Apgar & Associates and ID Experts Form Partnership; "Mock OCR HIPAA Compliance Audits" Prepare Healthcare Organizations for Audits by Office for Civil Rights, Now Underway

PORTLAND, Ore., Feb. 1, 2012 /PRNewswire/ -- Apgar & Associates and ID Experts have partnered to offer healthcare organizations complete services, tools and resources for compliance with federal and state privacy, security and breach notification laws, including HIPAA and HITECH; breach prevention, incident assessment; and post-breach incident response. Their combined offerings -- including "Mock OCR HIPAA Audits" -- will provide organizations the assistance needed to prepare for the audits by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) as mandated by the HITECH Act. Throughout 2012, KPMG on behalf of OCR will conduct random compliance reviews of 20 pilot audits and 150 healthcare providers, health plans and health care clearinghouses -- also referred to as covered entities under HIPAA. These audits could result in a corrective action plan, civil penalties/monetary settlements or both, with civil penalties up to $50,000 per incident up to a maximum $1.5 million per calendar year for the same type of incident.

Free Webinar: Are You Prepared for an OCR HIPAA Audit or Investigation?

A free webinar with Chris Apgar, CEO and president, Apgar & Associates, LLC and Mahmood Sher-Jan, vice president, product management at ID Experts, will be held February 15, 2012 at 10:00 a.m. PT. To register, visit https://idx.webex.com/idx/onstage/g.php?t=a&d=963073557.

Apgar & Associates, LLC and ID Experts offer services including Mock OCR HIPAA Compliance Audits; HIPAA risk analyses; data breach investigations; HIPAA training; compliance planning, assessment, and mitigation services; contracted privacy and security officer support; OCR investigation response assistance; data breach preparedness and prevention; and post-breach solutions including forensic investigation; incident risk assessment; notification; and monitoring and recovery.

"Now is the time to address compliance," said Chris Apgar, CISSP, CEO and president, Apgar & Associates, LLC. "Reviewing, evaluating and enhancing privacy and security practices is the only course of action in this new compliance-mandated reality. It also supports patient quality of care."

"We work with organizations to reduce their risks of data breach," said Mahmood Sher-Jan, vice president, product management at ID Experts. "We believe protecting patient information is a part of patient care and conducting a privacy, security and data breach risk analysis is a first step in identifying key gaps in protecting patient information."

A Culture of Compliance

The Office for Civil Rights has coined "A Culture of Compliance" and recommended actions for covered entities and business associates to review their current HIPAA compliance programs. According to OCR, a robust compliance program includes conducting a risk analysis; employee training; vigilant implementation of policies and procedures; regular internal audits; and a prompt action plan to detect, assess, and respond to security incidents.

10 Steps to Prepare for an OCR Audit

Being ready for an OCR audit means that organizations are taking the important steps to comply with the HIPAA Privacy, Security and Breach Notification rules and steps necessary to limit and minimize the impact of a data breach. ID Experts and Apgar & Associates, LLC recommend being prepared with a solid offense before and after an incident occurs. They offer organizations these 10 steps, which will be discussed in-depth during the webinar https://idx.webex.com/idx/onstage/g.php?t=a&d=963073557.

1. Learn your compliance status with respect to HIPAA Privacy and Security Rules and the Interim Final Breach Notification Rule. Every covered entity should gain a full understanding of its compliance and gaps with these rules. Conducting an evaluation or gap analysis of HIPAA privacy, security and breach notification requirements is the logical starting point.
2. Create a centralized management system for your documents. Current and accurate documentation that is easily accessible is the key. This includes policies, procedures, risk analyses reports, training records and other related compliance activities.
3. Develop a compliance plan, prioritizing high to low risk compliance gaps and assign resources to close compliance gaps. The gap analysis in step one should be used to develop a plan of action, drive organizational alignment, and allocate the resources necessary to execute the compliance action plan.
4. Prepare and implement HIPAA policies and procedures. Organizations must have policies and procedures in place that help them to protect the confidentiality, integrity and availability of protected health information (PHI).
5. Create an incident response plan (IRP). An IRP is considered a critical element in planning for compliance and protecting PHI. The IRP provides an overall strategy for how covered entities will react to a privacy and/or security incident and comply with breach notification rule's burden of proof provisions.
6. Train Workforce Members.  The highest security risk to any organization is people. If workforce members are not trained, the risk of violations and breaches of PHI significantly increases.  Organizations need to remember training is an ongoing process and not a one-time event.
7. Conduct a risk analysis and ongoing risk management. This will help to reasonably ensure you have the policies, procedures and practices in place to implement a robust privacy and security program and handle incidents in compliance with the breach notification rule on an ongoing basis.
8. Document mitigation and compliance related activity. You need to demonstrate continued compliance activities of your organization -- not a "one time" event.
9. Conduct Periodic Audits.  This is not only a regulatory requirement. It is an important activity to address potential privacy and security gaps and identify security incidents before any significant breach occurs.
10. Seek assistance from knowledgeable vendors. It is helpful to get an outside perspective and specific expertise when preparing for or conducing an audit or evaluation.

About Apgar & Associates, LLC

Apgar & Associates provides expert privacy, information security, HIPAA/HITECH, regulatory and electronic health information exchange consulting services.  Headquartered in Portland, Ore., Apgar & Associates, LLC was formed by Chris Apgar in April 2004 to address the healthcare industry's growing need to comply with information privacy and security requirements, such as those resulting from the HIPAA Act, state privacy laws and new state and federal laws regarding identity theft. While our roots are in healthcare, we have expanded our services to other industries as well. We have also expanded services to address the growing need for assistance with compliance related activities and expanded use of electronic health information exchange. For more information, visit www.apgarandassoc.com; follow Apgar & Associates on Twitter @apgarandassoc.  

About ID Experts

ID Experts is the leader in comprehensive data breach solutions that deliver the most positive outcomes. The company has managed hundreds of data breach incidents, protecting millions of affected individuals, for leading healthcare organizations, corporations, financial institutions, universities and government agencies. In healthcare, the company contributes to relevant legislation and rules including HITECH and is a corporate member of HIMSS. ID Experts is active with organizations that advocate for privacy for Americans including ANSI/Identity Theft Prevention, Identity Management Standards Panel and the International Association of Privacy Professionals. For more information, visit http://www2.idexpertscorp.com/; join in the All Things HITECH discussion via LinkedIn at bit.ly/AllThingsHITECH; and follow ID Experts on Twitter @IDExperts.

SOURCE ID Experts

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

440k+
Newsrooms &
Influencers

9k+
Digital Media
Outlets

270k+
Journalists
Opted In

GET STARTED