Toll free: +1-800-447-9407 support@gcplearning.com Cart 0 items
Richard D. Dvorak
Instructor Richard D. Dvorak
Product Id 601821
Duration 90 Minutes
Version Recorded
Original Price $295
Special Offer Price $10
Refund Policy
Access recorded version only for one participant; unlimited viewing for 6 months

Road Map to HIPAA Compliance

Overview:

The webinar will explain the process for covered entities and business associates to initially come into HIPAA compliance and to stay compliant. It will demonstrate the following: who should be involved in the compliance effort; how to assess the degree of compliance at the beginning of the process through a gap analysis; the steps to achieve compliance, including risk analysis, development of policies and other documents, and required training; how to assess whether compliance was reached; and how to ensure that the entity remains compliant, including what to do if a HIPAA violation occurs.

Why should you attend: The majority of the DHHS civil money penalties and settlements in lieu thereof involve, sometimes with other violations, failure to perform a written risk analysis, failure to develop required policies, and failure to conduct adequate HIPAA training. These penalties usually are in the seven-figure range. Failure to conduct a written risk analysis, adopt required policies, or conduct required training qualifies as "willful neglect," which carries the highest civil money penalty ("CMP") and which penalty cannot be waived by DHHS as can violations due to a reasonable cause.

DHHS entered into a settlement with Massachusetts General Hospital for $1 million for a breach involving leaving paper PHI records on a subway. The sanction was because Massachusetts General had not trained its workforce on proper security for PHI taken offsite and did not have a work-at-home policy. Significantly, HIPAA does not even mention working at home, much less specifically require such a policy.

Another civil money penalty, this time for $4.3 million, involved failure to provide patients their HIPAA right of access to their medical records. Thus, having a good process to ensure compliance with all of HIPAA's requirements, both stated and implied ones, is crucial to protecting patients and avoiding HIPAA's severe penalties.

Areas Covered in the Session:

  • Identify who should be involved in the process
  • Conduct a gap analysis
  • Conduct a written risk analysis
    • Assemble a good team
    • Identify assets
    • Identify risks
    • Quantify risks
    • Select reasonable, appropriate, and cost effective security measures
    • Test and revise security measures
  • Appoint key personnel
  • Identify and adopt required policies and procedures
  • Identify the need for and conduct required training
  • Identify the need for and adopt other required documents, such as business associate agreements, consents, authorizations, notices of privacy practices, and the like
  • Ensure that patient rights are properly afforded
  • Periodically audit the state of your compliance and make required adjustments
  • Questions and answers

Who Will Benefit:
  • HIPAA Compliance Officers
  • HIPAA Security Officers
  • HIPAA Privacy Officers
  • CFOs
  • CIOs
  • Business Office Managers
  • Medical Records Personnel
  • Billing Services

Speaker Profile
Richard D. Dvorak J.D., is a health care attorney and partner in the law firm of TOMES & DVORAK, CHARTERED, a Kansas City area law firm. The firm has Martindale-Hubbell’s highest rating, AV (“A” is for preeminent in the field of practice and “V” is for highest ethics). After serving eight years in the United States Marine Corps, Richard obtained his law degree from Chicago-Kent College of Law in 1992. He is licensed to practice law in Illinois, Missouri, and Kansas, including various U.S. federal courts. Mr. Dvorak’s extensive litigation experience includes medical malpractice, physician licensure, mental health disability cases, military cases, and criminal cases, among others.

Mr. Dvorak is Vice President of EMR Legal, Inc., a national HIPAA consulting firm, which provides consulting services for clients ranging from a large county government, with eight different health entities that need HIPAA compliance help, to a small transcription service. His specialty is helping covered entities and business associates comply with HIPAA in a cost-effective manner using his extensive technical computer knowledge and business acumen. He and his team have consulted over 1,000 clients in health care regulations since 1998. Mr. Dvorak is also the Vice President of Veterans Press, Inc.—a national publishing company that sells and distributes The Compliance Guide to HIPAA and the DHHS Regulations, soon to be in the 6th edition, an integral part of the HIPAA Compliance Library.

Richard’s HIPAA speaking engagements include Cross Country Education, MEDS-PDN, PESI, CMI and Lorman Business Center, and The National Home Infusion Association (NHIA) 2013 convention. He also has taught business law for Park College in Missouri. As a small businessman, Richard understands the need to help others learn how to comply with government health regulations in a reasonable, cost-effective manner.

Sign Up for Our Newsletter