HIPAA Compliance Committees and Hybrid Entities

Transcript:HIPAA Compliance Committees and Hybrid Entities:
HIPAA Compliance Committees and Hybrid Entities Beth Manley ISAC Compliance Officer February 23, 2017 Disclaimer The Iowa State Association of Counties (ISAC) provides education and information primarily as a general service to ISAC members. This communication, or any other communication with ISAC, does not create an attorney-client relationship. The information provided should not be interpreted or used as a substitute for a legal opinion from your county attorney or otherwise retained and qualified legal counsel. Outline HIPAA Compliance Committees Purpose Membership Meetings Hybrid Entities Definition Benefits Examples ISAC HIPAA Program Questions HIPAA Compliance First steps Designate Privacy Officer Designate Security Officer Establish a compliance program Compliance committee Adopt policies and procedures Train workforce Complete a risk analysis Review current business associates and other contracted vendors Audit compliance Components of a Compliance Program Standards and Procedures Oversight Education and Training Communication Monitoring and Auditing Enforcement and Discipline Response and Prevention Compliance Committees Compliance Committees Are they required? No Should you have one? Yes OIG Compliance Guidance The U.S. Department of Health & Human Services Office of Inspector General (OIG) had developed a series of voluntary guidance documents to help various entities have effective compliance programs and comply with applicable statutes and regulations. https://oig.hhs.gov/compliance/compliance-guidance/ https://oig.hhs.gov/compliance/compliance-guidance/compliance-resou rce-material.asp OIG Guidance-Purpose The purpose of the compliance department is to implement the compliance program and to ensure compliance with all applicable Federal health care program requirements. OIG Guidance: Function of Compliance Committee Analyzing the organization’s industry environment, the legal requirements with which it must comply, and specific risk areas; Assessing existing policies and procedures that address these areas for possible incorporation into the compliance program; Working with appropriate departments to develop standards of conduct and policies and procedures to promote compliance with the organization’s program; OIG Guidance: Function of Compliance Committee cont. Recommending and monitoring, in conjunction with the relevant departments, the development of internal systems and controls to carry out the organization’s standards, policies and procedures as part of its daily operations; Determining the appropriate strategy/approach to promote compliance with the program and detection of any potential violations, such as through hotlines and other fraud reporting mechanisms; Developing a system to solicit, evaluate and respond to complaints and problems. OIG Guidance: Function of Compliance Committee cont. Monitoring internal and external audits and investigations for the purpose of identifying troublesome issues and deficient areas experienced by the organization, and implementing corrective and preventive action; and The