Hartford, Conn., December 3, 2015 – Day Pitney LLP is pleased to announce the launch of its HIPAA Self-Assessment Tool ("Tool") to help clients prepare for the second phase of HIPAA audits by the U.S. Department of Health and Human Services' Office for Civil Rights ("OCR") in early 2016. The target for these audits has expanded beyond covered entities (healthcare providers, health plans and clearinghouses) and will also include business associates, such as vendors, suppliers, and consultants.
Because HIPAA noncompliance can be costly and disruptive to an organization, Day Pitney created a simple-to-use automated Tool based on OCR’s audit protocol to help clients assess whether they are in compliance with HIPAA’s security, privacy and breach notification requirements. OCR has engaged a contracted vendor to conduct the audits and OCR has the authority to initiate enforcement actions based on the audit results.
"Companies should really start self-audits as soon as possible to make sure they are in compliance with the HIPAA rules," said James Bowers, Day Pitney director of Compliance Risk Services and former chief compliance officer at Aetna Inc. "The most common deficiency found by the OCR is the failure to conduct a security risk assessment to identify and mitigate risks to Protected Health Information that may be exposed on servers and unencrypted laptops, as well as ancillary risks resulting from unchanged default passwords, outdated security software and inadequate training."
The Tool is designed to be completed by a company’s compliance officer, privacy officer, health information manager, medical records manager or legal counsel. Although the Tool cannot guarantee a successful audit result, any covered entity or business associate can benefit from its use. After reviewing the Tool, one hospital’s general counsel noted that even organizations that have done a lot of work to implement the necessary privacy and security policies can use the Tool to determine whether there are any gaps in their compliance program. For organizations that have not yet completed their HIPAA-readiness, the Tool can be used as a roadmap that shows what needs to be done. A more detailed description of the Tool can be found on Day Pitney’s HIPAA Compliance service page.
"Once a client inputs its information, the Tool provides an automated assessment summary," said Day Pitney Healthcare attorney Susan Huntington. "If there are areas of noncompliance, our team is ready to work with the client to address and correct such areas."
Susan Huntington served as a primary author of "Issues and Considerations in an Evolving Liability Environment: Summaries and Checklists Regarding Protections for Board of Directors and Executive Officers," a toolkit published by the American Health Law Association's (AHLA) Business Law and Governance Practice Group.
On September 20, Susan Huntington presented during an educational call-in discussion, "Insurance and Coverage Risk Management Approaches to Address the Opioid Crisis," for the American Health Lawyers Association (AHLA).
Day Pitney was a presenting sponsor of the 14th Annual Women of Innovation Awards gala, presented by the Connecticut Technology Council and held at the Aqua Turf Club in Southington, CT.
Erin Magennis Healy, Lori J. Braender and Thomas A. Zalewski authored an article, "A Provider's Guide to Managing a Medical Device Recall," which was published in the American Health Lawyers Association Journal of Health & Life Sciences Law.
Day Pitney Alert
Day Pitney Press Release
Day Pitney's recently updated HIPAA self-assessment tool was featured in an article published in Clinical Lab Products magazine.
Day Pitney Press Release
Susan Huntington and Eric Fader were quoted in an article, "Growing HIPAA Focus Leads To Fresh Compliance Options," published in Law360.
Day Pitney LLP is pleased to announce the availability of its updated HIPAA Self-Assessment Tool 2.0 ("Tool"), designed to provide an easy and cost-effective way for organizations to perform a self-assessment of HIPAA compliance based on the U.S. Department of Health and Human Services' Office for Civil Rights ("OCR") expanded audit protocol.