Are You HIPAA Compliance Audit Ready? Strategies to Avoid Civil and Criminal Penalties

Duration: 90 Minutes
Instructor: Richard D. Dvorak
Webinar Id: 800178


One Attendee


Did you know that failure to comply with HIPAA, the DHHS Privacy and Security regulations, and the HITECH Act can result in hefty fines and even imprisonment? DHHS has said that it will also focus on board members, CEOs, and management, not just "worker bees." You are responsible for compliance. How can you ensure that you are meeting federal and state statutes and regulations to protect patients' privacy of health information?

This Webinar is designed to educate covered entities and business associates what you need to know to become HIPAA Compliance Audit Ready, and how to avoid civil and criminal convictions. HIPAA violation settlements and civil money penalties range from $100,000 to $4.3 million and have involved small physician practices and a hospice, as well as major health systems and health plans. The DHHS findings almost always cite one or more of the following areas as being non-compliant:

  • Failure to perform a risk analysis.
  • Failure to update a risk analysis.
  • Failure to implement reasonable and appropriate security measures, including adopting policies and procedures.
  • Failure to train the workforce
  • Workstation security including encryption

Many Covered Entities and Business Associates do not have their HIPAA compliance program in place. Richard will share insights on how to adopt and implement HIPAA policies and procedures. He will explain the importance of educating your workforce on the privacy, security and breach notification requires. His seminar details the new Omnibus (Mega) rule changes. Learn which policies should be reviewed and updated to conform to current requirements.

Why should you attend: With the recent changes in the even stricter HIPAA regulations, are you prepared for a HIPAA Compliance Audit with DHHS, OIG, OCR or CMS? What would you do if the FTC accused you of a deceptive trade practice because you did not protect PHI correctly? Failure to handle a breach properly can have many bad effects.

And not all of them result from an enforcement action by DHHS. Losing a laptop containing Protected Health Information ("PHI") can result in DHHS imposing a civil money penalty but also can result in bad publicity; loss of patients; inability to receive reimbursement because you don't have a record of the transaction; the cost of mailing notifications to the victims of the breach; other mitigation costs, such as purchasing identity theft insurance for the victims if identity theft is a big risk. Learn what is and is not a reportable breach. Learn how to mitigate the effects of a breach by learning how to develop an unavoidable employee misconduct defense.

Areas Covered in the Session:
  • Overview of the HIPAA privacy and security rules
  • Discussion regarding the stepped-up civil and criminal penalties
  • How to determine your HIPAA Compliance "Gaps"
  • What are "reasonable and appropriate" security measures
  • Understand the critical requirements for security
  • Determine if organizations training is efficient

Who Will Benefit:
  • HIPAA compliance and Security Officers
  • HIPAA Privacy Officers
  • Human Resources Directors
  • Medical Records Personnel
  • Health Information Management Professionals
  • Attorneys
  • Patient Accounts Managers
  • Billing Services
  • Pharmacists
  • Mental and Behavioral Health Professionals

Educational Objectives(S)
Upon completion of this activity, participants will be able to:
  • Educate entities and business associates on how to become HIPAA Compliance Audit Ready and how to avoid civil and criminal convictions.

CME Credit Statement
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of CFMC and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.

CFMC designates this educational activity for a maximum of 1.5 AMA PRA Category 1 Credits™. Physicians should only claim credit commensurate with the extent of their participation in the activity.

Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 1.5 hours.

Disclosure Statement
It is the policy of Colorado Foundation for Medical Care (CFMC) and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity. All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations.

Obtaining Certificate of Credit

Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.

Speaker Profile
Richard D. Dvorak J.D., is a health care attorney and partner in the law firm of TOMES & DVORAK, CHARTERED, a Kansas City area law firm. The firm has Martindale-Hubbell’s highest rating, AV (“A” is for preeminent in the field of practice and “V” is for highest ethics). After serving eight years in the United States Marine Corps, Richard obtained his law degree from Chicago-Kent College of Law in 1992. He is licensed to practice law in Illinois, Missouri, and Kansas, including various U.S. federal courts. Mr. Dvorak’s extensive litigation experience includes medical malpractice, physician licensure, mental health disability cases, military cases, and criminal cases, among others.

Mr. Dvorak is Vice President of EMR Legal, Inc., a national HIPAA consulting firm, which provides consulting services for clients ranging from a large county government, with eight different health entities that need HIPAA compliance help, to a small transcription service. His specialty is helping covered entities and business associates comply with HIPAA in a cost-effective manner using his extensive technical computer knowledge and business acumen. He and his team have consulted over 1,000 clients in health care regulations since 1998. Mr. Dvorak is also the Vice President of Veterans Press, Inc.—a national publishing company that sells and distributes The Compliance Guide to HIPAA and the DHHS Regulations, soon to be in the 6th edition, an integral part of the HIPAA Compliance Library.

Richard’s HIPAA speaking engagements include Cross Country Education, MEDS-PDN, PESI, CMI and Lorman Business Center, and The National Home Infusion Association (NHIA) 2013 convention. He also has taught business law for Park College in Missouri. As a small businessman, Richard understands the need to help others learn how to comply with government health regulations in a reasonable, cost-effective manner.

You Recently Viewed