2019 HIPAA Audits & Enforcement Updates

Duration: 60 Minutes
Instructor: Gina L Campanella
Webinar Id: 801551


One Attendee
Unlimited Attendees ?

The webinar will focus on identification of a breach and what the required process is to remedy a breach if it is determined one has occurred, The initial overview of HIPAA requirements and policies will help the attendee determine if his or her practice is compliant.


The collection of laws and regulations known commonly as HIPAA is comprised of two federal statutes and three federal rules:

The Health Insurance Portability and Accountability Act of 1996 ("HIPAA"),the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH"), the Privacy Rule (found at 45 C.F.R. 164.500 et. seq.), the Security Rule (found at 45 C.F.R. 164.300 et. seq.) and the Breach Notification Rule (found at 45 C.F.R. 164.400 et. seq.).

The three rules were amended and combined in 2013 into what is known as the HIPAA Privacy, Security, Enforcement and Breach Notification: Final Omnibus Rule. The federal Office for Civil Rights ("OCR") has the duty and responsibility to investigate complaints or reports of potential HIPAA violations and to continuously monitor entities required to comply with HIPAA ("Covered Entities") for compliance. OCR began a preliminary pilot program for random compliance audits of Covered Entities in 2015.

The OCR looks at several areas of HIPAA compliance when performing an audit including:

  • Does the Covered Entity have a Notice of Privacy Practices? Is the notice complete? Is the notice posted and distributed properly?
  • What are the patients' rights to request privacy protections, access to or an accounting of disclosures of their protected heath information ("PHI")?
  • What are the Covered Entities administrative requirements for the security of PHI?
  • Does the Covered Entity have proper Authorizations for Use and Disclosure of PHI available for patient use?
  • Are there proper administrative, physical and technical safeguards in place on the premises of the Covered Entity?

All medical practices must have a designated Security Officer who is responsible for HIPAA security. The designated Security Officer should perform regular internal Compliance Risk Assessments as well as staff training sessions to ensure that all of the proper protections are in place and are functioning properly.

OCR is on schedule to begin its second round of HIPAA audits in early 2016 and plans to include many more types of Covered Entities than were included in the first phase as well as Business Associates (as defined by HIPAA) of Covered Entities.

One of the essential items that OCR will be looking for is the proper performance of an internal Compliance Risk Assessment and the implementation of any necessary plans to cure any problems that are discovered as a result of the Compliance Risk Assessment.

Although OCR will not be publicly posting any audit results, the results are not confidential and the potential financial consequences of a poor audit are substantial. Any Covered Entity or Business Associate who has not yet performed an internal Compliance Risk Assessment should plan to do so immediately and should begin to prioritize the necessary changes which result based upon the level of risk involved in each deficiency.

Why should you Attend: HIPAA compliance is one of the most cited and least understood laws in the typical medical practice. Although HIPAA has been in place for decades, it has changed rapidly in the last ten years due to the rapid proliferation of technology in medicine.

In addition to these progressive changes, the law itself underwent a major overhaul in 2013 resulting in any practice that has not updated their HIPAA materials since that time being out of compliance. The speaker will highlight the major changes that must have been implemented after the 2013 HIPAA updates. Thereafter, the attendee will learn the basic requirements for a Notice of Privacy Practices as well as when authorizations are and are not required for the use and disclosure of a patient's protected health information.

The latter half of the webinar will focus on identification of a breach and what the required process is to remedy a breach if it is determined one has occurred.

The federal Office for Civil Rights, the government entity tasked with enforcing HIPAA began a preliminary pilot program in 2015 to ensure a certain number of random compliance audits of Covered Entities.

The initial overview of HIPAA requirements and policies will help the attendee determine if his or her practice is compliant. Thereafter, the speaker will highlight what "red flags" the Office for Civil Rights looks for when determining whether to audit a practice and learn what to do in the event you are selected for a random audit.

Areas Covered in the Session:
  • Determining level of Compliance with HIPAA
  • Recognizing Areas that need to be Brought into Compliance
  • Learning how to Analyze a Breach
  • Current Trends in Enforcement Actions

Who Will Benefit:
  • Physicians
  • Health Care Providers
  • Practice Mangers
  • Administrators
  • Privacy Officers
  • Office Managers
  • Medical Record Clerks
  • Non-Clinical Health Care Employees and Contractors
  • Business Associates of Health Care Providers

Speaker Profile
Ms. Gina L Campanella focuses her practice on business law, healthcare regulatory and transactional matters, and residential and commercial real estate. Ms. Campanella has assisted clients with transactional services and regulatory compliance consulting, as well as general counsel services to small and large businesses, medical practices, professional societies and real estate clients alike.

Clients seek her expertise when reviewing employment agreements, commercial leases, formation of new businesses and medical practices, separation from and sale of businesses and medical practices, business structuring, commercial and residential real estate transactions, and surgical center licensing and registration, including preparation for Department of Health, AAAHC and AAAASF surveys of licensed and Medicare deemed facilities, as well as preparation and implementation of resulting plans of correction.

Ms. Campanella is a nationally respected regulatory compliance specialist who dedicates herself to educating professionals nationwide on issues of business transactions and regulatory compliance.

Ms. Campanella graduated Magna Cum Laude from Seton Hall University with a Masters in Healthcare Administration in 2012 and earned her Juris Doctor from Seton Hall Law in 2005. In 2002, she graduated with Honors from Union College with a Bachelor of Arts in History. She is also a member of the American College of Healthcare Executives (New Jersey Chapter), the American Health Lawyers Association, and the New York City Bar Association.

Ms. Campanella has been admitted to practice law in New Jersey and United States District Court for the District of New Jersey since 2006, the District of Columbia since 2013, New York since 2013, Pennsylvania since 2017 and Vermont since 2018.

Ms. Campanella was recognized by New Jersey Super LawyersTM as a Rising Star in 2014, 2015, 2017, 2018, 2019 and 2020, a “Best of Bergen” attorney by Bergen Magazine in 2017, 2018 & 2019, an “Awesome Attorney” by South Jersey Magazine in 2019, and is recognized by AVVO as a Clients’ Choice Attorney in 2016, 2017, 2018 & 2019 with an AVVO rating of “10 out of 10”.* Her additional certifications include earning the status of Certified HIPAA Administrator from the HIPAA Academy and she is a Fellow in the American College of Healthcare Executives. Ms. Campanella is also an Adjunct Professor at the Seton Hall University School of Health and Medical Sciences.

You Recently Viewed