Breaking Compliance News Blog

Making Recognized Security Practices work for you

Posted by Scott Gima on 11/30/22 10:15 AM

One Big Thing

IImplementation of Recognized Security Practices (RSPs) for at least 12 months provide covered entities and business associates with the opportunity to reduce fines and penalties for violations of the HIPAA security rule.

Background

On January 5, 2021, Congress passed an amendment to the HITECH Act that requires the OCR to take into account the Recognized Security Practices of covered entities and business associates when they are able to show that RSPs have been in use for the 12 months prior to a HIPAA breach incident.

If RSPs are in place, the OCR may mitigate fines and remedies and allow an early and favorable termination of an audit..

Over the past months, the amendment has generated questions related to the uncertainty about what constitutes RSPs, and how to demonstrate their implementation. In response, on October 31, 2022, HHS-OCR released a video that addresses some of these concerns about RSPs.

What Are Recognized Security Practices?

Read More

Topics: HIPAA, security, compliance

*Free Issue* MPA’s Compliance and HIPAA News Reports

Posted by Margaret Scavotto, JD, CHC on 11/29/22 11:31 AM

Read More

Topics: Training and Education, compliance

Health System Ransomware Attack Lingers…

Posted by Scott Gima on 11/22/22 10:08 AM

CommonSpirit hospitals reported IT issues on October 3rd with a response that included taking systems offline, including their electronic medical records. CommonSpirit has 140 hospitals in 21 states.

According to Healthcaredive.com, based on website information, hospitals in seven states have been impacted. Scheduling issues and procedure delays have been reported.

Systems being restored. On November 9, CommonSpirit announced that it continued to “work diligently to bring systems online and restore functionality as quickly and safely as possible, including electronic health records….” We know that, after the attack, many clinicians were unable to access medical records, and patient access to the MyChart portal was impacted.

Why it matters: There are no details on whether there has been a data breach of PHI – CommonSpirit says a forensic investigation is ongoing. But the news reports provide a clear picture of the operational impact that occurs in response to a ransomware attack – IT systems and applications have to be taken down to contain the impact or spread of the attack.

Security risk analysis and business continuity planning. A business continuity plan prepares your organization to respond quickly with temporary procedures and measures to continue key operational tasks and get systems back online as quickly as possible.

What to do: Identify and prioritize tasks that include but are not limited to electronic medical records (scheduling, documentation, orders, medications, and communication), communication, payroll, billing, collections, and food and supply ordering.

Every critical task must be reviewed to minimize patient risk. For example: a new medication order. What steps are now needed to get a new medication order from the physician to the bedside? Will human runners be needed? How and who will review, transcribe, and double check orders to prevent errors?

Email – don’t under estimate its impact. Business continuity takes a hit when email is inaccessible. Is your inbox your de facto “to do” list? Imagine how you are going to be able to tackle routine tasks without access to your inbox. Don’t overlook other email folders, as well as the inability to communicate by email for at least a couple of weeks if not longer….

Read More

Topics: HIPAA, security, compliance

Carrie Zombies: Compliance Lessons from the Bike Rodeo

Posted by Margaret Scavotto, JD, CHC on 10/31/22 11:45 AM

Read More

Topics: Culture of Compliance, compliance

*Free Issue* MPA’s Compliance and HIPAA News Reports

Posted by Margaret Scavotto, JD, CHC on 10/27/22 12:06 PM

Read More

Topics: Training and Education, compliance

Earn CEUs with MPA's FREE Compliance Culture Webinar!

Posted by Margaret Scavotto, JD, CHC on 10/25/22 1:31 PM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars start at 11:00 a.m. CST  and are presented by Margaret Scavotto and Scott Gima

 

We hope you can join us for our final webinar of 2022:

 

Compliance Culture Lessons from the Headlines

November 9, 2022

90 minutes

1.8 CCB CEUs

Boeing. Theranos. The Challenger space shuttle.
 
Every compliance program needs policies, training, reporting, leadership and audits to succeed – but it’s not enough. Federal guidance makes clear that an effective compliance program requires a strong culture to support it. Practical experience also teaches us that culture will make or break a compliance program.
 
We will walk through proven strategies you can take at the employee, management and board levels to cultivate a compliance culture that takes your company in a direction of employee trust, internal reporting, audits with integrity, and compliance strength.
 

 

The Compliance Certification Board (CCB)® has approved these events for up to 1.8 and 1.2 Respectively/ live CCB CEUs based on a 50-minute hour, each. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.”

Read More

Topics: Training and Education, HIPAA, compliance

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 10/13/22 10:14 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars start at 11:00 a.m. CST  and are presented by Margaret Scavotto and Scott Gima

 

Top Privacy and Security Risks that Can Lead to HIPAA Violations

October 19, 2022

60 minutes

1.2 CCB CEUs

HIPAA breaches can occur everywhere. They come from conversations, from TikTok, from hackers, and from tricky phishing emails. They come from the employee down the hall, from hackers across the country, and from overseas. Later today or tomorrow, there will be new sources of potential HIPAA breaches.

The only way to stay one step ahead is to know and understand the trends and use that knowledge to develop, update or refine your HIPAA security program to mitigate the risk in your organization. Think – Security Risk Assessment and Management Plan. We will walk through top privacy and security risks that can lead to HIPAA violations – and discuss strategies to do something about them.

SIGN UP

 

Compliance Culture Lessons from the Headlines

November 9, 2022

90 minutes

1.8 CCB CEUs

Boeing. Theranos. The Challenger space shuttle.
 
Every compliance program needs policies, training, reporting, leadership and audits to succeed – but it’s not enough. Federal guidance makes clear that an effective compliance program requires a strong culture to support it. Practical experience also teaches us that culture will make or break a compliance program.
 
We will walk through proven strategies you can take at the employee, management and board levels to cultivate a compliance culture that takes your company in a direction of employee trust, internal reporting, audits with integrity, and compliance strength.
 

 

The Compliance Certification Board (CCB)® has approved these events for up to 1.8 and 1.2 Respectively/ live CCB CEUs based on a 50-minute hour, each. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.”

Read More

Topics: Training and Education, HIPAA, compliance

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 10/5/22 9:50 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars start at 11:00 a.m. CST  and are presented by Margaret Scavotto and Scott Gima

 

Top Privacy and Security Risks that Can Lead to HIPAA Violations

October 19, 2022

60 minutes

1.2 CCB CEUs

HIPAA breaches can occur everywhere. They come from conversations, from TikTok, from hackers, and from tricky phishing emails. They come from the employee down the hall, from hackers across the country, and from overseas. Later today or tomorrow, there will be new sources of potential HIPAA breaches.

The only way to stay one step ahead is to know and understand the trends and use that knowledge to develop, update or refine your HIPAA security program to mitigate the risk in your organization. Think – Security Risk Assessment and Management Plan. We will walk through top privacy and security risks that can lead to HIPAA violations – and discuss strategies to do something about them.

SIGN UP

 

Compliance Culture Lessons from the Headlines

November 9, 2022

90 minutes

1.8 CCB CEUs

Boeing. Theranos. The Challenger space shuttle.
 
Every compliance program needs policies, training, reporting, leadership and audits to succeed – but it’s not enough. Federal guidance makes clear that an effective compliance program requires a strong culture to support it. Practical experience also teaches us that culture will make or break a compliance program.
 
We will walk through proven strategies you can take at the employee, management and board levels to cultivate a compliance culture that takes your company in a direction of employee trust, internal reporting, audits with integrity, and compliance strength.
 

 

The Compliance Certification Board (CCB)® has approved these events for up to 1.8 and 1.2 Respectively/ live CCB CEUs based on a 50-minute hour, each. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.”

Read More

Topics: Training and Education, HIPAA, compliance

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 9/12/22 11:19 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars start at 11:00 a.m. CST  and are presented by Margaret Scavotto and Scott Gima

Compliance Training for SNFs

September 21, 2022

90 minutes

1.8 CCB CEUs

If the OIG walked into your organization and asked the nearest employee about their compliance program, would they reply with an immediate and clear answer? An awkward pause? An “I don’t know”?

For your employees to pass this test, your compliance program needs a strong training program. A PowerPoint slide presentation at hire and annually is not enough. Training should occur year-round and training programs must include the board, contractors and volunteers

This webinar will provide you with easy-to-use strategies for building an enduring, effective compliance training program.

SIGN UP

 

Top Privacy and Security Risks that Can Lead to HIPAA Violations

October 19, 2022

60 minutes

1.2 CCB CEUs

HIPAA breaches can occur everywhere. They come from conversations, from TikTok, from hackers, and from tricky phishing emails. They come from the employee down the hall, from hackers across the country, and from overseas. Later today or tomorrow, there will be new sources of potential HIPAA breaches.

The only way to stay one step ahead is to know and understand the trends and use that knowledge to develop, update or refine your HIPAA security program to mitigate the risk in your organization. Think – Security Risk Assessment and Management Plan. We will walk through top privacy and security risks that can lead to HIPAA violations – and discuss strategies to do something about them.

SIGN UP

 

Compliance Culture Lessons from the Headlines

November 9, 2022

90 minutes

1.8 CCB CEUs

Boeing. Theranos. The Challenger space shuttle.
 
Every compliance program needs policies, training, reporting, leadership and audits to succeed – but it’s not enough. Federal guidance makes clear that an effective compliance program requires a strong culture to support it. Practical experience also teaches us that culture will make or break a compliance program.
 
We will walk through proven strategies you can take at the employee, management and board levels to cultivate a compliance culture that takes your company in a direction of employee trust, internal reporting, audits with integrity, and compliance strength.
 

 

The Compliance Certification Board (CCB)® has approved these events for up to 1.8 and 1.2 Respectively/ live CCB CEUs based on a 50-minute hour, each. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.”

Read More

Topics: Training and Education, HIPAA, compliance

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 9/6/22 9:00 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars start at 11:00 a.m. CST  and are presented by Margaret Scavotto and Scott Gima

Compliance Training for SNFs

September 21, 2022

90 minutes

1.8 CCB CEUs

If the OIG walked into your organization and asked the nearest employee about their compliance program, would they reply with an immediate and clear answer? An awkward pause? An “I don’t know”?

For your employees to pass this test, your compliance program needs a strong training program. A PowerPoint slide presentation at hire and annually is not enough. Training should occur year-round and training programs must include the board, contractors and volunteers

This webinar will provide you with easy-to-use strategies for building an enduring, effective compliance training program.

SIGN UP

 

Top Privacy and Security Risks that Can Lead to HIPAA Violations

October 19, 2022

60 minutes

1.2 CCB CEUs

HIPAA breaches can occur everywhere. They come from conversations, from TikTok, from hackers, and from tricky phishing emails. They come from the employee down the hall, from hackers across the country, and from overseas. Later today or tomorrow, there will be new sources of potential HIPAA breaches.

The only way to stay one step ahead is to know and understand the trends and use that knowledge to develop, update or refine your HIPAA security program to mitigate the risk in your organization. Think – Security Risk Assessment and Management Plan. We will walk through top privacy and security risks that can lead to HIPAA violations – and discuss strategies to do something about them.

SIGN UP

 

Compliance Culture Lessons from the Headlines

November 9, 2022

90 minutes

1.8 CCB CEUs

Boeing. Theranos. The Challenger space shuttle.
 
Every compliance program needs policies, training, reporting, leadership and audits to succeed – but it’s not enough. Federal guidance makes clear that an effective compliance program requires a strong culture to support it. Practical experience also teaches us that culture will make or break a compliance program.
 
We will walk through proven strategies you can take at the employee, management and board levels to cultivate a compliance culture that takes your company in a direction of employee trust, internal reporting, audits with integrity, and compliance strength.
 

 

The Compliance Certification Board (CCB)® has approved these events for up to 1.8 and 1.2 Respectively/ live CCB CEUs based on a 50-minute hour, each. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.”

Read More

Topics: Training and Education, HIPAA, compliance

    Privacy Policy           Terms of Use