preparing for hipaa and meaningful use compliance audits
play

Preparing for HIPAA and Meaningful Use Compliance Audits Presented - PowerPoint PPT Presentation

Feb 07, 2023 •342 likes •685 views

Preparing for HIPAA and Meaningful Use Compliance Audits Presented by: David Holtzman VP of Compliance, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com

  1. Preparing for HIPAA and Meaningful Use Compliance Audits Presented by: David Holtzman VP of Compliance, CynergisTek CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  2. Today’s Presenter Vice President of Compliance Services, • CynergisTek, Inc. Subject matter expert in health information • privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules Over 12 years of experience in developing, • implementing and evaluating health information privacy and security compliance David Holtzman programs CynergisTek, Inc. Former senior advisor for health information • technology and the HIPAA Security Rule, Office for Civil Rights 2 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  3. Agenda What to Expect in OCR Audit Program CMS Meaningful Use Audits OIG Meaningful Use Audits HIPAA Security Risk Analysis Tools and Resources Questions 3 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  4. OCR HIPAA Audit Program 4 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  5. OCR HIPAA Audit Program • Permanent audit program slated to begin in 2015 • Pre-audit survey to pre-screen 1200 entities • ~200 Covered Entities to be selected for desk audits • Equal number or less BAs selected for desk audits • Greater number of on-site audits, but no specific number given yet. • Implementing technology to facilitate data collection phases of audit process • Carried out by HHS personnel with contractor support 5 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  6. The Audit Steps Notification Desk review Entity and data Pre-Audit and draft provides Final request to Survey findings to management Report selected entity review entities 6 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  7. Desk Audit Expectations • Data request will specify content and other electronic document submission requirements • Only documentation submitted on time is reviewed • All documentation must be current as of the date of the request • Auditors will not be able to contact the entity for clarifications or ask for additional information – Critical that documentation accurately reflects the program • Submission of extraneous information increases difficulty for auditor in finding/assessing required items • Failure to submit responses leads to compliance review 7 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  8. Scope of OCR Desk Audits • Security—Risk Analysis and risk management 2015 Desk Audits of • Breach—Content and timeliness of breach notifications Covered Entities • Privacy—Notice of Privacy Practices and Access 2015 Desk Audits of • Security—Risk Analysis and risk management Business Associates • Breach—Breach reporting to covered entities 2015-16 • Covered entities On-site • Business associates Comprehensive Audits 8 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  9. Scope of OCR Onsite Audits • Device and media controls • Transmission security Security • Encryption of data at rest • Facility access controls • Administrative and physical safeguards Privacy • Workforce training to HIPAA policies & procedures • High risk areas identified through: • 2015 audits Other Areas • Breach reports submitted to OCR • Consumer complaints 9 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  10. Meaningful Use Attestation Audits 10 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  11. Meaningful Use Program Basics • Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs – Program established by American Recovery and Reinvestment Act of 2009 – Provides incentive payments to certain eligible professionals (EPs), eligible hospitals (EHs), and critical access hospitals – Adopt, implement, upgrade or demonstrate meaningful use of certified EHR technology • Payments began in 2011 and continue through 2016 (Medicare) or 2021 (Medicaid) • Over $28 Billion paid out since 2011 11 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  12. CMS MU Audits • Any provider attesting to receive EHR incentive payments for either the Medicare or Medicaid program may be subject to audits. • Medicaid audits are performed by each state. • Medicare audits performed by Figliozzi & Company. 12 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  13. MU Audit Process • Audit Approach – Appropriate Letter and Documentation Request is sent to individual who attested for the organization (letter is specific to whether it is an Eligible Provider or Eligible Hospital engagement). – Client has 10 business days to provide the documentation requested electronically. – Auditor reviews documentation and determines if additional information is needed. (This is the primary review step). – Additional request will be provided via email as necessary. – If documentation is deemed insufficient to support attestation or other data anomalies exist then, an on-site visit/exam is scheduled. 13 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  14. MU Desk Audit Documentation • The source documentation utilized during the attestation process • Copy of the certification from ONC-CHPL for the EHR application (http://oncchpl.force.com/ehrcert) • Documentation to support the methodology chosen for achieving measures (i.e. observation services or all emergency department visits) • The numerators and denominators for each measures 14 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  15. MU Desk Audit Documentation (cont’d) • The time period the reports cover • Risk analysis and remediation plans for deficiencies • Summary level reports for measures • Screenshots or other evidence to support and measures that require a “YES” answer • Evidence to support that source information was generated for that eligible professional or eligible hospital 15 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  16. MU Onsite Audit Scope • Detailed reviews of any of the measures via: – Walk-throughs of structured data and functionality in EHRs – Walk-throughs of test patients and scenarios – Review of medical records and patient records; Detailed data to support summary reports – Census reports – Billing information – Validation of settings or additional detailed information to support reporting as deemed necessary Security screen settings • Screen shots of test exchanges of clinical information • Audit logs (date for when a feature was enabled, etc.) • 16 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

  17. Appeals • A determination by CMS that a provider or hospital has – been denied an EHR incentive payment – have been determined to be ineligible for the program – received an audit decision believed to be in error, you can appeal the decision. – http://www.cms.gov/Regulations-and- Guidance/Legislation/EHRIncentivePrograms/Appeals .html • A provision of ACA provides that there is no right of due process for review of CMS determinations 17 CynergisTek, Inc. 11410 Jollyville Road, Suite 2201, Austin TX 78759 512.402.8550 info@cynergistek.com cynergistek.com ฀ @CynergisTek

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and

Presenting a live 90-minute webinar with interactive Q&A HIPAA Audits and the New Audit Protocol Developing and Ensuring HIPAA and HITECH Privacy and Security Compliance TUESDAY, FEBRUARY 5, 2013 1pm Eastern | 12pm Central | 11am

793 views • 53 slides
HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs,

HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs,

HIPAA COMPLIANCE AUDITS & OCR UPDATE Presentation to LHIMA April 2016 By Mariela Twiggs, MS, RHIA, CHP, FAHIMA AGENDA OCRs Task List OCRs Guidance OCRs Enforcement Activities Phase 2 Audits Preparation

338 views • 16 slides
Ensuring HIPAA Compliance When Transmitting PHI via Patient Portals, Email and Texting Protecting

Ensuring HIPAA Compliance When Transmitting PHI via Patient Portals, Email and Texting Protecting

Presenting a live 90-minute webinar with interactive Q&A Ensuring HIPAA Compliance When Transmitting PHI via Patient Portals, Email and Texting Protecting Patient Privacy, Complying with State and Federal Regulations, and Meeting Meaningful

747 views • 53 slides
Form 941: Compliance Challenges and Intensified IRS Audits and Intensified IRS Audits Avoiding

Form 941: Compliance Challenges and Intensified IRS Audits and Intensified IRS Audits Avoiding

Presenting a live 110 minute teleconference with interactive Q&A Form 941: Compliance Challenges and Intensified IRS Audits and Intensified IRS Audits Avoiding Errors That Trigger Costly Penalties and Documenting a Solid Case for Examiners

1.18k views • 96 slides
HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c.

HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c.

HIPAA COW Webinar: HIPAA, HITECH and Business Associates Heather Fields, J.D. Reinhart Boerner Van Deuren s.c. HIPAA COW Webinar November 11, 2010 Presentation Overview TOP 3 HIPAA Compliance Risks Unauthorized Use and Disclosure of

522 views • 28 slides
Non-Profits Receiving Grants Preparing for Audits and Protecting Grant Eligibility Given Current

Non-Profits Receiving Grants Preparing for Audits and Protecting Grant Eligibility Given Current

Presenting a live 110-minute teleconference with interactive Q&A Circular A-133 Audits for Non-Profits Receiving Grants Preparing for Audits and Protecting Grant Eligibility Given Current Government Priorities WEDNESDAY, MARCH 13, 2013 1pm

708 views • 40 slides
Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer,

Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer,

Do audits deter future non-compliance? Evidence on Self-Employed Taxpayers Sebastian Beer, Matthias Kasper, Erich Kirchler, and Brian Erard November 11, 2016 Do audits deter future non-compliance? What happens when you experience an audit?

359 views • 20 slides
HIPAA SECURITY SPOT AUDITS BEGIN: CHICKEN LITTLES AND ANNUAL LITTLES AND ANNUAL TRADITIONS

HIPAA SECURITY SPOT AUDITS BEGIN: CHICKEN LITTLES AND ANNUAL LITTLES AND ANNUAL TRADITIONS

2/21/2012 HIPAA SECURITY SPOT AUDITS BEGIN: CHICKEN LITTLES AND ANNUAL LITTLES AND ANNUAL TRADITIONS KENNETH N. RASHBAUM, ESQ. RASHBAUM ASSOCIATES, LLC www.rashbaumassociates.com BREACHES MUNDANE AND COMPLEX Increasing Incidents Of

418 views • 6 slides
HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When

HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When

Presenting a live 90-minute webinar with interactive Q&A HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When Responding to Subpoenas and Discovery Requests WEDNESDAY, SEPTEMBER 12, 2012 1pm Eastern

520 views • 48 slides
HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When

HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When

Presenting a live 90-minute webinar with interactive Q&A HIPAA Compliance During Litigation and Discovery Safeguarding PHI and Avoiding Violations When Responding to Subpoenas and Discovery Requests THURS DAY, OCTOBER 16, 2014 1pm East ern

908 views • 52 slides
Leveraging Big Data in Healthcare: Navigating HIPAA, Antitrust, Stark and AKS Compliance and

Leveraging Big Data in Healthcare: Navigating HIPAA, Antitrust, Stark and AKS Compliance and

Presenting a live 90-minute webinar with interactive Q&A Leveraging Big Data in Healthcare: Navigating HIPAA, Antitrust, Stark and AKS Compliance and Security Issues THURSDAY, MAY 21, 2015 1pm Eastern | 12pm Central | 11am Mountain

863 views • 64 slides
Meaningful Use Audits Strategy for Success! Presented by: Susan Clarke, HCISPP, HTS Department

Meaningful Use Audits Strategy for Success! Presented by: Susan Clarke, HCISPP, HTS Department

Meaningful Use Audits Strategy for Success! Presented by: Susan Clarke, HCISPP, HTS Department Manager December 9, 2015 1-2 PM MST HTS, a department of Mountain-Pacific Quality Health Foundation 1 Thank you for spending your valuable

599 views • 25 slides
Compliance & HIPAA 2017 Annual Education 1 The purpose of this education is to The purpose

Compliance & HIPAA 2017 Annual Education 1 The purpose of this education is to The purpose

Compliance & HIPAA 2017 Annual Education 1 The purpose of this education is to The purpose of this education is to UPDATE and REFRESH understanding of: UPDATE and REFRESH your understanding of: Aultmans Compliance Program. The HIPAA

510 views • 27 slides
PREPARING FOR AUDITS AND GOOD BUSINESS PRACTICES SUGGESTIONS Association of Florida

PREPARING FOR AUDITS AND GOOD BUSINESS PRACTICES SUGGESTIONS Association of Florida

PREPARING FOR AUDITS AND GOOD BUSINESS PRACTICES SUGGESTIONS Association of Florida Conservation Districts Annual Meeting July 21, 2017 Presented by: Jim Davis, CPA and Monica Scarlett As we proceed, please share your thoughts, experiences

289 views • 14 slides
Sales Tax Audits in the Era of Digital Documentation Preparing for a Computer-Based Review

Sales Tax Audits in the Era of Digital Documentation Preparing for a Computer-Based Review

Presenting a live 110-minute teleconference with interactive Q&A Sales Tax Audits in the Era of Digital Documentation Preparing for a Computer-Based Review Involving Electronic Invoices, Bills of Lading, Etc. THURSDAY, JANUARY 31, 2013 1pm

650 views • 43 slides
GEORGIA DEPARTMENT OF AUDITS AND ACCOUNTS E-Verify Compliance and Reporting Requirements

GEORGIA DEPARTMENT OF AUDITS AND ACCOUNTS E-Verify Compliance and Reporting Requirements

GEORGIA DEPARTMENT OF AUDITS AND ACCOUNTS E-Verify Compliance and Reporting Requirements Professional People with Purpose 34 Nov 2018 Agenda Compliance Statistics E-Verify Compliance and Reporting Requirements Reporting System

375 views • 21 slides
SAP HANA (High-Performance Analytic Appliance) 2014. 02. 04. Agenda SAP HANA

SAP HANA (High-Performance Analytic Appliance) 2014. 02. 04. Agenda SAP HANA

SAP HANA (High-Performance Analytic Appliance) 2014. 02. 04. Agenda SAP HANA Platform In- Memory Computing Row + Calculation Column Engine Database Massively Parallel Processing In-Memory Computing

696 views • 14 slides
ESC History Education Service Center Region is one of 20 organizations that provide

ESC History Education Service Center Region is one of 20 organizations that provide

ESC History Education Service Center Region is one of 20 organizations that provide services to school districts in Texas. In 1965, the 59 th Legislature authorized the State Board of Education to establish state-supported regional

489 views • 22 slides
Investor Presentation Legal Disclaimer This presentation and the presentation materials

Investor Presentation Legal Disclaimer This presentation and the presentation materials

March 2013 Investor Presentation Legal Disclaimer This presentation and the presentation materials distributed herewith include forward-looking statements. All statements, other than statements of historical facts that address activities,

564 views • 27 slides
Quasi-Resonant Converters Introduction 20.1 The zero-current-switching quasi-resonant switch

Quasi-Resonant Converters Introduction 20.1 The zero-current-switching quasi-resonant switch

Chapter 20 Quasi-Resonant Converters Introduction 20.1 The zero-current-switching quasi-resonant switch cell 20.1.1 Waveforms of the half-wave ZCS quasi-resonant switch cell 20.1.2 The average terminal waveforms 20.1.3 The full-wave ZCS

1.13k views • 46 slides
A SUBSPACE-BASED METHOD FOR SOLVING LAGRANGE-SYLVESTER INTERPOLATION PROBLEMS Hseyin Akay

A SUBSPACE-BASED METHOD FOR SOLVING LAGRANGE-SYLVESTER INTERPOLATION PROBLEMS Hseyin Akay

Background Problem Formulation Subspace-based algorithm Main Result Examples Conclusions A SUBSPACE-BASED METHOD FOR SOLVING LAGRANGE-SYLVESTER INTERPOLATION PROBLEMS Hseyin Akay Department of Electrical and Electronics Engineering

516 views • 47 slides
What kind of tensors are compressible? Tianyi Shi Cornell University ts777@cornell.edu July 19,

What kind of tensors are compressible? Tianyi Shi Cornell University ts777@cornell.edu July 19,

What kind of tensors are compressible? Tianyi Shi Cornell University ts777@cornell.edu July 19, 2019 Work with: Alex Townsend (Cornell University) Tianyi Shi (Cornell) Compressible tensors July 19, 2019 1 / 14 Tensor decomposition CP

446 views • 34 slides
Some Applications of SDEs (BSDEs) with Oblique Reflection PHD Student : GASSOUS M. A.

Some Applications of SDEs (BSDEs) with Oblique Reflection PHD Student : GASSOUS M. A.

ITN-Marie Curie Deterministic and Stochastic Controlled Systems and Application Some Applications of SDEs (BSDEs) with Oblique Reflection PHD Student : GASSOUS M. A. SUPERVISOR : RASCANU A. UNIVERSITY ALEXANDRU IOAN CUZA IAS I

397 views • 24 slides
for SmPC and package leaflet PCWP/HCP WG Joint meeting 24 September 2012 Ana Sempere Product

for SmPC and package leaflet PCWP/HCP WG Joint meeting 24 September 2012 Ana Sempere Product

Additional monitoring proposals on the black symbol for SmPC and package leaflet PCWP/HCP WG Joint meeting 24 September 2012 Ana Sempere Product Information Quality Section/Medical Information Sector An agency of the European Union

319 views • 15 slides

More recommend