Implications of OCR Audit Controls Enforcement & the Role of Audit Trails in Litigation
Speakers Chad P. Brouillard, trial and appellate lawyer practicing medical liability defense and healthcare law, and Nicholas Heester JD, CIPP, Health and Information Privacy & Security Specialist, U.S. Department of Health and Human Services, Office for Civil Rights, discussed vulnerabilities care providers can face as it relates to HIPAA requirements set forth by the Office for Civil Rights.
2016 brought an unprecedented ramp-up in OCR resolution agreements. In less than a year’s time, two large healthcare systems agreed to pay fines totaling over $11 million to the U.S. Department of Health and Human Services. The fines were in settlement of HIPAA violations for transgressions such as a lack of audit controls, insufficient safeguards for ePHI, and failure to provide timely notification of data breaches.
Recurring compliance issues that place healthcare organizations at risk of incurring HIPAA violations include:
- Risk analysis
- Failure to manage identified risks
- Lack of appropriate auditing
- Insufficient defense against insider threats
- Business associate agreements
- Lack of transmission security
- Insufficient data backup and contingency planning
What do the recent OCR audit controls enforcements mean for your organization? How should your organization prepare for the HHS’ Office for Civil Rights increasing emphasis on audit controls? You now have a rare opportunity to hear answers to these questions directly from the OCR.
Nicholas Heesters is the Health Information Privacy & Security Specialist for the HHS Office for Civil Rights. Attorney Chad P. Brouillard is a trial and appellate lawyer practicing medical liability defense and healthcare law. Both recently joined Imprivata FairWarning CEO Kurt J. Long in presenting a very timely webinar: Implications of OCR Audit Controls Enforcement and the Role of Audit Trails in Litigation. It’s an opportunity to learn more about the implications of OCR audit controls enforcement for your organization. This webinar provides insights about the increased risks and vulnerabilities your healthcare organization faces in light of current HIPAA requirements and recent OCR enforcement actions. Special focus is placed upon the impact, both positive and negative, that audit trails may have upon your organization — information that is critically important. As Mr. Brouillard notes during the webinar, “Plaintiffs’ attorneys are taking courses right now about audit trails…”
Topics discussed during this webinar include:
- What the recent OCR Resolution Agreement on audit controls means for you
- How audit trails are used for litigation purposes
- What the systematic review of ALL applications holding PHI means under the HIPAA Security Rule
- What the OCR expects in your Risk Analysis of information systems holding PHI
- How your risk analysis results should assist in implementing reasonable and appropriate audit controls
And finally, this webinar describes how Imprivata FairWarning provides a means of addressing Phase 2 HIPAA Audit protocol elements through a single, affordable platform. For healthcare professionals charged with maintaining HIPAA compliance, this webinar provides crucial guidance in avoiding common vulnerabilities regarding Phase 2 HIPAA audits.