Tips To Prep For HIPAA Enforcement

Free Podcast With David Holtzman | HealthcareInfoSecurity.com

CynergisTek’s David Holtzman, VP of Privacy & Security Services, recently recorded a podcast for HealthcareInfoSecurity.com that focused on tips for preparing for HIPAA enforcement. As we all know, the Omnibus Rule gave OCR greater authority in enforcing the HIPAA rules on covered entities and business associates that are found to be out of compliance while sharply increasing penalties for non-compliance. Given this increasingly complex regulatory environment, providers and vendors are scrambling to improve their compliance and Holtzman provides some insight for the industry.

Tips on Policies and Procedures

Holtzman told HealthInfoSecurity.com, “It’s really important that organizations have policies and procedures in place to assure that they are following the requirements of the HIPAA Privacy Rule.”
Training & Communication: it is very important that the workforce understands the details of HIPAA compliance. Organizations need to be sure it is communicated.
Compliance is an investment rather than an expense. Especially since OCR can penalize up to $1.5 million for non-compliance.

Tips on Other Enforcement Issues

Providers that receive Meaningful Use payments are going to see more enforcement.
Holtzman speculates that Inspector General’s Office and HHS are going to be more proactive in verifying the accuracy of providers that attest. He adds that they are going to want to see that the appropriate security protections are utilized, that they have a security risk assessment as required by HIPAA Security Rule and Meaningful Use measures.
OCR is developing their permanent HIPAA compliance audit program based of the pilot program in 2012. The new audit program will start in 2014 and OCR will randomly audit covered entities and business associates.

Other Discussion Points

Holtzman reflects on his experience at OCR and says that he was surprised at how many organizations did not respond appropriately. He providers guidance on how you should respond if you receive an inquiry from OCR.
A look at why 2014 will have an even great focus on cybersecurity.
Industry concerns on data exchanges and the interoperability of sensitive health information.

Listen to the entire podcast to learn more about compliance and enforcement trends, and hear expert advise from a former OCR official. Click here to visit HealthInfoSecurity.com’s podcast with David Holtzman.