Upload
lee-morton
View
224
Download
0
Embed Size (px)
Citation preview
What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in
2015 and Beyond
2014 Data breaches
Settlements & Resolution Agreements Approximately $5.5 million collected
Greatest number of HIPAA settlements
HIPAA Audits
Leadership changes
Complaints, compliance reviews & investigations
“OCR’s strong enforcement of the HIPAA privacy, security, and breach
notification rules, remains very much on track.”
2015
HIPAA Audits
Enforcement
Complaints, compliance reviews & investigations
HIPAA Audits
Policies & procedures – daily activities
Staff knowledge & training
Cybersecurity – Risk assessments, breach notification & access controls
Privacy notice practices
Audit protocol
http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/protocol.html
Enforcement
6,000+ open investigations
Increased focus on negotiating settlements
Various methods for enforcement
Complaints & Investigations
Complaints volume increases each year
Record number expected for 2015
Inconsistency between regional offices
Request policies & procedures (mini audits)
Culture of compliance
How to Prepare
1. Cybersecurity
2. Business Associate Agreements
Cybersecurity Gap analysis
Staff training
Inventory of systems & devices
Regular review of policies & procedures
Business Associate Agreements HITECH Act
Increased negotiation surrounding BAAs Indemnity
Which entity is responsible for breach notification & responding to patient requests
Subcontractor BAAs
Termination rights for material breach
Takeaways Audit first
Review and negotiate BAAs
Dust off Policies & Procedures Addressable Elements
Compliance Culture
Questions
?
Carrie S. GilbertDressman Benzinger LaVelle psc