Foley & Lardner, together with PYA, hosted a Let's Talk Compliance informal discussion and Q&A on HIPAA Breach & Penalties on Friday, April 30. The panel of presenters included Foley Partner Jennifer Urban, PYA Principal Barry Mathis, and Mayo Clinic's Legal Counsel Betty H. Khin who moderated the discussion.

Below are some major takeaways from the day's discussion. 

Key Takeaways

  1. Familiarize yourself with and take advantage of, the HIPAA Safe Harbor Bill by implementing recognized security practices.
  2. Watch for updates from HHS/OCR on new HIPAA enforcement rules.
  3. Make sure you have access procedures that are compliant with HIPAA's right of access requirements, conduct a security risk analysis, and use its findings to develop and implement risk management plans.
  4. If you are thinking about the HIPAA Safe Harbor Rules as a future response strategy, consider creating and maintaining a documentation library that demonstrates your compliance. Practice desk audit scenarios within your organization where the story must be told through only a paper trail.
  5. The Fifth Circuit Court of Appeals ruling and comments on the M.D. Anderson case should be reviewed by your compliance and IT risk management teams as an example of how a small infraction can lead to a large investigation. Had M.D. Anderson not been managing their risks, the court may have denied the appeal.
  6. Compliance is no longer a standalone report. It is a program with a strategy, action plan, and measurable activity producing documentation to demonstrate mitigation and compliance maturity.

Please reach out to us if you have any questions.

You can listen to this program in its entirety, at no cost, and download slides from the session by clicking here. Be sure to check out this additional Let's Talk Compliance resource:

We are working on developing future Let's Talk Compliance events—the next one scheduled for July—so stay tuned for dates and details!

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.