Group items tagged

Course "Validation and 21 CFR 11 Compliance of Computer Systems: Intermediate to Advanced" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Computer Systems Validation (CSV) also known as Software Validation is all-pervasive in the Life Sciences Industry. It is a requirement of all the predicate rules, as well as 21 CFR 11 and Annex 11. However, unless one knows how to implement CSV, it is often very hard to detect the requirement for CSV, and very hard to determine what needs to be done, to meet domestic and / or international regulations or business continuity requirements. In addition, the FDA has stepped up 21 CFR 11 inspections that include CSV. This course will build on the Validation and 21 CFR 11 Compliance Basic Course, to give hands on experience on executing on the computer systems validation of a system, and to discuss related activities such as Validation Master Plan, Infrastructure Qualification, Project Management for Validation and Validation of Test Tools The attendees must have attended the Basic Validation & 21 CFR 11 Compliance. This is a very hands-on class and the attendees will be expected to use templates provided in the class to create the complete package for the validation of a system The Seminar: This Hands-On course will provide the attendees with more detailed experience on validation / 21 CFR 11 compliance of a computer system, as well as details for activities associated with computer systems validation as follows: 1. Validation Master Plan 2. Complete Validation for a System 3. Excel Spreadsheet Validation 4. Change Control 5. SOPs 6. Test Tools Validation 7. Project Management for Validation Who Should Attend: * VP of IT * Director of IT * Quality Managers * Project Managers (for CSV / IT) * Validation Specialists * Database Administrators * System Administrators * Directors / Senior Directors of Discovery * Directors / Senior

Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the understanding the fundamentals of a HIPAA compliance. If your healthcare practice, business, or organization needs to understand what is required to protect health records or make sure your current safeguards are adequate and can withstand government scrutiny, please join us for this informative and interactive course. Why should you Attend: With a substantial increase HIPAA data breaches, organizations must understand the requirements to safeguard protected health information. Attendees will leave the course clearly understanding of all the requirements that must be in place for protecting the health records their organizations maintain, create, transmit, or store. After completing this course, a Covered Entity or Business Associate will have a clear understanding for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? What is a HIPAA Risk Management Plan? What is meant by "Required" and "Addressable" Implementation Specifications? What are Administrative, Technical, and Physical Safeguards Requirements? What is a HIPAA Risk Assessment? What are HIPAA training requirements? What is a HIPAA data breach and what happens if it occurs? What are the penalties and fines for non-compliance and how to avoid them? Creating a Culture of Compliance Questions Who Will Benefit: Compliance Of

Overview: Hospital chargemasters are complex and represent a key component for the revenue cycle of hospitals. Chargemasters are intertwined with coding for services, billing for services, charging for services and even involve the cost reporting process. A myriad of decisions must be made concerning how the chargemaster is organized, impacts on coding and billing, charge structuring, cost accounting, and other processes within the revenue cycle. Whenever decisions are made, policies and procedures should be developed, approved and implemented. A proper system of billing and chargemaster policies and procedures can help to maintain an appropriate compliance stance in a world where ambiguous guidance is often the norm. The development of charges and charge structuring within the chargemaster is a major issue often referred to as transparent pricing. While even the Medicare program maintains that hospitals should charge for everything, the way in which charges are set and amalgamated at the claim level can vary significantly between hospitals. A key issue for the chargemaster is differentiating separately charging from separately reporting. The way in which hospitals make decisions about the bundling of charges at the line-item level within the chargemaster leads to many decisions, all of which need justification through proper policies and procedures. Due consideration must be given to departmental concerns about revenue generation, cost reporting implications, coding implications and any associate challenges with billing and claims filing. Why should you Attend: See Typical Questions - Here are some reworded marketing questions: Why are the chargemaster and hospital billing targets of compliance audits? How should we prioritize statutory and contractual compliance for the chargemaster and billing process? Will chargemaster and associated billing policies and procedures give us protection relative to compliance? How should we develop a system of chargemaster po

Health Information Security Compliance: Health information security compliance requirements from HIPAA keep risk management at the core. These requirements also have other guidelines. Health information security compliance is a vital requirement for healthcare providers. Healthcare professionals have to ensure security and privacy of Protected Health Information (PHI) and Electronic Protected Health Information (ePHI), which are part of Electronic Health Records (EHR). The guidelines, rules and requirements are mandated by HIPAA, which is in charge of ensuring that there is privacy and security of health information. Challenges associated with health information security compliance The very fact that a lot of health information is stored in electronic records makes health information security compliance all the more challenging. The way in which information flows between various players in the sector is also a factor: shared computers and information sharing with third party associates like laboratories and billers. If a healthcare organization is not compliant with health information security, it could be held indirectly responsible for issues arising out of these. HIPAA has regulations and guidelines on how providers can keep PHI and ePHI. It suggests and strongly recommends risk analysis as the basis for health information security compliance. These are set out in the Meaningful Use requirements. Some of risk analysis methods include or relate to the following: The provider's EHR software and hardware Assessment of whether the provider's practice protocols are adequate Risk assessment of the provider's physical setting and environment Risk assessment relating to staff education and training A thorough examination of EHR access controls Risk management relating to contracts with the provider's Business Associates The healthcare provider's practices in relation to patient relations and communications Physical measures for ensuring health information security c

Course "HIPAA for the Compliance Officer" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: I will be going into great detail regarding you practice or business and how it relates to the HIPAA Security/Privacy Rule, Areas covered will be history of HIPAA, privacy vs security, business associates, changes for 2016, audit process, paper based PHI, HIPAA and suing, texting, email, encryption, medical messaging, voice data and much, much, more I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition, this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why you should attend: This lesson will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2016. There are an enormous amount of issues and risks for covered entities and business associates these days. I will speak on specific experiences from over 17 years of experience in working as an outsourced compliance auditor, expert witness on HIPAA cases, and thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information. More im

Overview: As defined by the Health Information Portability and Accountability Act (HIPAA), a Business Associate can be any organization or person working in association with or providing services to a Covered Entity who handles or discloses Protected Health Information (PHI) or Personal Health Records (PHR). With certain exceptions, a person or entity that creates, receives, maintains, or transmits PHI for a function or activity regulated by the HIPAA Privacy Rule for a Covered Entity is a Business Associate. The HITECH Act, a recent update made to overall HIPAA regulations require Business Associates to comply with HIPAA mandates regarding the handling and use of health information. As a Business Associate you must comply with a wide-range of regulatory obligations, including certain privacy obligations, security standards, and breach notification requirements. If your business needs to understand what it means to be a Business Associate and know what required safeguards, policies and procedures must be in place or make sure your current compliance program is adequate and can withstand government scrutiny, please join us for this informative and interactive session. Why should you Attend: There is a lot of confusion about the role and requirements of being a Business Associate. Organizations must be prepared prior to entering into these contracts for services as a vendor and subcontractor. Attendees will leave the course clearly understanding of all the requirements that must be in place for the Business Associate - Covered Entity arrangement. After completing this course, a Business Associate will have a clear understanding as to what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? What are the Consequences of being a Business Associate What is a HIPAA Compliance Program? What is a HIPAA Risk Mana

Overview: In 2013, The US Department of Health and Human Services made major changes to rules implementing The Health Insurance and Portability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2003 (HITECH). Among the many areas impacted by these rules (billing, marketing, research, IT security, etc.) is fund raising. The amendments significantly modify the methods and practice that hospitals, their institutionally related foundations, and other healthcare charities may or must employ when using ANY patient or client information for fund raising. The webinar will cover how to effectively implement the fund raising regulations in a manner that increases both opportunities for philanthropic support and compliant implementation of the new mandates. The rules include specific operational requirements, some of which prohibit protocols that were required under the original HIPAA regulations. The "magic words" mandated by HIPPA-related regulations changed in multiple areas. The webinar will cover all of these areas to ensure your organization is both legally compliant and operationally effective. The types of information that may be used for fund raising changed significantly. This presents numerous substantial fund raising opportunities, as well as challenges on the use and storage of such information. Among other areas to be presented are The required method for individuals to opt-out of receiving fund raising communication The methods of informing patients and clients of their right to opt-out from receiving fund raising communication The broadly expanded types of fund raising communication subject to opt-out rights How providers, hospital, and related fund raising foundation apply an opt-out election by an individual The type of patient and client information that health charities may use for fund raising The contents of provider's Notice of Privacy Practice How clinicians can assist both their patients/clients and the

Overview: Become knowledgeable and understand the False Claims Act, Anti-Kickback Statute, Physician Self-Referral Law, Excluded Individuals and additional criminal/civil laws that may worsen the punishment if these laws are violated. Understand the criteria of each law, exceptions and how to identify an issue that requires mitigation. Why should you Attend: Are you able to distinguish with certainty an agreement, contract or activity that is permissible versus one that is not under our current healthcare laws and regulations? Do you have a contract organization system where reviews are done regularly and retained centrally? Do you conduct auditing and monitoring of potential high risk compliance areas related to fraud, waste and abuse? If you are uncertain or need additional guidance on recognizing potential violations of healthcare fraud, waste and abuse regulations and how to audit and monitor for non-compliance, this training is for you. Areas Covered in the Session: Define and describe elements of the Anti-kickback Statute, False Claims Act, Exclusionary Rule, Physician Self-Referral Law and potential penalties for violations Discuss exceptions and related criteria to the Physician Self-Referral Law and the Anti-Kickback Statute Identify common potential issues that may result in violations and how to avoid or mitigate them Provide examples on how to comply with the regulations Describe areas to audit, monitor and implement policies/procedures for compliance Who Will Benefit: Health care providers Revenue cycle management employees Coders, Billers Compliance officers Contract management Compliance and Internal Audit professionals Healthcare administrators Speaker Profile Gail Madison Brown is a registered nurse and an attorney with over 25 years of experience in health care. For the last 15 years she has focused on health care compliance and revenue cycle management operations. Gail's experience ranges from starting new compliance programs and making impr

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analys

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analy

What is HIPAA ? Compliance with the Health Insurance Portability and Accountability Act (HIPAA) is a core requirement of the stakeholders involved in health information. HIPAA has prescribed standards with which to protect critical data relating to patients. Electronic Health Records (EHRs) are important documents that contain sensitive patient data, and are thus considered Protected Health Information (PHI). Since this data is accessible to a number of players involved in the field of healthcare; it extremely important to set regulatory guidelines aimed at ensuring that patient information remains protected. HIPAA compliance is essentially about staying in compliance with these guidelines. Measures needed to show compliance with HIPAA HIPAA requires a healthcare organization dealing with PHI to implement all of the following measures and comply with them: Physical measures Network measures, and Process security measures The role of HIPAA Privacy Rule and HIPAA Security Rule HIPAA has set out two important rules that pertain to compliance. These are the HIPAA Privacy Rule and the HIPAA Security Rule. While the Privacy Rule relates to how the medical information of a patient is saved, accessed and shared; the Security Rule is about how to implement national security safeguards for protecting electronic PHI, or ePHI. Who all need to be HIPAA compliant? Since the aim of HIPAA compliance is to ensure complete safety of patient data, it has requirements for every stakeholder in the EHR process. These stakeholders comprise: Covered Entities (CE): Anyone involved in the treatment, payment and operations in healthcare Business Associates (BA): Any person who has access to patient information and is involved in supporting treatment, payment or operations. These include third-party administrators and private sector vendors Those with whom BA's work, or those that are called subcontractors Hosting providers. These typically include healthcare software pro

Overview: The objectives of this course will be to go over the specific risks associated with business associates as it relates to HIPAA compliance. I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. Times have changed and unfortunately many businesses are losing clients or unable to get new clients due to problems with their compliance program or lack of a compliance program. I will demonstrate from real life audits conducted by the Federal government what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. States are being encouraged by the Federal government to implement new laws to remedy their citizens. Why should you Attend: Protect your business! Business associates are now required to comply directly with the HIPAA legislation! Many businesses are losing clients or unable to get clients because of compliance issues. We will be discussing the changes taking place in Washington DC with the Health and Human Services in relating to new risks business associates face under HIPAA. I will also be discussing factors might cause an unwanted visit or letter from the Office of Civil Rights and how to prepare for the audit and deal with the Feds Areas Covered in the Session: Updates for 2016 What to do if a client requires more than just a signed business associate agreement Fines Policy and Procedure Who Will Benefit: Any business associates who work with medical practices or hospitals (i.e. billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc) Speaker Profile Brian Tuttle is a Certified Professional in H

Course "New HIPAA Audit and Enforcement Activities: Being Prepared to Show your Compliance " has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: We will be discussing the history and evolution of HIPAA Privacy/Security and the major points you need to understand to proactively protect your practice or business from the imminent federal auditing process: * History of HIPAA * HITECH * HIPAA Omnibus Rule * How to perform a HIPAA Security Risk Assessment * What is involved in a Federal audit and how is it conducted * Risk factors for a federal audit * How to avoid a Federal audit * Business Associates and HIPAA audits * EHR and HIPAA * Business Continuity/Disaster Recovery Planning * Assessing your contractors and sub-contractors * In depth discussions on IT down to the nuts and bolts * Risk factors that can cause an audit (low hanging fruit) * New rules which grant states ability to sue citing HIPAA on behalf of a patient * New funding measures Why should you attend : The evolutions of this enigmatic law and how what was once relative benign in terms of enforcement is now fully funded and aggressive. Learn what you can do to be prepared for an audit and how to lower risks of ever being audited. It is absolutely imperative that you are proactive and not reactive with your compliance program, this is a necessary evil and you need to protect your practice or your business and limit risks from the imminent Federal audits. Join me in keeping up with this very confusing law and take advantage of all the templates and information provided as part of the seminar. Areas Covered in the Session: * HIPAA -Brief History * HIPAA Privacy Rule vs HIPAA Security Rule * HITECH Act * Breach Notification Rule * Omnibus Rule and audits * Business Associates and audits * Current Court Cases (precedence) * Paper Based PHI Concerns and how to lower risk

Seminar on Analytical Instrument Qualification and Validation: Understanding to Prepare for FDA Audits to become Part 11 Compliant at Boston, MA Course "Analytical Instrument Qualification and Validation: Understanding to Prepare for FDA Audits to become Part 11 Compliant" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: In this two day workshop conference you will learn the different global agencies expectations of analytical equipment qualification along with the development of a sound process validation program in order to develop and implement bulletproof solutions that are accepted, effective, and efficient. Through case study analysis we will examine best practices to provide thoughts and ideas to develop or improve the performance of your current system. Additionally, case studies will explore how your management practices of your analytical equipment qualification/ validation and process validation programs can help or hurt your legal liability and the legal issues that arise from nonconformance with regulators and Auditors. This seminar will help attendees understand the instrument qualification and system validation processes and will provide instruction on how to prepare for FDA audits and how to become part 11 compliant. Why should you attend? The cost of non-compliance is therefore more than that of compliance. Are you in compliance with the FDA regulations for analytical equipment qualification and validation in your facility? Areas Covered in the Session: * Learn about the regulatory background and requirements for laboratory instrument qualification and system validation * Understand the logic and principles of instrument qualification and system validation from validation planning reporting * Understand and be able to explain your company's qualification and validation strategies * Be able to independently prepare execute test protocols, this includes s

Overview: Section 13411 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, requires Health and Human Services (HHS) to conduct periodic audits of providers and business associates to ensure their compliance with the HIPAA Security and Privacy Rule, and breach notification standards. To implement this mandate, the Office of Civil Rights (OCR) has conducted HIPAA/HITECH audit program with KPMG of 115 health care organizations to assess privacy and security compliance. This webinar will focus on the implementation and tracking of HIPAA audit best practices in a healthcare setup in order to prepare for the federal audit using published OCR audit protocols. Every audit begins with interviews, a questionnaire, and a thorough policy and procedures review. Presenter, with his decades of knowledge in the compliance, legal, auditing and security areas, will walk the attendees through the audit process, documentation requirements, and implementation specifications of the HIPAA privacy, security and breach rules. This presentation not only provides opportunity for the participants to prepare for the federal HIPAA audit but also to improve the security posture of their organizations by adopting to changing technology (mobile, social media, Health Information Exchange(HIE), cloud services, etc.) and threat landscape perspective as well. This presentation will uncover reasons why many health information breaches are occurring and help organizations better secure and comply with electronic protected health information by meeting the required and addressable HIPAA/HITECH security rules. The presenter will also share the best practices used for HIPAA security implementation and continuous risk assessment which is considered as "due diligence" by auditors for the HIPAA security compliance program. Areas Covered in the Session: Healthcare Technology Adoption/Trends Healthcare Regulatory (HIPAA/HITECH) and OCR/HHS Audit Overview Differences between

Overview: This webinar will focus on the major fraud and abuse laws, including the Stark Law, the Anti-Kickback Statute, and the False Claims Act. In this webinar Mr. Wolfe will provide an overview of the health care regulatory issues related to implementing value-based physician compensation models. Why should you Attend: Given the substantial awards and settlements in recent Stark Law enforcement actions, Stark Law compliance has become more than just a compliance issue: it is an enterprise risk management issue. As medical groups, hospitals, and health systems transition to value-based physician compensation arrangements, they will need to make sure their arrangements continue to be compliant with the Stark Law. Areas Covered in the Session: Provide a general overview of the Stark Law, Anti-Kickback Statute and the False Claims Act. Explain the requirements for compliance with key regulatory exceptions and safe harbors. Compensation and valuation issues unique to the group practice model Discuss best practices when implementing value-based physician compensation models. Summarize the recent changes to the Stark Law for 2016. Who Will Benefit: In-House Counsel Health Care Compliance Officers Health Care Human Resources Health Care CFOs Health Care executives Speaker Profile Joseph Wolfe is an attorney with Hall, Render, Killian, Heath & Lyman, P.C., the largest health care focused law firm in the country. Mr. Wolfe provides advice and counsel to some of the nation's largest health systems, hospitals and medical groups on a variety of health care issues. He regularly counsels clients on a national basis regarding compliance-focused physician compensation and alignment strategies. He is a frequent speaker on issues related to the physician self-referral statute (Stark Law), hospital-physician transactions, physician compensation governance and health care valuation issues. Before attending law school at the University of Wisconsin, he served as a combat engi

Practical steps to compliance with HIPAA Computer Policy: That the HIPAA has a clear and stringent policy on computers is absolutely understandable, because computers constitute the very soul of HIPAA. Ensuring security of patient data is one of the core causes for which HIPAA was enacted; so, it is only natural that Computer Policy should be at the center of HIPAA compliance. A HIPAA Computer Policy rule came into effect in 2005. The nub of this enactment is to ensure that there are technical, physical and administrative security procedures that must be adhered with. These are meant for Covered Entities to ensure that the data they have of patients, namely electronic Protected Health Information (PHI) is safe and secure. Understand the reason for HIPAA Computer Policy Any implementation has to start with an understanding of the rationale for the action, right? The same goes for something as important and big as implementation of HIPAA compliance into systems. HIPAA Computer Policy is in place for a specific and critical reason ���protection of patient data, loss of which can lead to hefty penalties that can affect the business very adversely. So, installing the necessary protections is the first step to protecting vital data and with it, one's own business or practice, as well. Implement a sound access policy A strong access policy is at the heart of HIPAA Computer Policy. It is in the computer systems that all the data relating to the patient are stored. So, making sure who in the organization has access to these and how and when, is very important. Not only should access be restricted to only designated and permitted personnel in the organization; there should be a system by which tracking of access is easily determined. This is to find out who accessed which record, when, what action followed, what happened as a result of this access, and so on. Keep a record of all system components This is another step to ensuring compliance with HIPAA Computer Po

Overview: You need to attend in order to control your own destiny. Get involved up front instead of being a "sitting duck". More Audits are coming and government & private payers are increasing their budgets for increased audit activity around the health care provider industry. The Department of Justice is zeroing in on providers who are aberrant. Private insurance special investigations units are also gearing up and local prosecutors who are hungering for these types of prosecutions are all part of building machinery to eliminate fraud and abuse in the nation's health care system. The concern about the audit/investigative machine that has been developed should create horrendous concern for the health care provider community, because these entities will have to come up with results. Don't become one for their "results". Areas Covered in the Session: Overview of audit risks 14 Strategies to tackling auditors: i.e. Appoint Audit Manager Appoint Audit Committee Proactively seek out info from audit visitors Respond quickly to audit visitor requests Identify On Site control person Provide strong support for onsite control person Onsite control person must be close to the visitors Audit committee to meet daily with visitors Respond quickly to early findings Request feedback from visitors Request Exit conference Carefully review preliminary findings Respond to final report Correct problem findings Who Will Benefit: Health Care Professionals Health Service Providers Compliance Officers CEO's Corporate Attorneys Speaker Profile Joseph R. Batte is president of Kristall Associates, a compliance, and risk assessment specialist for the health care provider community as well as the litigation support community. He is a former special agent with the US Office of Inspector General and participated in the development of that Departments compliance guidance's. He is a nationally known speaker on compliance and has authored the book "Doctors are from Jupiter, Compliance is from

Overview: I will be talking to specifics of HIPAA and the emergency room setting, do's and don'ts as well as dispelling myth vs reality. This lesson will be addressing how compliance officers need to get their HIPAA house in order as HIPAA is now fully enforced and the government is not using kid gloves any more. It will also address major changes under the Omnibus Rule and any other applicable updates for 2016 and beyond. There are an enormous amount of issues and risks for hospitals these days especially with the new legislation involving patient cash remedies for wrongful disclosure. I will speak on specific experiences from over 17 years of experience in working as an outsourced compliance auditor, expert witness on HIPAA cases within the ER, and thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information. More importantly I will show you how to limit those risks by simply taking proactive steps and utilizing best practices. Why should you Attend: What can and can't we do in the hectic emergency room with patient information? What are the new liabilities involved? How can we ensure security but also ensure patient care? This once rarely enforced law has changed and you need to know what's going on! What factors might spurn a HIPAA audit? …are you doing these things? Why are the Feds enforcing after all these years? State laws are now also more strict increasing liability for patient remedies! We will be discussing some of the changes taking place in Washington with the Health and Human Services in regards to the enforcement of the HIPAA laws already on the books. I will go over some of the new changes specifically affecting the emergency room setting I will also be discussing factors might cause an unwanted visit or letter from the Office of Civil Rights and how to prepare for a potential audit Areas Covered in the Session: Updates for Omnibus Emergency Room Do's and Don'ts in the ER Ambulato

Overview: Final regulations for the new HIPAA Breach Notification Rule require much more than notifying individuals affected by a Breach of their Protected Health Information (PHI). Covered Entities and Business Associates first must follow and document a very specific process to determine if a Breach occurred. If no Breach occurred documentary proof must be kept for six years. If a Breach did occur timely notifications and other actions must be undertaken and documented. This webinar will explain: What Covered Entities and Business Associates must do to comply with the Breach Notification Rule What is and is not a Breach Three exceptions - when an acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is not a Breach How to perform a Breach Risk Assessment to determine if you can demonstrate a a low probability that the PHI was compromised Who must be notified in case of a Breach When notifications must be provided What information must be contained in each notification Other requirements in case of a Breach Investigate Mitigate harm to affected individuals Protect against further Breaches Document everything Planning and preparation for the worst - public relations and mitigation strategies to limit damage to the organization's reputation and financial well-being Why should you attend: Breaches and incidents that might be Breaches happen all the time! More than 173,000 separate breaches of Protected Health Information (PHI) affecting less than 500 individuals were reported to the U. S. Department of Health and Human Services (HHS) between September, 2009 and May 31, 2015 and in the same period HHS received approximately 1240 reports of PHI breaches that affected 500 or more individuals An acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is presumed to be a Breach unless it falls within an exception or the Covered Entity or Business Associate can demonstrate a low probability that the PHI was compromi