preparing for hipaa and meaningful use compliance audits
play

Preparing for HIPAA and Meaningful Use Compliance Audits Presented - PowerPoint PPT Presentation

Feb 07, 2023 •342 likes •685 views

Preparing for HIPAA and Meaningful Use Compliance Audits Presented by: David Holtzman VP of Compliance, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com

  1. Preparing for HIPAA and Meaningful Use Compliance Audits Presented by: David Holtzman VP of Compliance, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  2. Today’s Presenter Vice President of Compliance Services, • CynergisTek, Inc. Subject matter expert in health information • privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules Over 12 years of experience in developing, • implementing and evaluating health information privacy and security compliance David Holtzman programs CynergisTek, Inc. Former senior advisor for health information • technology and the HIPAA Security Rule, Office for Civil Rights 2 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  3. Agenda What to Expect in OCR Audit Program CMS Meaningful Use Audits OIG Meaningful Use Audits HIPAA Security Risk Analysis Tools and Resources Questions 3 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  4. OCR HIPAA Audit Program 4 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  5. OCR HIPAA Audit Program • Permanent audit program slated to begin in 2015 • Pre-audit survey to pre-screen 1200 entities • ~200 Covered Entities to be selected for desk audits • Equal number or less BAs selected for desk audits • Greater number of on-site audits, but no specific number given yet. • Implementing technology to facilitate data collection phases of audit process • Carried out by HHS personnel with contractor support 5 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  6. The Audit Steps Notification Desk review Entity and data Pre-Audit and draft provides Final request to Survey findings to management Report selected entity review entities 6 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  7. Desk Audit Expectations • Data request will specify content and other electronic document submission requirements • Only documentation submitted on time is reviewed • All documentation must be current as of the date of the request • Auditors will not be able to contact the entity for clarifications or ask for additional information – Critical that documentation accurately reflects the program • Submission of extraneous information increases difficulty for auditor in finding/assessing required items • Failure to submit responses leads to compliance review 7 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  8. Scope of OCR Desk Audits • Security—Risk Analysis and risk management 2015 Desk Audits of • Breach—Content and timeliness of breach notifications Covered Entities • Privacy—Notice of Privacy Practices and Access 2015 Desk Audits of • Security—Risk Analysis and risk management Business Associates • Breach—Breach reporting to covered entities 2015-16 • Covered entities On-site • Business associates Comprehensive Audits 8 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  9. Scope of OCR Onsite Audits • Device and media controls • Transmission security Security • Encryption of data at rest • Facility access controls • Administrative and physical safeguards Privacy • Workforce training to HIPAA policies & procedures • High risk areas identified through: • 2015 audits Other Areas • Breach reports submitted to OCR • Consumer complaints 9 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  10. Meaningful Use Attestation Audits 10 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  11. Meaningful Use Program Basics • Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs – Program established by American Recovery and Reinvestment Act of 2009 – Provides incentive payments to certain eligible professionals (EPs), eligible hospitals (EHs), and critical access hospitals – Adopt, implement, upgrade or demonstrate meaningful use of certified EHR technology • Payments began in 2011 and continue through 2016 (Medicare) or 2021 (Medicaid) • Over $28 Billion paid out since 2011 11 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  12. CMS MU Audits • Any provider attesting to receive EHR incentive payments for either the Medicare or Medicaid program may be subject to audits. • Medicaid audits are performed by each state. • Medicare audits performed by Figliozzi & Company. 12 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  13. MU Audit Process • Audit Approach – Appropriate Letter and Documentation Request is sent to individual who attested for the organization (letter is specific to whether it is an Eligible Provider or Eligible Hospital engagement). – Client has 10 business days to provide the documentation requested electronically. – Auditor reviews documentation and determines if additional information is needed. (This is the primary review step). – Additional request will be provided via email as necessary. – If documentation is deemed insufficient to support attestation or other data anomalies exist then, an on-site visit/exam is scheduled. 13 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  14. MU Desk Audit Documentation • The source documentation utilized during the attestation process • Copy of the certification from ONC-CHPL for the EHR application (http://oncchpl.force.com/ehrcert) • Documentation to support the methodology chosen for achieving measures (i.e. observation services or all emergency department visits) • The numerators and denominators for each measures 14 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  15. MU Desk Audit Documentation (cont’d) • The time period the reports cover • Risk analysis and remediation plans for deficiencies • Summary level reports for measures • Screenshots or other evidence to support and measures that require a “YES” answer • Evidence to support that source information was generated for that eligible professional or eligible hospital 15 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  16. MU Onsite Audit Scope • Detailed reviews of any of the measures via: – Walk-throughs of structured data and functionality in EHRs – Walk-throughs of test patients and scenarios – Review of medical records and patient records; Detailed data to support summary reports – Census reports – Billing information – Validation of settings or additional detailed information to support reporting as deemed necessary Security screen settings • Screen shots of test exchanges of clinical information • Audit logs (date for when a feature was enabled, etc.) • 16 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  17. Appeals • A determination by CMS that a provider or hospital has – been denied an EHR incentive payment – have been determined to be ineligible for the program – received an audit decision believed to be in error, you can appeal the decision. – http://www.cms.gov/Regulations-and- Guidance/Legislation/EHRIncentivePrograms/Appeals .html • A provision of ACA provides that there is no right of due process for review of CMS determinations 17 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

Recommend

HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

Presenting a live 90-minute webinar with interactive Q&A HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and Security Compliance TUESDAY, FEBRUARY 5, 2013 1pm Eastern | 12pm Central | 11am

793 views • 53 slides
HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs,

HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs,

HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs, MS, RHIA, CHP, FAHIMA AGENDA OCRs Task List OCRs Guidance OCRs Enforcement Activities Phase 2 Audits Preparation

338 views • 16 slides
Ensuring HIPAA Compliance When Transmitting PHI via Patient Portals, Email and Texting Protecting

Ensuring HIPAA Compliance When Transmitting PHI via Patient Portals, Email and Texting Protecting

Presenting a live 90-minute webinar with interactive Q&A Ensuring HIPAA Compliance When Transmitting PHI via Patient Portals, Email and Texting Protecting Patient Privacy, Complying with State and Federal Regulations, and Meeting Meaningful

747 views • 53 slides
Form 941: Compliance Challenges and Intensified IRS Audits and Intensified IRS Audits Avoiding

Form 941: Compliance Challenges and Intensified IRS Audits and Intensified IRS Audits Avoiding

Presenting a live 110 minute teleconference with interactive Q&A Form 941: Compliance Challenges and Intensified IRS Audits and Intensified IRS Audits Avoiding Errors That Trigger Costly Penalties and Documenting a Solid Case for Examiners

1.18k views • 96 slides
HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c.

HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c.

HIPAA COW Webinar: HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c. HIPAA COW Webinar November 11, 2010 Presentation Overview TOP 3 HIPAA Compliance Risks Unauthorized Use and Disclosure of

522 views • 28 slides
Non-Profits Receiving Grants Preparing for Audits and Protecting Grant Eligibility Given Current

Non-Profits Receiving Grants Preparing for Audits and Protecting Grant Eligibility Given Current

Presenting a live 110-minute teleconference with interactive Q&A Circular A-133 Audits for Non-Profits Receiving Grants Preparing for Audits and Protecting Grant Eligibility Given Current Government Priorities WEDNESDAY, MARCH 13, 2013 1pm

708 views • 40 slides
Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer,

Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer,

Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer, Matthias Kasper, Erich Kirchler, and Brian Erard November 11, 2016 Do audits deter future non-compliance? What happens when you experience an audit?

359 views • 20 slides
HIPAA SECURITY SPOT AUDITS BEGIN: CHICKEN LITTLES AND ANNUAL LITTLES AND ANNUAL TRADITIONS

HIPAA SECURITY SPOT AUDITS BEGIN: CHICKEN LITTLES AND ANNUAL LITTLES AND ANNUAL TRADITIONS

2/21/2012 HIPAA SECURITY SPOT AUDITS BEGIN: CHICKEN LITTLES AND ANNUAL LITTLES AND ANNUAL TRADITIONS KENNETH N. RASHBAUM, ESQ. RASHBAUM ASSOCIATES, LLC www.rashbaumassociates.com BREACHES MUNDANE AND COMPLEX Increasing Incidents Of

418 views • 6 slides
HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When

HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When

Presenting a live 90-minute webinar with interactive Q&A HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When Responding to Subpoenas and Discovery Requests WEDNESDAY, SEPTEMBER 12, 2012 1pm Eastern

520 views • 48 slides
HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When

HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When

Presenting a live 90-minute webinar with interactive Q&A HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When Responding to Subpoenas and Discovery Requests THURS DAY, OCTOBER 16, 2014 1pm East ern

908 views • 52 slides
Leveraging Big Data in Healthcare: Navigating HIPAA, Antitrust, Stark and AKS Compliance and

Leveraging Big Data in Healthcare: Navigating HIPAA, Antitrust, Stark and AKS Compliance and

Presenting a live 90-minute webinar with interactive Q&A Leveraging Big Data in Healthcare: Navigating HIPAA, Antitrust, Stark and AKS Compliance and Security Issues THURSDAY, MAY 21, 2015 1pm Eastern | 12pm Central | 11am Mountain

863 views • 64 slides
Meaningful Use Audits Strategy for Success! Presented by: Susan Clarke, HCISPP, HTS Department

Meaningful Use Audits Strategy for Success! Presented by: Susan Clarke, HCISPP, HTS Department

Meaningful Use Audits Strategy for Success! Presented by: Susan Clarke, HCISPP, HTS Department Manager December 9, 2015 1-2 PM MST HTS, a department of Mountain-Pacific Quality Health Foundation 1 Thank you for spending your valuable

599 views • 25 slides
Compliance & HIPAA 2017 Annual Education 1 The purpose of this education is to The purpose

Compliance & HIPAA 2017 Annual Education 1 The purpose of this education is to The purpose

Compliance & HIPAA 2017 Annual Education 1 The purpose of this education is to The purpose of this education is to UPDATE and REFRESH understanding of: UPDATE and REFRESH your understanding of: Aultmans Compliance Program. The HIPAA

510 views • 27 slides
PREPARING FOR AUDITS AND GOOD BUSINESS PRACTICES SUGGESTIONS Association of Florida

PREPARING FOR AUDITS AND GOOD BUSINESS PRACTICES SUGGESTIONS Association of Florida

PREPARING FOR AUDITS AND GOOD BUSINESS PRACTICES SUGGESTIONS Association of Florida Conservation Districts Annual Meeting July 21, 2017 Presented by: Jim Davis, CPA and Monica Scarlett As we proceed, please share your thoughts, experiences

289 views • 14 slides
Sales Tax Audits in the Era of Digital Documentation Preparing for a Computer-Based Review

Sales Tax Audits in the Era of Digital Documentation Preparing for a Computer-Based Review

Presenting a live 110-minute teleconference with interactive Q&A Sales Tax Audits in the Era of Digital Documentation Preparing for a Computer-Based Review Involving Electronic Invoices, Bills of Lading, Etc. THURSDAY, JANUARY 31, 2013 1pm

650 views • 43 slides
GEORGIA DEPARTMENT OF AUDITS AND ACCOUNTS E-Verify Compliance and Reporting Requirements

GEORGIA DEPARTMENT OF AUDITS AND ACCOUNTS E-Verify Compliance and Reporting Requirements

GEORGIA DEPARTMENT OF AUDITS AND ACCOUNTS E-Verify Compliance and Reporting Requirements Professional People with Purpose 34 Nov 2018 Agenda Compliance Statistics E-Verify Compliance and Reporting Requirements Reporting System

375 views • 21 slides
Preparing for PIP QI Topic: Meaningful use of data for QI Presenter: Colin Frick Measuring for

Preparing for PIP QI Topic: Meaningful use of data for QI Presenter: Colin Frick Measuring for

Preparing for PIP QI Topic: Meaningful use of data for QI Presenter: Colin Frick Measuring for Improvement Webinar 1 Go to training Open and hide your control panel Join audio: Choose Mic & Speakers to use VoIP or you can

708 views • 49 slides
ITAR and EAR Compliance R Review and Investigations i d I i i Conducting Internal Audits and

ITAR and EAR Compliance R Review and Investigations i d I i i Conducting Internal Audits and

Presenting a live 90 minute webinar with interactive Q&A ITAR and EAR Compliance R Review and Investigations i d I i i Conducting Internal Audits and Evaluating Whether to Disclose Potential Violations to Mitigate Penalties WEDNES DAY,

754 views • 42 slides
Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA

Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA

Training Course HIPAA Health Insurance Portability and Accountability Act HIPAA initially went into effect April 14, 2003 HIPAA is a set of rules that is to be followed by doctors, hospitals and other health care providers.

284 views • 25 slides
Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy,

Beyond HIPAA: Registries as an exemplar of health data Beyond HIPAA Privacy, Confidentiality & Security Subcommittee May 15, 2018 Beyond HIPAA Initiative Builds on NCVHSs past work and the work of other government and private

240 views • 10 slides
IAEP At-Your-Desk Live Webinar Preparing for Regulatory Inspections, Self-Audits and Voluntary

IAEP At-Your-Desk Live Webinar Preparing for Regulatory Inspections, Self-Audits and Voluntary

IAEP At-Your-Desk Live Webinar Preparing for Regulatory Inspections, Self-Audits and Voluntary Disclosures Presented by Lawrence W. Falbe, Esq. October 25, 2016 millercanfield.com Welcome and Agenda Environmental Inspections

1.05k views • 58 slides
New ZPIC Medicare Audits: Are You Ready? P Preparing for Heightened CMS Enforcement Against Fraud

New ZPIC Medicare Audits: Are You Ready? P Preparing for Heightened CMS Enforcement Against Fraud

presents presents New ZPIC Medicare Audits: Are You Ready? P Preparing for Heightened CMS Enforcement Against Fraud and Abuse i f H i ht d CMS E f t A i t F d d Ab A Live 90-Minute Teleconference/Webinar with Interactive Q&A

538 views • 51 slides
Sampling Strategies for Circular A-133 Audits: Ensuring Compliance and Internal Controls

Sampling Strategies for Circular A-133 Audits: Ensuring Compliance and Internal Controls

Presenting a live 110-minute teleconference with interactive Q&A Sampling Strategies for Circular A-133 Audits: Ensuring Compliance and Internal Controls Selecting a Methodology, Developing an Audit Sampling Plan, and Understanding

711 views • 39 slides
HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The

HIPAA In The Workplace What Every Employer Should Know and Remember What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 Portable Accountable Rules for Privacy Rules for Security

575 views • 33 slides

More recommend