Published October 7, 2020

Regulatory Compliance Enforcement and HIPAA Audit Dos and Don’ts

PYA Principal and Chief Compliance Officer Shannon Sumner and Consulting Senior Manager Susan Thomas presented Regulatory Compliance Enforcement Update: Getting Results from the Guidance at the virtual 2020 Montana Healthcare Conference. They reviewed the sources of regulatory enforcement and investigation information—guidelines, statutory updates, best practices, settlements, case studies, etc.—available to healthcare organizations. They also discussed how to interpret and implement the guidance in order to strengthen the compliance function and protect the organization. The presentation covered:

  • Compliance regulatory requirements for healthcare organizations.
  • Guidance available for consideration in organizational compliance programs.
  • Internal and external reporting to ensure regulatory requirements are met.
  • Best practices for implementation of guidance.
  • Case studies for illustration of guidance implementation.

PYA Principal Barry Mathis presented “OCR HIPAA Audits—Dos and Don’ts.” He discussed the Office of Civil Rights (OCR) HIPAA audit process and timeframe. Attendees of his session learned about the current HIPAA audit environment and the shift in proactive audits vs. reactive audits; tips, techniques, and tools to help prepare and work through a HIPAA audit; and the use of observable and measurable terms in drafting learning objectives. The discussion included:

  • Specific changes in the OCR’s efforts to enforce HIPAA rules.
  • Potential HIPAA changes.
  • Preparation, including a reactionary team, well before an audit occurs.
  • Preparation for and response to an official HIPAA audit as a result of an incident or complaint.
  • Tips and actions to consider for on-site follow-up to a HIPAA desk audit.
  • A brief OCR case study.
  • Conclusions, recommendations, and discussion of available tools.

This session’s attendees received an OCR reference resource and a self-assessment skills tool to determine response readiness to an OCR HIPAA Audit.

The event took place Oct. 5-8.

If you would like additional information about regulatory compliance enforcement or HIPAA audits, contact a PYA executive below at (800) 270-9629.

Executive Contacts

Interested in Learning More?

Sign Up for Our Insights, Including COVID-19 Bulletins!



Select Your Subscriptions