
14 Compliance In 3 Steps! HIPAA Education Series sponsored by: HIPAA ( ) 14
15 15
16 Questions? For more information, contact: Sales & Demo Scheduling Ques3ons Marc Haskelson ext 507 HIPAA Ques3ons Bob Grant ext
17 17
The Relationship Between HIPAA Compliance and Business Associates
The Relationship Between HIPAA Compliance and Business Associates 2007-2016 1 What is HIPAA? HIPAA / HITECH Protect patient confidentiality while furthering innovation and patient care Omnibus (September
More informationHIPAA Demystified: Strategies to Bullet Proof Your Compliance Plan. Chris Apgar, CISSP Ron Moser, CISA, CRISC
HIPAA Demystified: Strategies to Bullet Proof Your Compliance Plan Chris Apgar, CISSP Ron Moser, CISA, CRISC Overview The Culture of Compliance First Steps What are the risks? Making a plan Whatever You
More informationManaging the Business Associate Relationship: From Onboarding to Breaches. March 27, 2016
Managing the Business Associate Relationship: From Onboarding to Breaches March 27, 2016 HCCA s 21 st Annual Compliance Institute National Harbor, MD Today s Agenda Onboarding: Health care providers and
More informationThey re Back! Phase 2 OCR Audits Are Underway
They re Back! Phase 2 OCR Audits Are Underway Adam Greene, JD, MPH Partner, Davis Wright Tremaine LLP How You Get to Meet OCR 1. Complaint 2. Compliance Review 3. Breach Report 4. Audit 2 Background on
More informationDo You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?
Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com HCCA 2017 Compliance Institute
More informationDo You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi?
Do You Know What Your Business Associates Subcontractors & Vendors Are Doing With Your PHI & ephi? Web Hull Privacy, Data Protection, & Compliance Advisor Web.Hull@icloud.com HCCA 2017 Compliance Institute
More informationPrivacy Officer s Guide to Evaluating Cloud Vendors
Privacy Officer s Guide to Evaluating Cloud Vendors Andrew Rodriguez, MSHI, HCISSP, CHPC, CHPS, CDP Corporate Privacy and Information Security Officer Shriners Hospitals for Children Adjunct Instructor
More informationOCR Audits: 2012 Results Overview
April 4 th, 2013 OCR Audits: 2012 Results Overview Presented by: Mac McMillan FHIMSS, CISM Name of Presentation CEO, CynergisTek www.cynergistek.com Advancing the Standard of Care Through Healthcare IT
More information2012 HIPAA Privacy and Security OCR Audits
2012 HIPAA Privacy and Security OCR Audits Mark M. Johnson National HIPAA Security Director Overview of HIPAA Compliance High Interest Areas 1 Program Objectives The objectives for the audit program are
More informationa physicians guide to security risk assessment
PAGE//1 a physicians guide to security risk assessment isalus healthcare isalus healthcare a physicians guide to security risk assessment table of contents INTRO 1 DO I NEED TO OUTSOURCE MY SECURITY RISK
More informationHow to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment
How to Finish the HIPAA Security Risk Analysis and Meaningful Use Risk Assessment Caroline Hamilton caroline.r.hamilton@gmail.com Risk & Security LLC As channeled by Dr. HIPAA Meaningful Use was the Hottest
More informationHIPAA and Electronic Information
HIPAA and Electronic Information Are you still acting like it s a paper world? Rebecca Wahler, MS, CHPC, CHC Compliance & Privacy Officer, NMHIC, LCF Research, Albuquerque, NM Overall Goal Develop basic
More informationFrom the Front Lines: Navigating the OCR Phase 2 HIPAA Audits
View the Replay From the Front Lines: Navigating the OCR Phase 2 HIPAA Audits June 16, 2016 Executive Series Webinar Today s Speakers Carla Wagner, HCISPP Privacy Officer Beacon Health System Trish A.
More informationUpdate on Audits of Entity Compliance with the HIPAA Rules
Update on Audits of Entity Compliance with the HIPAA Rules Linda Sanches Office for Civil Rights (OCR) U.S. Department of Health and Human Services September, 2017 Presentation Topics Purpose Phase 2 Audit
More informationContents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule
BEST PRACTICES Iron Mountain Document Conversion Services HEALTHCARE HIPAA Omnibus and the Implications for Document Conversion Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule Contents
More informationGovernance & Total Compliance
Governance & Total Compliance Regulators Expectations & Best Practices to Meet Them Presented by: David M. Rottkamp, CPA Partner, Not-for-Profit Practice Leader Alfonso P. Conti, MPA Manager, Healthcare
More informationView the Recording. Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update. November 17 th, FairWarning, Inc.
Webinar: Accounting of Disclosures: Practical Approaches & Enforcement Update November 17 th, 2011 View the Recording Learning objectives Enforcement update and lessons learned from past HIPAA audits Accounting
More informationWelcome to today s Live Event we will begin shortly. Please feel free to use Chat or Q&A to tell us any burning questions you may have in advance
Welcome to today s Live Event we will begin shortly Please feel free to use Chat or Q&A to tell us any burning questions you may have in advance 1 Welcome to How to Develop Your HIPAA Security Policies
More informationYou Might Have a HIPAA Breach. Now What?
You Might Have a HIPAA Breach. Now What? Ann M. Curran O Connor & Thomas, PC Phuong D. Nguyen Compliance Manager HealthTexas Provider Network Introductions Phuong D. Nguyen Compliance Manager, HealthTexas
More informationYou Might Have a HIPAA Breach. Now What?
You Might Have a HIPAA Breach. Now What? Ann M. Curran O Connor & Thomas, PC Phuong D. Nguyen Compliance Manager HealthTexas Provider Network Introductions Phuong D. Nguyen Compliance Manager, HealthTexas
More informationText. What the Heck is a HIPAA AUDIT? Presented by Sue Miller
Text What the Heck is a HIPAA AUDIT? Presented by Sue Miller What to do before you are Audited? What to do after you are Audited? AGENDA Types of Enforcement Review 2016 OCR HIPAA Audits, Phase 2 Effective
More informationStacey Carr, Division Privacy Officer. Ram Ramadoss, Director, Privacy and Information Security oversight Catholic Health Initiatives
Stacey Carr, Division Privacy Officer Ram Ramadoss, Director, Privacy and Information Security oversight Catholic Health Initiatives 1 HIPAA & Healthcare Industry Overview Overview of Omnibus Rule Changes
More informationCollaboration with Business Associates on Compliance
Collaboration with Business Associates on Compliance HCCA Compliance Institute April 19, 2016 Balancing risk management, compliance responsibility and business growth Responsibility of entities as they
More informationADDING VALUE BY AUDITING HEALTH INFORMATION IMPLEMENTATIONS ALEX ROBISON DAVID ZAVALA
1 ADDING VALUE BY AUDITING HEALTH INFORMATION EXCHANGE IMPLEMENTATIONS ALEX ROBISON DAVID ZAVALA PROTIVITI AHIA 31 st Annual Conference August 26-29, 2012 Philadelphia PA www.ahia.org Speakers Alex Robison
More informationPreparing for an OCR Audit: What is Expected of You
Preparing for an OCR Audit: What is Expected of You Speakers Chuck Burbank CISO and Director of Managed Privacy Services FairWarning Robert Mireles, CIPM Sr. Healthcare Privacy Specialist for Managed Privacy
More informationInteroperability & Secure, Compliant Communications in Healthcare
Interoperability & Secure, Compliant Communications in Healthcare What s Inside 2 Repea t Offenders 3 HIP AA Compliance Issues 4 Business Associat e Agreement 6 Risks For Non- ompliance? 7 Abou 9 2 Risk
More informationE. FOCUS: The electronic medical record system and billing platform utilized by MCCMH.
IV. Definitions A. Appropriate Access: Access to read, write, modify, or communicate EPHI via FOCUS, in the amount minimally necessary in light of an individual s role within the organization, and consistent
More informationNYSARC/CP Compliance Seminar: Risk Assessments. May 2, 2016 Robert Hussar and Melissa Zambri
NYSARC/CP Compliance Seminar: Risk Assessments May 2, 2016 Robert Hussar and Melissa Zambri rhussar@barclaydamon.com mzambri@barclaydamon.com Agenda Introductions Compliance Risk Assessment Process OMIG
More informationEGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Created for mike elfassi
Created for mike elfassi Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service
More informationPrivacy Assessment: Beginning the Process
Privacy Assessment: Beginning the Process Debbie Troklus, Manager (502) 585-7723 debbie.troklus@us.pwcglobal.com Chuck Self ΠωΧ HIPAA Privacy Provisions IIHI vs. PHI Uses and Disclosures Minimum Necessary
More informationHIPAA Summit Presentation Practical Tips to Help AVOID Enforcement
HIPAA Summit Presentation Practical Tips to Help AVOID Enforcement Marc D. Goldstone, Esq. HIPAA Summit Presentation Practical Enforcement Tips 1 Disclaimers Nothing I say is the position (official or
More informationLEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY
LEGAL AND REGULATORY CONSIDERATIONS IN THE US AND INTERNATIONALLY Kirk J. Nahra Wiley Rein LLP Washington, D.C. 202.719.7335 KNahra@wileyrein.com @kirkjnahrawork 2 February 20, 2018 2018 HITRUST Alliance
More informationUnified SaaS Solution for Cybersecurity and Risk. Curran Data Technologies
Unified SaaS Solution for Cybersecurity and Risk Curran Data Technologies 317-974-1009 www.currandata.com Solution Discover the effective simplicity of a unified RSC solution Discover Solution Diagnose
More informationAetna Medicare Compliance Page 1
First Tier provided COC and/or Compliance Policies to employees annually and when updates are made. ( 50.1.3) annual distribution of COC/ Compliance Policies prior to an audit performed by their up-line
More informationHIPAA Summit VII. Preconference III. Advanced Strategies to Achieve ROI in Implementing HIPAA
HIPAA Summit VII Preconference III Advanced Strategies to Achieve ROI in Implementing HIPAA Case Study Report: The Health Reinsurance Association (HRA) and Pool Administrators Inc. (PAI) By Karl Ideman,
More informationGeneral Data Protection Regulation
General Data Protection Regulation Caroline Budde Vice President, Compliance, Global Privacy Officer Walgreens Boots Alliance Agenda Overview of global data protection The General Data Protection Regulation
More informationa. When access is requested for non-clinical staff, the appropriate supervisory staff will be the staff s direct supervisor.
IV. Definitions A. Appropriate Access: Access to read, write, modify, or communicate EPHI via FOCUS, in the amount minimally necessary in light of an individual s role within the organization, and consistent
More informationDenials Intelligence. Charge Accuracy
Denials Intelligence Charge Accuracy Charge Review Pricing Analytics Gain confidence in your hospital revenue cycle. Denials Intelligence Hospitals struggle to maximize revenue cycle performance and minimize
More informationMaximizing Your Return on Investment with HIPAA Compliance:
Maximizing Your Return on Investment with HIPAA Compliance: Using HIPAA to Drive Process Improvement March 27, 2003 Keith Olenik, MA, RHIA, CHP Chief Privacy Officer Saint Luke s Health System Objectives
More informationPrivacy and Information Security Sanction Policy
Effective Date: November 2018 Policy Statement Privacy and Information Security Sanction Policy All workforce members, including faculty, staff, and students, are expected to comply with the organization
More informationRick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services OBJECTIVES
Rick Ensenbach, CISSP-ISSMP, CISA, CISM, CCSFP Senior Manager, Wipfli Risk Advisory Services 1 OBJECTIVES What should be done before you sign a contract with a vendor Your responsibilities throughout the
More informationA PRACTICAL GUIDE TO GDPR BREACH NOTIFICATION AND SECURITY REQUIREMENTS
SESSION ID: SEM-MO1 A PRACTICAL GUIDE TO GDPR BREACH NOTIFICATION AND SECURITY REQUIREMENTS Mahmood Sher-Jan CEO and President RADAR, Inc. @msherjan Julia Jacobson Partner K&L Gates, LLP Overview Key definitions
More informationCompliance Program Requirements for Medicare Advantage First Tier, Downstream or Related Entities (FDRs), Annual Attestation and Disclosure Statement
Compliance Program Requirements for Medicare Advantage First Tier, Downstream or Related Entities (FDRs), Annual Attestation and Disclosure Statement May 1, 2018 Dear: First Tier Delegated Entity Your
More informationOIG Compliance Requirements for Physicians
OIG Compliance Requirements for Physicians INTRODUCTION... 2 BENEFITS OF A GOOD COMPLIANCE PROGRAM... 3 CORE COMPLIANCE PROGRAM ELEMENTS... 3 1. IMPLEMENTING WRITTEN POLICIES, PROCEDURES AND STANDARDS
More informationMeaningful Use Audit
Preparing For (and Surviving) a Meaningful Use Audit A Complimentary Webinar From healthsystemcio.com Sponsored by Redspin Your Line Will Be Silent Until Our Event Begins Thank You! Housekeeping Moderator
More information4/21/2017. Compliance Simplified: A True Story. Dixon Davis, MBA,MHSA,CMPE Laurie K. Brown, MBA, COMT, COE Senior Consultants with BSM Consulting
Compliance Simplified: Learn to Manage the Pains and Complexities of Compliance with an Effective Compliance Plan for Your Practice Dixon Davis, MBA,MHSA,CMPE Laurie K. Brown, MBA, COMT, COE Senior Consultants
More informationAccelerate GDPR compliance with the Microsoft Cloud Henrik Mønsted
Accelerate GDPR compliance with the Microsoft Cloud Henrik Mønsted Cloud Solutions Architect Microsoft Denmark This presentation is intended to provide an overview of GDPR and is not a definitive statement
More informationSTEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS. April 25, 2018 In-House Counsel Conference
STEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS April 25, 2018 In-House Counsel Conference Presenters: Daniela Ivancikova, Assistant General Counsel, University of Delaware Evan
More informationClickStaff Orientation Training. Presented to: Contingent Workers Presented by: <Supplier ABC> Version Effective Date: June 20, 2012 Version: 8FINAL
ClickStaff Orientation Training Presented to: Contingent Workers g Presented by: Version Effective Date: June 20, 2012 Version: 8FINAL Housekeeping reminders Session will take about 15-20
More informationNavigating the New Health Economy
Navigating the New Health Economy How non-traditional healthcare players are using the HITRUST CSF to drive their security programs forward Speakers Dennis Quandt Risk Assurance Director, PwC Boston, MA
More informationLIBERTY Dental Plan General Compliance Training
LIBERTY Dental Plan General Compliance Training 1 IMPORTANT NOTICE IMPORTANT NOTICE This training module will assist Medicare Parts C and D plan Sponsors in satisfying the Compliance training requirements
More informationMeaningful Use Audit Process: Focus on Outcomes and Security
Meaningful Use Audit Process: Focus on Outcomes and Security Phyllis A. Patrick, MBA, FACHE, CHC The 22nd National HIPAA Summit February 6, 2014 Phyllis A. Patrick & Associates LLC Topics Meaningful Use
More informationVerifying Compliance Program Effectiveness in Managed Care
1 Verifying Compliance Program Effectiveness in Managed Care Cornelia M. Dorfschmid, Executive Vice President Rita Isnar, Senior Vice President F E B R U A R Y 8, 2 0 1 1 COPYRIGHT 2011. SERVICES, LLC.
More informationAgreements Create Concern Guard against liability when someone else mishandles your practice s patient records.
Auditing/Compliance By Cheryl Toth, MBA photo by istockphoto LifeJourneys Redefined Business Associate Agreements Create Concern Guard against liability when someone else mishandles your practice s patient
More informationData Breach Policy and Procedure
Data Breach Policy and Procedure Every care is taken by the college to protect personal data from situations where a data protection breach could compromise security. This policy and procedure applies
More informationHow to Secure Your Healthcare Communications in a World of Security and Compliance Threats
How to Secure Your Healthcare Communications in a World of Security and Compliance Threats Time to Secure Your Communications At present, most healthcare organizations allocate only three percent of their
More informationClearwater and Encompass Case Study Creating an OCR-Quality Risk Management Plan
Clearwater and Encompass Case Study Creating an OCR-Quality Risk Management Plan Shane Eaker Director, Information Security Encompass Health Rich Curtiss Managing Consultant Clearwater June 12, 2018 About
More informationPrivacy Incident Response & Reporting: Pre and Post HITECH
Privacy Incident Response & Reporting: Pre and Post HITECH Erika Riethmiller-Bol, Director, Corporate Privacy-Incident Program, Anthem, Inc. HCCA Managed Care Compliance Conference February 16, 2015 Objectives
More informationSarbanes-Oxley Compliance Kit
Kit February 2018 This product is NOT FOR RESALE or REDISTRIBUTION in any physical or electronic format. The purchaser of this template has acquired the rights to use it for a SINGLE Disaster Recovery
More informationThe following topics will be covered in this course: 1) Don t let pressure influence ethics and reasoning 2) Be careful about rationalizations 3)
The following topics will be covered in this course: 1) Don t let pressure influence ethics and reasoning 2) Be careful about rationalizations 3) Enforcement matters 4) Create a flatter organization and
More informationTop 5 Ways to Improve Your Billing & Collec=ons
Top 5 Ways to Improve Your Billing & Collec=ons Presenters: Jillian Longpre Vice President Franco Rizzolo, DC CEO Brought to you by: Industry leading Educa1on Cer1fied Partner Program Please ask ques1ons
More informationHUMAN RESOURCE CORE STANDARDS and CHECKLIST
HUMAN RESOURCE CORE STANDARDS and CHECKLIST 1 ND Human Resource System for Local Government Review Process, Standards and Checklist Introduction This checklist is intended to assist local governments in
More informationOn the Alert: Incident Response Plan for Healthcare 111/13/2017
On the Alert: Incident Response Plan for Healthcare 111/13/2017 Presenter Introductions Nadia Fahim-Koster Managing Director, IT Risk Management Meditology Services Kevin Henry Senior Associate, IT Risk
More informationTHE FIVE ELEMENTS OF AN EFFECTIVE HIPAA AUDIT PREPARATION PROGRAM
WHITEPAPER THE FIVE ELEMENTS OF AN EFFECTIVE HIPAA AUDIT PREPARATION PROGRAM ANDREW HICKS MBA, CISA, CCM, CRISC, HCISSP, HITRUST CSF PRACTITIONER PRINCIPAL, HEALTHCARE AND LIFE SCIENCES TABLE OF CONTENTS
More informationBlockbuster Compliance Trainings: Reaching Your Audience Without Knocking Them Out Cold
www. TheNationalCouncil. org Blockbuster Compliance Trainings: Reaching Your Audience Without Knocking Them Out Cold Adam J. Falcone, Esq. Feldesman Tucker Leifer Fidell LLP November 6, 2013 Quick Reminders
More informationThe Eight Elements of a Compliance Plan and What Has Changed
The Eight Elements of a Compliance Plan and What Has Changed Lori Laubach, CHC Principal Thursday, June 9 8:30AM 10AM 1 The material appearing in this presentation is for informational purposes only and
More informationJohn D. Halamka, MD, MS
John D. Halamka, MD, MS The Lost Laptop The Compromised Radiology Workstation The Anonymous Attack The Phishing Experience The Boston Marathon Issues Office of Civil Rights Audits A recent visit from the
More informationCompliance Plans. Kelly S. McIntosh July 20, 2017
Compliance Plans Kelly S. McIntosh July 20, 2017 Roadmap The importance of compliance and compliance programs Common compliance issues know your risk areas! Guidance for drafting or updating your compliance
More informationCapability Statement
Simple. Automated. Affordable. Capability Statement 14 February 2013 Contact: Steven Marco 801-770-1199 Office smarco@hipaaone.com Contents COMPANY BACKGROUND... 3 HEALTHCARE COMPLIANCE CAPABILITIES...
More informationMODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING
MODULE I: MEDICARE & MEDICAID GENERAL COMPLIANCE TRAINING 2 0 1 4 A Message From Our CEO and Compliance Officer At PacificSource, we pride ourselves on maintaining a culture of compliance and high ethical
More informationRole Based Access Governance and HIPAA Compliance: A Pragmatic Approach
WHITE PAPER Role Based Access Governance and HIPAA Compliance: A Pragmatic Approach JULY 2009 Executive Summary The joiner/mover/leaver framework provides a useful mechanism for entitles to use as a basis
More informationNorth Shore LIJ Health System, Inc.
North Shore LIJ Health System, Inc. POLICY TITLE: Information System Review and Audit Controls Policy POLICY #: 900.27 System Approval Date: 1/15/2015 ADMINISTRATIVE POLICY AND PROCEDURE MANUAL CATEGORY:
More informationACA COMPLIANCE PROVIDER REQUEST FOR PROPOSAL (RFP)
ACA COMPLIANCE PROVIDER REQUEST FOR PROPOSAL (RFP) SEPTEMBER 2016 The purpose of this RFP is to identify and engage an outsourcing solution partner to provide ACA Compliance services to CLIENT with efficiency,
More informationANSI What providers need to know. ANSI 5010 What providers need to know
ANSI 5010 What providers need to know. 1 What does ANSI 5010 mean to your practice or facility? The new transaction set means there will be less ambiguity in the implementation guides. You will have one
More informationCORPORATE COMPLIANCE PROGRAM CHARTER
CORPORATE COMPLIANCE PROGRAM CHARTER PURPOSE Eagle Pharmaceuticals, Inc. ( Eagle ) has established a Corporate Compliance Program ( Compliance Program ) designed to identify, prevent and mitigate compliance
More informationAWS Life Sciences Competency Consulting Partner Validation Checklist
AWS Life Sciences Competency February 2018 Version 2.2 Table of Contents Introduction... 3 Competency Application and Audit Process... 3 Program Policies... 3 AWS Life Sciences Competency Program Prerequisites...
More informationSAMPLE COMPLIANCE PLAN. Last revised. Sample only for educational purposes/does not constitute legal advice
SAMPLE COMPLIANCE PLAN Last revised COMPLIANCE PLAN TABLE OF CONTENTS 1. INTRODUCTION... 1 1.1 COMPANYNAME S COMMITMENT TO COMPLIANCE... 1 1.2 BENEFITS OF THE COMPLIANCE PLAN... 1 2. COMPLIANCE WITH LAWS,
More informationTHE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS :
THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve
More informationTHERE S AN APP FOR THAT
PRIVACY + SECURITY FORUM DIGITAL HEALTH PRIVACY: THERE S AN APP FOR THAT October 6, 2017 2017 Morgan, Lewis & Bockius LLP A Note on Format The content of these slides was developed solely by Morgan Lewis,
More informationBRAND COMPLIANCE AUDIT GUIDE. Brand Compliance Audit Guide YMCA OF THE USA
Brand Compliance Audit Guide YMCA OF THE USA Updated 9/5/2017 1 WHY? Our brand is our most valuable asset. It represents our name, our reputation, and is the essence of who we are. It is the personal and
More informationWelcome to Northside Hospital s Annual / New Hire Compliance Training. 1 of 35
2015-2016 Corporate Compliance Training Welcome to Northside Hospital s Annual / New Hire Compliance Training 1 of 35 Goals of Session 1. Review Northside s Compliance Program and Code of Conduct 2. Emphasize
More informationTo recognize the importance of due diligence in initial vendor selection. To understand what should be included in a robust vendor oversight program
Jaima Binzer, CHC, Manager of External Audit & Delegated Oversight, DST Health Solutions Mary Menard, CHC, CHPC, Compliance Solutions Executive, DST Health Solutions To recognize the importance of due
More informationPhysician Group Case Study: An Effective Approach to Creating a Comprehensive Compliance Program
Case Study Physician Group Case Study: An Effective Approach to Creating a Comprehensive Compliance Program This presentation is intended to provide a brief overview of compliance and should not to be
More informationIn-service Education Packet Corporate Compliance
In-service Education Packet Corporate Compliance What is a Corporate Compliance program? A Corporate Compliance program is a system which is designed to detect and prevent violations of law by the agents,
More informationStandard Statement and Purpose
Personnel Security Standard Responsible Office: Technology Services Initial Standard Approved: 10/23/2017 Current Revision Approved: 10/23/2017 Standard Statement and Purpose Security of information relies
More informationLiving Our Purpose and Core Values CODE. Code of Business Ethics and Conduct for Vendors
Living Our Purpose and Core Values CODE Code of Business Ethics and Conduct for Vendors December 2016 HCSC Vendor Code of Business Ethics and Conduct Since 1936, Health Care Service Corporation, a Mutual
More informationEnterprise Research Risk
Enterprise Research Risk Managing All the Moving Parts Erika Stevens, MA, Senior Manager Healthcare Advisory Tina Noonan, MBA,CHRC,CIP Director, Research and Regulatory Affairs Learning objectives Describe
More informationELECTRONIC DISTRIBUTION RULES
Volume Twenty, Issue Three April 2017 ELECTRONIC DISTRIBUTION RULES Human Resource departments are well aware of the many employee notices required for various benefit plans. The number has increased dramatically
More informationCompliance Program Effectiveness
Compliance Program Effectiveness Presented by F. Lisa Murtha, Managing Director, Huron Consulting Group and Huron Consulting Services LLC. All rights reserved. The Presentation: Order of Topics Seven Core
More informationEffective Compliance Programs How Does Your Program Measure Up?
Effective Compliance Programs How Does Your Program Measure Up? Maryland Leading Age 2016 Karla Dreisbach, CHC, CHPC Vice President of Compliance, Peace Church Compliance Program What is the compliance
More informationStructuring Compliance: The Duke Model
Structuring Compliance: The Duke Model June 2, 2014 Michael L. Somich, Executive Director, Office of Internal Audits Tina R. Tyson, JD, Chief Ethics and Compliance Officer What is a Compliance Program?
More informationThe review demonstrated that the Trust has taken appropriate steps and put plans in place to address the requirements of the Undertaking.
Data Protection Act 1998 Undertaking follow-up Pennine Care NHS Foundation Trust ICO Reference: COM0579293 & COM0641364 In the week beginning 15 January 2018 the Information Commissioner s Office (ICO)
More informationStructuring Compliance: The Duke Model
Structuring Compliance: The Duke Model June 2, 2014 Michael L. Somich, Executive Director, Office of Internal Audits Tina R. Tyson, JD, Chief Ethics and Compliance Officer What is a Compliance Program?
More informationPresentation Overview
How to Reasonably & Effectively Implement Compliance Programs for Small Group Physician Practices Andrea Merritt, Director of Compliance & Audit Services Ashlie Heald, Compliance Specialist Nova Compliance
More informationPRESENTERS OVERVIEW. Richard Kusserow, SMS CEO/Former HHS IG Jillian Bower, MPA, CRC Vice President
Richard Kusserow, SMS CEO/Former HHS IG Jillian Bower, MPA, CRC Vice President PRESENTERS Richard Kusserow Former HHS Inspector General CEO of Strategic Management Jillian Bower, MPA Vice President of
More informationTable of Contents I. Introduction... 3 II. URAC Values and Business Ethics... 3 Values... 3 Business Ethics... 3 III. Compliance with Laws and
URAC Code of Conduct December 10, 2015 Table of Contents I. Introduction... 3 II. URAC Values and Business Ethics... 3 Values... 3 Business Ethics... 3 III. Compliance with Laws and Regulations... 4 IV.
More informationThe Seven Keys to Compliance
The Seven Keys to Compliance CJ Wolf MD, CHC, CPC, CCEP, CIA The Seven Keys to Compliance Summary An effective compliance program is essential for every healthcare organiza tion. Compliance programs not
More informationJob Title: Head of Retail Department: Income Generation
Job Title: Head of Retail Department: Income Generation Reports to: Director of Income Generation Salary: Compton Band 8A 37,020 to 49,055 per annum according to skills and experience Accountable to: Director
More informationResearch and the EHR: Process Improvement Through Integration
Research and the EHR: Process Improvement Through Integration Session 160, March 8, 2018 Arash Naeim, MD PhD, Chief Medical Research Officer, UCLA Health System Marti Arvin, VP of Audit Strategy, CynergisTek
More informationQuality Insights Quality Innovation Network Security Risk Assessments: Meaningful Use and HIPAA Perspectives Webinar August 26, 2015
Quality Insights Quality Innovation Network Security Risk Assessments: Meaningful Use and HIPAA Perspectives Webinar August 26, 2015 On behalf of the Quality Insights Innovation Team, I welcome you to
More information