SlideShare ist ein Scribd-Unternehmen logo

Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the IRS

LTC Expert Publications
LTC Expert Publications

http://www.healthcareprivacyandsecurity.com , Phone: 502-517-6943 , Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the IRS!

Gesundheit & Medizin
1 von 33
❧ Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than by the IRS The Security Risk Analysis Bryan Brothers – CHPS, CAHIMS Copyright 2015 Brothers and Associates LLC
❧“Consider what it will cost you if Office of Civil Rights (OCR) visits, even if you get through the ordeal without a fine, or even an accusation. “ ❧ Learn what they will ask before they make a determination. ❧ Learn what a Meaningful Use Objective is/means to you. ❧ Why Conduct a Security Risk Analysis? ❧ How Often Does a Breach Occur in Home Health Care? ❧ What Are the Fines, and Can You Afford It? ❧ Examples of Home Health Care Breaches Across the U.S. ❧ Myths and Misconceptions about Safety. ❧ Mistakes to Avoid ❧ Where Can You Turn for Help? ❧ QA Agenda and Introductions
❧ “This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.” Current Director Jocelyn Samuels continues to support this philosophy. HHS Office for Civil Rights Former Director, Leon Rodriguez
❧ Prior to HIPAA, there was no universally recognized security standard for protected health information (PHI). Brief History HITECH, as part of American Recovery and Reinvestment Act of 2009, contains specific incentives designed to accelerate adoption of electronic health records among providers. It broadens the scope of privacy and security protections listed under HIPAA and also increases the repercussions and enforcement potential for non-compliance.
❧Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308 (a) (1), including addressing the encryption/security of data at rest and implement security updates as necessary and correct identified security deficiencies as part of the risk management process. Meaningful Use Objective
❧ Why Conduct a Risk Analysis? ❧ The process of a Risk Analysis is an ongoing and interactive part of your organizations security plan. ❧ The Purpose is to identify potential threats and vulnerabilities to PHI, implement needed changes to make PHI more secure, and monitor the results of mitigation. ❧ Understanding the risk to Confidentiality, Integrity, and Availability of ePHI is the key to your security!
• Identify Non-Compliance of HIPAA and other rules and regulations • Identify Threats and Vulnerabilities • Identify Weaknesses that could result in unauthorized disclosures or breaches • Improve processes when handling PHI • Demonstration of good faith effort to insure compliance with required component of Meaningful Use and HIPAA law. What Information will a Risk Analysis provide?
Procedure for Risk Analysis The Risk Analysis is a Nine Step Process! To correctly perform an analysis the guidelines set forth by National Institute for Standards and Technology must be used.
Procedure for Risk Analysis Step 1: ● Scope the Assessment ● Identify where ePHI is created, received, maintained, processed, or transmitted ● Take into account the remote work force and telecommuters, and removable media and portable computing devices
Procedure for Risk Analysis Step 2: ● Gather Information ● Identify the conditions under which EPHI is created, received maintained, processed, or transmitted by the covered entity ● Identify the security controls currently being used to protect the EPHI
Procedure for Risk Analysis Step 3: Identify Realistic Threats ● Identify and compile a list of potential threat sources applicable to the organization ● Include realistic, probable human, and natural incidents that can have a negative impact on an organizations ability to protect EPHI
Step 4: Identify Potential Liabilities ● Develop a list of vulnerabilities ● Focus on areas where EPHI can be disclosed without proper authorization, improperly modified, or made unavailable when needed. Procedure for Risk Analysis
Step 5: Assess Current Security Controls ● Determine if the implemented or planned security controls will minimize or eliminate risks to EPHI Procedure for Risk Analysis
Step 6: Determine Likelihood and Impact of Threat ● Likelihood: probability of a threat occurring that can cause or trigger an adverse event ● Impact: effect that an adverse event would have on an organization if a vulnerability was exploited Procedure for Risk Analysis
Step 7: Determine Level of Risk ● Assess level of risk to the organization ● Risk is based off of values assigned to the likelihood and impact of a threat occurrence Procedure for Risk Analysis
Step 8: Recommend Security Controls ● Security controls that could mitigate the identified risks ● Reduce the level of risk to the IT system and its data to an acceptable level Step 9: Document the Risk Results Pause for excited audience to calm down!!! Procedure for Risk Analysis
Step 1: scope the assessment Step 2: gather information Step 3: identify realistic threats Step 4: identify potential vulnerabilities Step 5: assess current security controls Step 6: determine likelihood and impact of threat Step 7: determine level of risk Step 8: recommend security controls Step 9: document risk results ANOTHER LOOK AT THE PROCESS
❧ THREE TIER APPROACH ❧ Audits, Audits and More Audits… ❧ Three separate entities are now performing audits of medical facilities: Figliozzi &Company, a private contractor, perform audits on behalf CMS and the ONC for the Meaningful Use Program. The Office of Civil Rights performs audits on behalf of the Department of Health and Human Services. Lastly, the Office of Attorney General performs audits for the State.
❧ ❧ While audits are in progress, they may or may not effect you. Many audits are a result of Breach situations. How often does a Breach occur in Home Health Care? ❧ A: Never, these rules do not apply to me! ❧ B: They happen, but no harm occurs… ❧ C: A Breach every 3.5 hours. Overstated?
❧ ❧ Three Major Breaches in Florida in the last 24 months from Home Health Care Agencies. ❧ Over 14,000 records involved. ❧ Settlements still pending in some cases. ❧ PAPER RECORDS INVOLVED Surprising Information
❧ ❧ Missouri – Home Care of Mid-Missouri – 4027 records ❧ Texas – Hope Hospice – 818 records ❧ Kansas – Complete Medical Homecare – 1700 records ❧ Kentucky – ReachOut Homecare – 4500 records ❧ New Jersey – Jersey City Medical Center – 36400 records ❧ Minnesota – In APRIL OF 2015 –Allina Health – 838 records ❧ Largest Breach last year – 179000 records from one California based provider. Across the Country
❧ ❧ Each audit program has a different penalty structure, however they are similar in the penalty phases : ❧ For the EMR Program Audit: Notice of a failed audit will result in a tentative notice of overpayment, and incentive payment for audit year will be recouped. ❧ FRAUDULENT ATTESTATION PUNISHMENT MAY INVOLVE IMPRISONMENT, SIGNIFICANT FINES, LOSS OF LICENSE, AND EXCLUSION FROM PARTICIPATION IN INCENTIVE PROGRAM. Penalties Involved
OCR Audits have varied fines dependent on severity of findings. The largest fines are Civil Penalties up to $1.5 million per occurrence! Multiple violations due to willful neglect not corrected of an identical requirement or prohibition made during the same calendar year Other violations may result in lesser penalties of $10,000 per occurrence not to exceed $250,000: Violation was due to willful neglect, corrected, violation of an identical requirement or prohibition during a calendar year
Each Audit Program Can Result in Criminal Penalties! Most Breaches Require The Provision of Credit / Identity Protection Services. The Average cost of these services is $230 per individual. As an Example the Breach mentioned in Minnesota, 838 records, would then cost $192,740 to mitigate. Added cost are also incurred due to loss of patients due to “Bad Press”.
2013 saw the first fine for a Breach of Less Than 500 Records •440 records •Lost laptop Hospice of North Idaho No risk assessment therefore no appropriate measures to address the risk or to maintain the appropriate security measures. $50,000 fine, Corrective Action Plan CAP required employer to enforce policies and sanction policy violations
❧ From the Los Angeles Times ❧ UCLA pays $865,500 to settle celebrity medical record snooping case July 7, 2011 “Settlement with U.S. regulators also call for UCLA to retrain staff and take steps to prevent future breaches. Some staff have already been fired for viewing the records of Farrah Fawcett, Michael Jackson and others.” ❧ UCLA Health System has agreed to pay $865,500 as part of a settlement with federal regulators announced Thursday after two celebrity patients alleged that hospital employees broke the law and reviewed their medical records without authorization. ❧ Federal and hospital officials declined to identify the celebrities involved. The complaints cover 2005 to 2009, a time during which hospital employees were repeatedly caught and fired for peeping at the medical records of dozens of celebrities, including Britney Spears, Farrah Fawcett and then-California First Lady Maria Shriver. ❧ The employee was not named in the agreement, and the hospital spokeswoman declined to identify who it was. But the timing and description of the alleged violations cited in the agreement suggest that it may have been Lawanda Jackson, an administrative specialist at Ronald Reagan UCLA Medical Center who was fired in 2007 after she was caught accessing Farrah Fawcett's medical records and allegedly selling information to the National Enquirer. ❧ Jackson later pleaded guilty to a felony charge of violating federal medical privacy laws for commercial purposes but died of cancer before she could be sentenced. Fawcett died of cancer in 2009.
❧ ❧ Failure to pass an audit from any of the participating organizations can result in more than just penalties imposed: ❧ The Reputation of your organization can be effected by published results. ❧ How many of you have experienced a breach ??? More Than Money!!!
In Florida From 2012 until Now: 39 incidents Over 500 records required reporting to HHS 0ver 170,000 Patient Records Affected!
❧ Things To Consider ❧ Security Risk Analysis are sold in many forms, can be purchased as a kit, and can be done with no help at all. ❧ No analysis is perfect. ❧ There are some Myths: It doesn’t apply to me…, ❧ My EMR Vendor said I don’t need to they are certified, ❧ Our IT manager says our system is safe…
❧ Most findings in a risk analysis process relate to policy and procedure deficiencies that tend to be overlooked as a business grows. The Analysis will become the backbone of your security plan. Findings will indicate a need for new policies, Business Associate Agreements that you have not needed before this year, and updates of forms that have always been used and accepted. DO NOT PANIC! The most important part of the Risk Analysis is the provision of mediation! At conclusion you should know what you need to fix, replace, and issue to be in compliance. Make sure your analysis will provide a plan for corrective actions! Mistakes to Avoid
❧ ❧ Audits come in different strengths and sizes. Like everything else, preparation is the key. The benefit of a completed risk analysis goes beyond knowing WHAT deficiencies you can identify, it demonstrates to an auditor you have performed your due diligence and strive to be in compliance with ever changes rules and regulations. Prepare Now!
❧ The guidelines we covered today demonstrate the foundation of the Risk Analysis. The Office of National Coordinator (ONC) recognizes one certification: Certified in Healthcare Privacy & Security (CHPS) Issued by the American Health Information Management Association. Is There Help?
❧ Contact Information Bryan Brothers 502 517 6943 Bryan@HealthcarePrivacyandSecurity.com Brothers And Associates LLC WWW.HEALTHCAREPRIVACYANDSECURITY.COM

Empfohlen

PSOW 2016 - Compliance
PSOW 2016 - CompliancePSOW 2016 - Compliance
PSOW 2016 - Compliance
PSOW
 
Healthcare Compliance 2016-Demo
Healthcare Compliance 2016-DemoHealthcare Compliance 2016-Demo
Healthcare Compliance 2016-Demo
Michael Reynolds, CPC, CCP-P, CPMB, CBCS, OS
 
ACA Information Reporting on Forms 1094 and 1095 B&C: Getting Ready for 2017 ...
ACA Information Reporting on Forms 1094 and 1095 B&C: Getting Ready for 2017 ...ACA Information Reporting on Forms 1094 and 1095 B&C: Getting Ready for 2017 ...
ACA Information Reporting on Forms 1094 and 1095 B&C: Getting Ready for 2017 ...
Epstein Becker Green
 
Health Care Fraud Investigations: What to Do When the Government Knocks
Health Care Fraud Investigations: What to Do When the Government KnocksHealth Care Fraud Investigations: What to Do When the Government Knocks
Health Care Fraud Investigations: What to Do When the Government Knocks
Epstein Becker Green
 
Corporate Behavioral Health Care: “Not So Fast” – Behavioral Health Crash Cou...
Corporate Behavioral Health Care: “Not So Fast” – Behavioral Health Crash Cou...Corporate Behavioral Health Care: “Not So Fast” – Behavioral Health Crash Cou...
Corporate Behavioral Health Care: “Not So Fast” – Behavioral Health Crash Cou...
Epstein Becker Green
 
HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
Redspin, Inc.
 
HCA 530, Week 2, Hacking healthcare it in 2016 lessons the healthcare industr...
HCA 530, Week 2, Hacking healthcare it in 2016 lessons the healthcare industr...HCA 530, Week 2, Hacking healthcare it in 2016 lessons the healthcare industr...
HCA 530, Week 2, Hacking healthcare it in 2016 lessons the healthcare industr...
Matthew J McMahon
 
Fix it first why Medicaid reform is needed
Fix it first why Medicaid reform is neededFix it first why Medicaid reform is needed
Fix it first why Medicaid reform is needed
akame2015
 

Empfohlen

PSOW 2016 - Compliance
PSOW 2016 - CompliancePSOW 2016 - Compliance
PSOW 2016 - Compliance
PSOW
 
Healthcare Compliance 2016-Demo
Healthcare Compliance 2016-DemoHealthcare Compliance 2016-Demo
Healthcare Compliance 2016-Demo
Michael Reynolds, CPC, CCP-P, CPMB, CBCS, OS
 
ACA Information Reporting on Forms 1094 and 1095 B&C: Getting Ready for 2017 ...
ACA Information Reporting on Forms 1094 and 1095 B&C: Getting Ready for 2017 ...ACA Information Reporting on Forms 1094 and 1095 B&C: Getting Ready for 2017 ...
ACA Information Reporting on Forms 1094 and 1095 B&C: Getting Ready for 2017 ...
Epstein Becker Green
 
Health Care Fraud Investigations: What to Do When the Government Knocks
Health Care Fraud Investigations: What to Do When the Government KnocksHealth Care Fraud Investigations: What to Do When the Government Knocks
Health Care Fraud Investigations: What to Do When the Government Knocks
Epstein Becker Green
 
Corporate Behavioral Health Care: “Not So Fast” – Behavioral Health Crash Cou...
Corporate Behavioral Health Care: “Not So Fast” – Behavioral Health Crash Cou...Corporate Behavioral Health Care: “Not So Fast” – Behavioral Health Crash Cou...
Corporate Behavioral Health Care: “Not So Fast” – Behavioral Health Crash Cou...
Epstein Becker Green
 
HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business Associates
Redspin, Inc.
 
HCA 530, Week 2, Hacking healthcare it in 2016 lessons the healthcare industr...
HCA 530, Week 2, Hacking healthcare it in 2016 lessons the healthcare industr...HCA 530, Week 2, Hacking healthcare it in 2016 lessons the healthcare industr...
HCA 530, Week 2, Hacking healthcare it in 2016 lessons the healthcare industr...
Matthew J McMahon
 
Fix it first why Medicaid reform is needed
Fix it first why Medicaid reform is neededFix it first why Medicaid reform is needed
Fix it first why Medicaid reform is needed
akame2015
 
View from Washington Hot Topics in Health Care Regulation CMS & FDA
View from Washington Hot Topics in Health Care Regulation CMS & FDAView from Washington Hot Topics in Health Care Regulation CMS & FDA
View from Washington Hot Topics in Health Care Regulation CMS & FDA
Epstein Becker Green
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
Redspin, Inc.
 
Privacy and Wearables - Wearables Crash Course Webinar Series
Privacy and Wearables - Wearables Crash Course Webinar SeriesPrivacy and Wearables - Wearables Crash Course Webinar Series
Privacy and Wearables - Wearables Crash Course Webinar Series
Meltem Tarhan
 
Fraud and Abuse 2017
Fraud and Abuse 2017Fraud and Abuse 2017
Fraud and Abuse 2017
faemont
 
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
Epstein Becker Green
 
Fraud and abuse enforcement aug 2015
Fraud and abuse enforcement aug 2015Fraud and abuse enforcement aug 2015
Fraud and abuse enforcement aug 2015
Polsinelli PC
 
Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...
Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...
Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...
Epstein Becker Green
 
Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...
Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...
Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...
Epstein Becker Green
 
Legal & Regulatory Powerpoint
Legal & Regulatory PowerpointLegal & Regulatory Powerpoint
Legal & Regulatory Powerpoint
Kendall Brune
 
Red7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data ProtectionRed7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data Protection
Robert Grupe, CSSLP CISSP PE PMP
 
Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...
Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...
Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...
Epstein Becker Green
 
Billing compliance results management-2013
Billing compliance results management-2013Billing compliance results management-2013
Billing compliance results management-2013
nbattah
 
2hourhealthcarefraud
2hourhealthcarefraud2hourhealthcarefraud
2hourhealthcarefraud
cccpfc
 
Workplace Substance Abuse and Drug Testing by HBAA
Workplace Substance Abuse and Drug Testing by HBAAWorkplace Substance Abuse and Drug Testing by HBAA
Workplace Substance Abuse and Drug Testing by HBAA
Atlantic Training, LLC.
 
ct-2015-02-Vojnovic
ct-2015-02-Vojnovicct-2015-02-Vojnovic
ct-2015-02-Vojnovic
Zorana Vojnovic
 
Doing Business On Internet -- HIPAA Challenge
Doing Business On Internet -- HIPAA ChallengeDoing Business On Internet -- HIPAA Challenge
Doing Business On Internet -- HIPAA Challenge
Nick Krym
 
Joint Staff Report - Combatting the Opioid Epidemic
Joint Staff Report - Combatting the Opioid EpidemicJoint Staff Report - Combatting the Opioid Epidemic
Joint Staff Report - Combatting the Opioid Epidemic
Andy Polesovsky
 
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
Epstein Becker Green
 
Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...
Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...
Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...
RowdMap has joined Cotiviti
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non compliance
Aegify Inc.
 
2016-04-21 HIPAA
2016-04-21 HIPAA2016-04-21 HIPAA
2016-04-21 HIPAA
Jonathan Zuhosky
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile World
Ryan Snell
 

Weitere ähnliche Inhalte

Was ist angesagt?

Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
Redspin, Inc.
 
Privacy and Wearables - Wearables Crash Course Webinar Series
Privacy and Wearables - Wearables Crash Course Webinar SeriesPrivacy and Wearables - Wearables Crash Course Webinar Series
Privacy and Wearables - Wearables Crash Course Webinar Series
Meltem Tarhan
 
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
Epstein Becker Green
 
Fraud and abuse enforcement aug 2015
Fraud and abuse enforcement aug 2015Fraud and abuse enforcement aug 2015
Fraud and abuse enforcement aug 2015
Polsinelli PC
 
Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...
Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...
Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...
Epstein Becker Green
 
Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...
Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...
Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...
Epstein Becker Green
 
Legal & Regulatory Powerpoint
Legal & Regulatory PowerpointLegal & Regulatory Powerpoint
Legal & Regulatory Powerpoint
Kendall Brune
 
Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...
Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...
Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...
Epstein Becker Green
 
Billing compliance results management-2013
Billing compliance results management-2013Billing compliance results management-2013
Billing compliance results management-2013
nbattah
 
Joint Staff Report - Combatting the Opioid Epidemic
Joint Staff Report - Combatting the Opioid EpidemicJoint Staff Report - Combatting the Opioid Epidemic
Joint Staff Report - Combatting the Opioid Epidemic
Andy Polesovsky
 
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
Epstein Becker Green
 
Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...
Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...
Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...
RowdMap has joined Cotiviti
 

Was ist angesagt? (20)

View from Washington Hot Topics in Health Care Regulation CMS & FDA
View from Washington Hot Topics in Health Care Regulation CMS & FDAView from Washington Hot Topics in Health Care Regulation CMS & FDA
View from Washington Hot Topics in Health Care Regulation CMS & FDA
 
Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012Redspin PHI Breach Report 2012
Redspin PHI Breach Report 2012
 
Privacy and Wearables - Wearables Crash Course Webinar Series
Privacy and Wearables - Wearables Crash Course Webinar SeriesPrivacy and Wearables - Wearables Crash Course Webinar Series
Privacy and Wearables - Wearables Crash Course Webinar Series
 
Fraud and Abuse 2017
Fraud and Abuse 2017Fraud and Abuse 2017
Fraud and Abuse 2017
 
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
FDA Cybersecurity Recommendations to Comply with NIST - Wearables Crash Cours...
 
Fraud and abuse enforcement aug 2015
Fraud and abuse enforcement aug 2015Fraud and abuse enforcement aug 2015
Fraud and abuse enforcement aug 2015
 
Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...
Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...
Investments in Behavioral Health: Drivers and Outlook - Behavioral Health Cra...
 
Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...
Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...
Mental Health Parity Implementation: Are We There Yet? – Behavioral Health Cr...
 
Legal & Regulatory Powerpoint
Legal & Regulatory PowerpointLegal & Regulatory Powerpoint
Legal & Regulatory Powerpoint
 
Red7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data ProtectionRed7 Medical Identity Security and Data Protection
Red7 Medical Identity Security and Data Protection
 
Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...
Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...
Digital Health Devices and Clinical Trials – Wearables Crash Course Webinar S...
 
Billing compliance results management-2013
Billing compliance results management-2013Billing compliance results management-2013
Billing compliance results management-2013
 
2hourhealthcarefraud
2hourhealthcarefraud2hourhealthcarefraud
2hourhealthcarefraud
 
Workplace Substance Abuse and Drug Testing by HBAA
Workplace Substance Abuse and Drug Testing by HBAAWorkplace Substance Abuse and Drug Testing by HBAA
Workplace Substance Abuse and Drug Testing by HBAA
 
ct-2015-02-Vojnovic
ct-2015-02-Vojnovicct-2015-02-Vojnovic
ct-2015-02-Vojnovic
 
Doing Business On Internet -- HIPAA Challenge
Doing Business On Internet -- HIPAA ChallengeDoing Business On Internet -- HIPAA Challenge
Doing Business On Internet -- HIPAA Challenge
 
Joint Staff Report - Combatting the Opioid Epidemic
Joint Staff Report - Combatting the Opioid EpidemicJoint Staff Report - Combatting the Opioid Epidemic
Joint Staff Report - Combatting the Opioid Epidemic
 
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
What Are the Risks? Business Types Facing Increased Scrutiny: White-Collar Cr...
 
Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...
Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...
Using Newly-Released HHS Benchmark Data to Negotiate and Succeed in Value and...
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non compliance
 

Ähnlich wie Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the IRS

HIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk AssessmentHIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk Assessment
Conference Panel
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxCHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
christinemaritza
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
Deena Fetrow
 
Office of Civil Rights HIPAA Audits Preparing Your Clients and Yourself
Office of Civil Rights HIPAA Audits Preparing Your Clients and YourselfOffice of Civil Rights HIPAA Audits Preparing Your Clients and Yourself
Office of Civil Rights HIPAA Audits Preparing Your Clients and Yourself
PYA, P.C.
 
Collection, Processing and Reporting of ICSR
Collection, Processing and Reporting of ICSRCollection, Processing and Reporting of ICSR
Collection, Processing and Reporting of ICSR
ClinosolIndia
 
Perception of CBAHI accreditation among health workers case study.docx
Perception of CBAHI accreditation among health workers case study.docxPerception of CBAHI accreditation among health workers case study.docx
Perception of CBAHI accreditation among health workers case study.docx
ssuser562afc1
 
Ann Cavoukian Presentation
Ann Cavoukian PresentationAnn Cavoukian Presentation
Ann Cavoukian Presentation
CityAge
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
geeksikh
 
HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update
Resilient Systems
 

Ähnlich wie Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the IRS (20)

2016-04-21 HIPAA
2016-04-21 HIPAA2016-04-21 HIPAA
2016-04-21 HIPAA
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile World
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
HIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk AssessmentHIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk Assessment
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxCHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
 
HIPAA Violations and Penalties power point
HIPAA Violations and Penalties power pointHIPAA Violations and Penalties power point
HIPAA Violations and Penalties power point
 
Office of Civil Rights HIPAA Audits Preparing Your Clients and Yourself
Office of Civil Rights HIPAA Audits Preparing Your Clients and YourselfOffice of Civil Rights HIPAA Audits Preparing Your Clients and Yourself
Office of Civil Rights HIPAA Audits Preparing Your Clients and Yourself
 
A Review of the Medical Studies Act - Michael Cogan
A Review of the Medical Studies Act - Michael CoganA Review of the Medical Studies Act - Michael Cogan
A Review of the Medical Studies Act - Michael Cogan
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS Community
 
Healthcare Compliance Presentation
Healthcare Compliance PresentationHealthcare Compliance Presentation
Healthcare Compliance Presentation
 
Collection, Processing and Reporting of ICSR
Collection, Processing and Reporting of ICSRCollection, Processing and Reporting of ICSR
Collection, Processing and Reporting of ICSR
 
Executive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry complianceExecutive Presentation on adhering to Healthcare Industry compliance
Executive Presentation on adhering to Healthcare Industry compliance
 
Perception of CBAHI accreditation among health workers case study.docx
Perception of CBAHI accreditation among health workers case study.docxPerception of CBAHI accreditation among health workers case study.docx
Perception of CBAHI accreditation among health workers case study.docx
 
Ann Cavoukian Presentation
Ann Cavoukian PresentationAnn Cavoukian Presentation
Ann Cavoukian Presentation
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update
 
2013 compliance ppt
2013 compliance ppt2013 compliance ppt
2013 compliance ppt
 
Incentive Initiatives
Incentive InitiativesIncentive Initiatives
Incentive Initiatives
 
GEMC: Nursing Process and Linkage between Theory and Practice
GEMC: Nursing Process and Linkage between Theory and PracticeGEMC: Nursing Process and Linkage between Theory and Practice
GEMC: Nursing Process and Linkage between Theory and Practice
 

Mehr von LTC Expert Publications

Mehr von LTC Expert Publications (6)

Step-by-Step Lead Gen for Home Care Agencies in Nov/Dec 2015
Step-by-Step Lead Gen for Home Care Agencies in Nov/Dec 2015Step-by-Step Lead Gen for Home Care Agencies in Nov/Dec 2015
Step-by-Step Lead Gen for Home Care Agencies in Nov/Dec 2015
 
Home Care Marketing: Your year could easily be 1 million dollars better!
Home Care Marketing: Your year could easily be 1 million dollars better! Home Care Marketing: Your year could easily be 1 million dollars better!
Home Care Marketing: Your year could easily be 1 million dollars better!
 
Facebook for Home Care Marketing!
Facebook for Home Care Marketing!Facebook for Home Care Marketing!
Facebook for Home Care Marketing!
 
Turning Home Care Leads into Clients - Avoiding Follow Up Failure
Turning Home Care Leads into Clients - Avoiding Follow Up Failure Turning Home Care Leads into Clients - Avoiding Follow Up Failure
Turning Home Care Leads into Clients - Avoiding Follow Up Failure
 
Social Media Marketing for Geriatric Care Managers: Using Social Media as a P...
Social Media Marketing for Geriatric Care Managers: Using Social Media as a P...Social Media Marketing for Geriatric Care Managers: Using Social Media as a P...
Social Media Marketing for Geriatric Care Managers: Using Social Media as a P...
 
Turning LEADS Into Clients
Turning LEADS Into ClientsTurning LEADS Into Clients
Turning LEADS Into Clients
 

Kürzlich hochgeladen

💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
khalifaescort01
 
Call Girls Service Jaipur {9521753030 } ❤️VVIP BHAWNA Call Girl in Jaipur Raj...
Call Girls Service Jaipur {9521753030 } ❤️VVIP BHAWNA Call Girl in Jaipur Raj...Call Girls Service Jaipur {9521753030 } ❤️VVIP BHAWNA Call Girl in Jaipur Raj...
Call Girls Service Jaipur {9521753030 } ❤️VVIP BHAWNA Call Girl in Jaipur Raj...
khalifaescort01
 
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Dipal Arora
 
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
Arohi Goyal
 
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
karishmasinghjnh
 
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
parulsinha
 
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
jennyeacort
 
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
Anamika Rawat
 
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service AvailableCall Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
GENUINE ESCORT AGENCY
 
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
BhumiSaxena1
 
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
GENUINE ESCORT AGENCY
 
Call Girl in Indore 8827247818 {LowPrice} ❤️ (ahana) Indore Call Girls * UPA...
Call Girl in Indore 8827247818 {LowPrice} ❤️ (ahana) Indore Call Girls * UPA...Call Girl in Indore 8827247818 {LowPrice} ❤️ (ahana) Indore Call Girls * UPA...
Call Girl in Indore 8827247818 {LowPrice} ❤️ (ahana) Indore Call Girls * UPA...
mahaiklolahd
 
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
Dipal Arora
 
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on WhatsappMost Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
Inaaya Sharma
 
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
parulsinha
 
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
adilkhan87451
 
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
parulsinha
 
Call Girls Vasai Virar Just Call 9630942363 Top Class Call Girl Service Avail...
Call Girls Vasai Virar Just Call 9630942363 Top Class Call Girl Service Avail...Call Girls Vasai Virar Just Call 9630942363 Top Class Call Girl Service Avail...
Call Girls Vasai Virar Just Call 9630942363 Top Class Call Girl Service Avail...
GENUINE ESCORT AGENCY
 
Manyata Tech Park ( Call Girls ) Bangalore ✔ 6297143586 ✔ Hot Model With Sexy...
Manyata Tech Park ( Call Girls ) Bangalore ✔ 6297143586 ✔ Hot Model With Sexy...Manyata Tech Park ( Call Girls ) Bangalore ✔ 6297143586 ✔ Hot Model With Sexy...
Manyata Tech Park ( Call Girls ) Bangalore ✔ 6297143586 ✔ Hot Model With Sexy...
vidya singh
 

Kürzlich hochgeladen (20)

💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
💕SONAM KUMAR💕Premium Call Girls Jaipur ↘️9257276172 ↙️One Night Stand With Lo...
 
Call Girls Service Jaipur {9521753030 } ❤️VVIP BHAWNA Call Girl in Jaipur Raj...
Call Girls Service Jaipur {9521753030 } ❤️VVIP BHAWNA Call Girl in Jaipur Raj...Call Girls Service Jaipur {9521753030 } ❤️VVIP BHAWNA Call Girl in Jaipur Raj...
Call Girls Service Jaipur {9521753030 } ❤️VVIP BHAWNA Call Girl in Jaipur Raj...
 
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
Best Rate (Patna ) Call Girls Patna ⟟ 8617370543 ⟟ High Class Call Girl In 5 ...
 
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
All Time Service Available Call Girls Marine Drive 📳 9820252231 For 18+ VIP C...
 
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
Independent Call Girls Service Mohali Sector 116 | 6367187148 | Call Girl Ser...
 
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
Russian Call Girls Service Jaipur {8445551418} ❤️PALLAVI VIP Jaipur Call Gir...
 
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
Call Girls in Delhi Triveni Complex Escort Service(🔝))/WhatsApp 97111⇛47426
 
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
Andheri East ) Call Girls in Mumbai Phone No 9004268417 Elite Escort Service ...
 
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service AvailableCall Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
Call Girls Raipur Just Call 9630942363 Top Class Call Girl Service Available
 
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
Saket * Call Girls in Delhi - Phone 9711199012 Escorts Service at 6k to 50k a...
 
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
Pondicherry Call Girls Book Now 9630942363 Top Class Pondicherry Escort Servi...
 
Call Girl in Indore 8827247818 {LowPrice} ❤️ (ahana) Indore Call Girls * UPA...
Call Girl in Indore 8827247818 {LowPrice} ❤️ (ahana) Indore Call Girls * UPA...Call Girl in Indore 8827247818 {LowPrice} ❤️ (ahana) Indore Call Girls * UPA...
Call Girl in Indore 8827247818 {LowPrice} ❤️ (ahana) Indore Call Girls * UPA...
 
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service AvailableCall Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
Call Girls Rishikesh Just Call 8250077686 Top Class Call Girl Service Available
 
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on WhatsappMost Beautiful Call Girl in Bangalore Contact on Whatsapp
Most Beautiful Call Girl in Bangalore Contact on Whatsapp
 
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
🌹Attapur⬅️ Vip Call Girls Hyderabad 📱9352852248 Book Well Trand Call Girls In...
 
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
(Low Rate RASHMI ) Rate Of Call Girls Jaipur ❣ 8445551418 ❣ Elite Models & Ce...
 
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
Russian Call Girls Lucknow Just Call 👉👉7877925207 Top Class Call Girl Service...
 
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
Premium Call Girls In Jaipur {8445551418} ❤️VVIP SEEMA Call Girl in Jaipur Ra...
 
Call Girls Vasai Virar Just Call 9630942363 Top Class Call Girl Service Avail...
Call Girls Vasai Virar Just Call 9630942363 Top Class Call Girl Service Avail...Call Girls Vasai Virar Just Call 9630942363 Top Class Call Girl Service Avail...
Call Girls Vasai Virar Just Call 9630942363 Top Class Call Girl Service Avail...
 
Manyata Tech Park ( Call Girls ) Bangalore ✔ 6297143586 ✔ Hot Model With Sexy...
Manyata Tech Park ( Call Girls ) Bangalore ✔ 6297143586 ✔ Hot Model With Sexy...Manyata Tech Park ( Call Girls ) Bangalore ✔ 6297143586 ✔ Hot Model With Sexy...
Manyata Tech Park ( Call Girls ) Bangalore ✔ 6297143586 ✔ Hot Model With Sexy...
 

Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the IRS

  • 1. ❧ Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than by the IRS The Security Risk Analysis Bryan Brothers – CHPS, CAHIMS Copyright 2015 Brothers and Associates LLC
  • 2. ❧“Consider what it will cost you if Office of Civil Rights (OCR) visits, even if you get through the ordeal without a fine, or even an accusation. “ ❧ Learn what they will ask before they make a determination. ❧ Learn what a Meaningful Use Objective is/means to you. ❧ Why Conduct a Security Risk Analysis? ❧ How Often Does a Breach Occur in Home Health Care? ❧ What Are the Fines, and Can You Afford It? ❧ Examples of Home Health Care Breaches Across the U.S. ❧ Myths and Misconceptions about Safety. ❧ Mistakes to Avoid ❧ Where Can You Turn for Help? ❧ QA Agenda and Introductions
  • 3. ❧ “This final omnibus rule marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented. These changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.” Current Director Jocelyn Samuels continues to support this philosophy. HHS Office for Civil Rights Former Director, Leon Rodriguez
  • 4. ❧ Prior to HIPAA, there was no universally recognized security standard for protected health information (PHI). Brief History HITECH, as part of American Recovery and Reinvestment Act of 2009, contains specific incentives designed to accelerate adoption of electronic health records among providers. It broadens the scope of privacy and security protections listed under HIPAA and also increases the repercussions and enforcement potential for non-compliance.
  • 5. ❧Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308 (a) (1), including addressing the encryption/security of data at rest and implement security updates as necessary and correct identified security deficiencies as part of the risk management process. Meaningful Use Objective
  • 6. ❧ Why Conduct a Risk Analysis? ❧ The process of a Risk Analysis is an ongoing and interactive part of your organizations security plan. ❧ The Purpose is to identify potential threats and vulnerabilities to PHI, implement needed changes to make PHI more secure, and monitor the results of mitigation. ❧ Understanding the risk to Confidentiality, Integrity, and Availability of ePHI is the key to your security!
  • 7. • Identify Non-Compliance of HIPAA and other rules and regulations • Identify Threats and Vulnerabilities • Identify Weaknesses that could result in unauthorized disclosures or breaches • Improve processes when handling PHI • Demonstration of good faith effort to insure compliance with required component of Meaningful Use and HIPAA law. What Information will a Risk Analysis provide?
  • 8. Procedure for Risk Analysis The Risk Analysis is a Nine Step Process! To correctly perform an analysis the guidelines set forth by National Institute for Standards and Technology must be used.
  • 9. Procedure for Risk Analysis Step 1: ● Scope the Assessment ● Identify where ePHI is created, received, maintained, processed, or transmitted ● Take into account the remote work force and telecommuters, and removable media and portable computing devices
  • 10. Procedure for Risk Analysis Step 2: ● Gather Information ● Identify the conditions under which EPHI is created, received maintained, processed, or transmitted by the covered entity ● Identify the security controls currently being used to protect the EPHI
  • 11. Procedure for Risk Analysis Step 3: Identify Realistic Threats ● Identify and compile a list of potential threat sources applicable to the organization ● Include realistic, probable human, and natural incidents that can have a negative impact on an organizations ability to protect EPHI
  • 12. Step 4: Identify Potential Liabilities ● Develop a list of vulnerabilities ● Focus on areas where EPHI can be disclosed without proper authorization, improperly modified, or made unavailable when needed. Procedure for Risk Analysis
  • 13. Step 5: Assess Current Security Controls ● Determine if the implemented or planned security controls will minimize or eliminate risks to EPHI Procedure for Risk Analysis
  • 14. Step 6: Determine Likelihood and Impact of Threat ● Likelihood: probability of a threat occurring that can cause or trigger an adverse event ● Impact: effect that an adverse event would have on an organization if a vulnerability was exploited Procedure for Risk Analysis
  • 15. Step 7: Determine Level of Risk ● Assess level of risk to the organization ● Risk is based off of values assigned to the likelihood and impact of a threat occurrence Procedure for Risk Analysis
  • 16. Step 8: Recommend Security Controls ● Security controls that could mitigate the identified risks ● Reduce the level of risk to the IT system and its data to an acceptable level Step 9: Document the Risk Results Pause for excited audience to calm down!!! Procedure for Risk Analysis
  • 17. Step 1: scope the assessment Step 2: gather information Step 3: identify realistic threats Step 4: identify potential vulnerabilities Step 5: assess current security controls Step 6: determine likelihood and impact of threat Step 7: determine level of risk Step 8: recommend security controls Step 9: document risk results ANOTHER LOOK AT THE PROCESS
  • 18. ❧ THREE TIER APPROACH ❧ Audits, Audits and More Audits… ❧ Three separate entities are now performing audits of medical facilities: Figliozzi &Company, a private contractor, perform audits on behalf CMS and the ONC for the Meaningful Use Program. The Office of Civil Rights performs audits on behalf of the Department of Health and Human Services. Lastly, the Office of Attorney General performs audits for the State.
  • 19. ❧ ❧ While audits are in progress, they may or may not effect you. Many audits are a result of Breach situations. How often does a Breach occur in Home Health Care? ❧ A: Never, these rules do not apply to me! ❧ B: They happen, but no harm occurs… ❧ C: A Breach every 3.5 hours. Overstated?
  • 20. ❧ ❧ Three Major Breaches in Florida in the last 24 months from Home Health Care Agencies. ❧ Over 14,000 records involved. ❧ Settlements still pending in some cases. ❧ PAPER RECORDS INVOLVED Surprising Information
  • 21. ❧ ❧ Missouri – Home Care of Mid-Missouri – 4027 records ❧ Texas – Hope Hospice – 818 records ❧ Kansas – Complete Medical Homecare – 1700 records ❧ Kentucky – ReachOut Homecare – 4500 records ❧ New Jersey – Jersey City Medical Center – 36400 records ❧ Minnesota – In APRIL OF 2015 –Allina Health – 838 records ❧ Largest Breach last year – 179000 records from one California based provider. Across the Country
  • 22. ❧ ❧ Each audit program has a different penalty structure, however they are similar in the penalty phases : ❧ For the EMR Program Audit: Notice of a failed audit will result in a tentative notice of overpayment, and incentive payment for audit year will be recouped. ❧ FRAUDULENT ATTESTATION PUNISHMENT MAY INVOLVE IMPRISONMENT, SIGNIFICANT FINES, LOSS OF LICENSE, AND EXCLUSION FROM PARTICIPATION IN INCENTIVE PROGRAM. Penalties Involved
  • 23. OCR Audits have varied fines dependent on severity of findings. The largest fines are Civil Penalties up to $1.5 million per occurrence! Multiple violations due to willful neglect not corrected of an identical requirement or prohibition made during the same calendar year Other violations may result in lesser penalties of $10,000 per occurrence not to exceed $250,000: Violation was due to willful neglect, corrected, violation of an identical requirement or prohibition during a calendar year
  • 24. Each Audit Program Can Result in Criminal Penalties! Most Breaches Require The Provision of Credit / Identity Protection Services. The Average cost of these services is $230 per individual. As an Example the Breach mentioned in Minnesota, 838 records, would then cost $192,740 to mitigate. Added cost are also incurred due to loss of patients due to “Bad Press”.
  • 25. 2013 saw the first fine for a Breach of Less Than 500 Records •440 records •Lost laptop Hospice of North Idaho No risk assessment therefore no appropriate measures to address the risk or to maintain the appropriate security measures. $50,000 fine, Corrective Action Plan CAP required employer to enforce policies and sanction policy violations
  • 26. ❧ From the Los Angeles Times ❧ UCLA pays $865,500 to settle celebrity medical record snooping case July 7, 2011 “Settlement with U.S. regulators also call for UCLA to retrain staff and take steps to prevent future breaches. Some staff have already been fired for viewing the records of Farrah Fawcett, Michael Jackson and others.” ❧ UCLA Health System has agreed to pay $865,500 as part of a settlement with federal regulators announced Thursday after two celebrity patients alleged that hospital employees broke the law and reviewed their medical records without authorization. ❧ Federal and hospital officials declined to identify the celebrities involved. The complaints cover 2005 to 2009, a time during which hospital employees were repeatedly caught and fired for peeping at the medical records of dozens of celebrities, including Britney Spears, Farrah Fawcett and then-California First Lady Maria Shriver. ❧ The employee was not named in the agreement, and the hospital spokeswoman declined to identify who it was. But the timing and description of the alleged violations cited in the agreement suggest that it may have been Lawanda Jackson, an administrative specialist at Ronald Reagan UCLA Medical Center who was fired in 2007 after she was caught accessing Farrah Fawcett's medical records and allegedly selling information to the National Enquirer. ❧ Jackson later pleaded guilty to a felony charge of violating federal medical privacy laws for commercial purposes but died of cancer before she could be sentenced. Fawcett died of cancer in 2009.
  • 27. ❧ ❧ Failure to pass an audit from any of the participating organizations can result in more than just penalties imposed: ❧ The Reputation of your organization can be effected by published results. ❧ How many of you have experienced a breach ??? More Than Money!!!
  • 28. In Florida From 2012 until Now: 39 incidents Over 500 records required reporting to HHS 0ver 170,000 Patient Records Affected!
  • 29. ❧ Things To Consider ❧ Security Risk Analysis are sold in many forms, can be purchased as a kit, and can be done with no help at all. ❧ No analysis is perfect. ❧ There are some Myths: It doesn’t apply to me…, ❧ My EMR Vendor said I don’t need to they are certified, ❧ Our IT manager says our system is safe…
  • 30. ❧ Most findings in a risk analysis process relate to policy and procedure deficiencies that tend to be overlooked as a business grows. The Analysis will become the backbone of your security plan. Findings will indicate a need for new policies, Business Associate Agreements that you have not needed before this year, and updates of forms that have always been used and accepted. DO NOT PANIC! The most important part of the Risk Analysis is the provision of mediation! At conclusion you should know what you need to fix, replace, and issue to be in compliance. Make sure your analysis will provide a plan for corrective actions! Mistakes to Avoid
  • 31. ❧ ❧ Audits come in different strengths and sizes. Like everything else, preparation is the key. The benefit of a completed risk analysis goes beyond knowing WHAT deficiencies you can identify, it demonstrates to an auditor you have performed your due diligence and strive to be in compliance with ever changes rules and regulations. Prepare Now!
  • 32. ❧ The guidelines we covered today demonstrate the foundation of the Risk Analysis. The Office of National Coordinator (ONC) recognizes one certification: Certified in Healthcare Privacy & Security (CHPS) Issued by the American Health Information Management Association. Is There Help?
  • 33. ❧ Contact Information Bryan Brothers 502 517 6943 Bryan@HealthcarePrivacyandSecurity.com Brothers And Associates LLC WWW.HEALTHCAREPRIVACYANDSECURITY.COM