Exclusive Private Webcast
Preparing for HIPAA/HITECH Audits by OCR
Step Through the Audit Process & Recent Experiences
To Schedule a Private Webcast Customized to Address Your Requirements, Please Contact John Schelewitz at 1.480.663.3225 or John.Schelewitz@ecfirst.com
The HITECH Act (defined in the Economic Stimulus Bill), the, American Recovery & Reinvestment Act (ARRA), has extended the reach of government regulations with regards to patient information. HIPAA Security Rules now apply to business associates in the same manner as they apply to covered entities. All requirements of the HIPAA Security Rule now directly impact business associates – this includes all Administrative, Physical and Technical Safeguards’ requirements.
The HITECH Act further introduces specific requirements for business associates to report breaches by a covered entity to the HHS.
Business associates that violate the HIPAA Security Standards or the required terms of their business associate contracts now will be subject to the same civil and criminal penalties as covered entities.
Business associates who use, obtain, create or transfer Protected Health Information (PHI) pursuit to a contract (or other written agreement), now have a legal duty to ensure that they are only using or disclosing PHI in accordance with 45 CFR § 164.504(e).
So is your organization taking steps to comply with the new requirements of HIPAA and the HITECH Act?
Key changes in the HITECH Act include regulation of business associates as well as strong security breach notice requirements. Rules are also tightened in several areas for HIPAA Privacy and Security. Penalties have been increased for non-compliance as well as significant funding for aggressive enforcement.
The HITECH Act further requires vendors of PHI and other entities that access Personal Health Records (PHR) - that are not covered entities or business associates - to notify certain individuals in the event of a breach of the privacy or security of unsecured PHI.
Ali Pabrai, CISSP (ISSAP, ISSMP), CSCS
Cyber Security & Compliance Expert
ecfirst, Chief Executive
Ali Pabrai, chief executive of ecfirst, an Inc. 500 business, is a highly sought after cyber security and compliance expert. Mr. Pabrai has successfully delivered tailored security solutions to hundreds of organizations across the United States. He is also the author of the executive brief “Cyber Security Strategy: The 4 Laws of Information Security” and recently launched the Certified Security Compliance SpecialistTM (CSCSTM) program that addresses key compliance and security regulations, including PCI DSS, ISO 27001/27002, HIPAA, FISMA and others. Mr. Pabrai established the healthcare industry’s gold standard program on HIPAA certification with the establishment of the HIPAA AcademyTM.
Mr. Pabrai is a featured speaker and has presented opening keynote and other sessions at several conferences worldwide, including Microsoft HUG (HIMSS), HIMSS Midwest, Internet World, Comdex, NetSecure, and Information Systems Security Associations (ISSA) Conferences. He is also a member of the U.S. FBI InfraGard.
What You Will Learn?
- Examine the audit process used by CMS and OCR in 2008 and 2009
- Review new enforcement approaches as well as the tiers of penalties that have been defined
- Step through significant requirements introduced for breach and notification
- Understand how to prepare for an audit by organizations such as the OCR, CMS, OIG or the FTC
- Identify critical steps for business associates to get started to meet the new requirements introduced by the HITECH Act
- Chief Information Security Officer
- Chief Information Officer
- Chief Operations Officer
- Chief Financial Officer
- Chief Technology Officer
- Director of Information Technology
- Director of Health Information Management
- Director of Patient Accounting
- Compliance Officer
- Privacy Officer
- Security analyst
“This was a great session given by a very knowledgeable individual. It has opened my eyes to how vulnerable an organization may be.”
Tammy Deras, Applications Manager
Prime Healthcare Services
“One of the best one-hour presentations I have ever witnessed. ecfirst people are true professionals, extremely knowledgeable and passionate about compliance and training.”
Michael Boanta, CEO
Boanta & Associates – Consultant for PrivateAccess.info
“Delivery and expertise on the topic matter was much more than expected…”
Jay Falck, CISSP, CSCS
Recent ecfirst clients include many hospitals, government agencies, Microsoft, McKesson, HP, Symantec and hundreds of other organizations.
Contact ecfirst – Hub for Compliance & Cyber Security
To bring this presentation to your site, or to tailor a webcast for your organization, please contact John Schelewitz at 1.480.663.3225 or at John.Schelewitz@ecfirst.com. To learn more about ecfirst and HIPAA Academy services, please visit www.ecfirst.com and www.HIPAAAcademy.Net.