Surviving a Security Audit: Utilizing the OCR Protocols to Conduct a Mock Survey

Duration: 60 Minutes
Instructor: William Miaoulis
Webinar Id: 800289


One Attendee


The OCR HIPAA Audit program analyzes processes, controls, and policies of selected covered entities pursuant to the HITECH Act audit mandate. OCR established a comprehensive audit protocol that contains the requirements to be assessed through these performance audits. The entire audit protocol is organized around modules, representing separate elements of privacy, security, and breach notification. The combination of these multiple requirements may vary based on the type of covered entity selected for review.

  • The protocol covers Security Rule requirements for administrative, physical, and technical safeguards

In this presentation we will discuss the objectives of the HIPAA/HITECH Security Audit, How to accomplish this Audit, How to report within the organization, the fines and penalties that could occur, what steps you can take to document your compliance and the roles and responsibilities within your organization.

Why should you attend: Organizations must be prepared to meet the HIPAA Requirements. Many organizations have built their HIPAA Security and Privacy Program and believe they are compliant; however they do not do well in an audit. Fortunately, OCR has provided the actual protocol they have used in the past to conduct an Audit of Healthcare facilities. Organizations can use the protocol to self-audit themselves and be better prepared to respond to an audit and prove they are HIPAA compliant potentially saving themselves from OCR issued fines, and the need to create OCR monitored comprehensive corrective action plan to correct deficiencies discovered through an audit process. Fines have been in the millions of dollars but just as important organizations have faced damage to their reputations.

This Webinar will show you where to find the protocol and more importantly how to use this protocol to assess your own organization for HIPAA compliance. This presentation will discuss documentation methods, solutions to some of the more difficult standards and provide insight into how other organizations have addressed the HIPAA needs.

By identifying your Gaps, an organization can create to minimize the impact of an Audit. Prepare today as if you are going to be audited tomorrow. Remember the three words of HIPAA Compliance, Document, Document, and Document.

Areas Covered in the Session:
  • Objectives of the HIPAA Audit
  • Steps to Compliance
  • Administrative, Technical and Physical Safeguards overview
  • HIPAA Evaluation
  • Compliance Monitoring (Not a onetime event)
  • What to learn from previous Reviews
  • What documents you may need to produce
  • The fines and Penalties that have been assessed to other organizations
  • A review of a sample corrective action plan
  • Roles and responsibilities within your organization

Who Will Benefit:
  • Information Security Officers
  • Compliance Officers
  • Chief Information Officers

Speaker Profile
William Miaoulis CISA, CISM, is a senior healthcare information system (IS) professional with more than 20 years of healthcare Information Security experience. Bill is the founder and primary consultant for HSP Associates. Prior to starting HSP Associates in January of 2013, Bill was the Chief Information Security Officer (CISO) and led the HIPAA security and privacy consulting efforts for Phoenix Health Systems for over 11 years and also was the HIPAA Consulting Manager for SAIC for 18 months. For seven years, Miaoulis was the University of Alabama Birmingham (UAB) Medical Center’s Information Security Officer, where he instituted the first security and privacy programs at UAB starting in October 1992.

Miaoulis contributes to the industry by frequently speaking at conferences on security matters, including recent sessions on Risk Analysis/Risk Management, Creating and Implementing Effective Security Policies, Understanding the HIPAA Security Rule, and Creating Effective Security Incident Response Procedures. Miaoulis has been interviewed and quoted by numerous publications including: SC Magazine, Health Data Management, Briefings on Healthcare Security, Computerworld; and Health Information Compliance Insider. Miaoulis has worked with AHIMA to produce the book “Preparing for a HIPAA Security Compliance Assessment” and also has worked on updating the AHIMA Security Practice Briefs.

You Recently Viewed