HIPAA Privacy and Security: Prepare for New CMS and OIG Reviews

Compliance and Audit Strategies Amid Heightened Government Scrutiny

Will Your Policies and Practices Survive Increased Enforcement?

Recording of a 90-minute CLE webinar with Q&A

Conducted on Tuesday, April 15, 2008

Course Materials


In response to growing concerns over the security of protected health information, the Centers for Medicare and Medicaid Services (CMS) recently announced that it has hired PricewaterhouseCoopers to conduct HIPAA security compliance reviews of ten to twenty hospitals over the next several months.

The compliance reviews are in addition to the random compliance audits the Office of the Inspector General (OIG) is currently conducting. Additionally, private plaintiffs have begun to allege HIPAA privacy violations as evidence of breach of the standard of care in private negligence actions.

In light of these activities, it is critical that healthcare providers review their HIPAA policies, audit their privacy and security practices and train their staff, focusing on risk management strategies relating to remote access, storage and transmission of electronic protected health information.

Listen as our panel of healthcare attorneys reviews current HIPAA enforcement efforts and their implications, what the HIPAA security rule requires and best practices for compliance.



  1. Recent HIPAA privacy activities and their implications
    1. Office of Civil Rights enforcement efforts
      1. Complaint processing
      2. Subpoena power
      3. Representative actions
    2. Private civil litigation involving HIPAA
      1. Using HIPAA as standard of care and other enforcement efforts
      2. Legal rulings regarding the scope or effect of HIPAA privacy regulations
    3. Effect of privacy regulations on clinical research
    4. Issues involving privacy regulations and electronic medical records
  2. Recent HIPAA security activities and their implications
    1. Centers for Medicare and Medicaid Services (CMS) compliance reviews
    2. Office of the Inspector General compliance audits
    3. CMS security guidance on portable devices and remote access
    4. Security rule requirements
      1. Risk assessment
      2. Minimize risk of improper use or disclosure of PHI
      3. Meet all “required standards”
      4. Penalties for non-compliance—fines, imprisonment, legal liability
      5. Security rule and technology
  3. Documentation standards
    1. Policies and procedures for documentation
    2. Retention of documentation
    3. Availability and accessibility of documentation to workforce
    4. Ensuring confidentiality, integrity and availability of PHI
    5. Attorney–client privilege
    6. State notification laws


The panel reviewed these and other key questions:

  • What new measures is the government undertaking to ensure compliance with HIPAA?
  • What steps can providers take to ensure the confidentiality and integrity of electronic protected health information?
  • What can providers do to ensure ongoing HIPAA compliance and minimize their chances of penalties, lawsuits, and negative publicity?


Philip H. Lebowitz
Philip H. Lebowitz
Duane Morris

He provides regulatory and general counseling to healthcare providers. He represents medical device manufacturers...  |  Read More

Melissa L. Markey
Melissa L. Markey
Hall Render Killian Heath & Lyman

She represents healthcare providers in technology law, including electronic health records, HIPAA and compliance. She...  |  Read More

James B. Wieland
James B. Wieland

Ober Kaler

He counsels healthcare clients on all aspects of privacy issues, including state laws and HIPAA privacy standards. He...  |  Read More