This webinar is for HIPAA Covered Entities (CEs) and Business Associates (BAs). Criminals increasingly focus cyber-attacks on BAs because one hit can give them access to PHI of all the BA’s customers. Growth of serious BA PHI breaches affecting tens of millions of patients put the spotlight on BA HIPAA compliance, attracting HHS Office for Civil Rights investigations and aggressive private class action lawsuits filed within days of a breach targeting BAs and their CE customers. CEs that did nothing wrong can still be held liable to pay the same civil money penalty as their BA for the BA’s HIPAA violation under the Federal Common Law of Agency which is included in the HIPAA Enforcement Rule.
Simple steps, often overlooked but easy to follow, enable CEs and BAs to protect against costs and damage to their reputations caused by violations of HIPAA Rules that apply to BAs. The chain of HIPAA compliance starts with a CE. It extends to a BA that provides a CE with services involving PHI. And the chain of compliance continues on down to any subcontractors of a BA that perform services involving PHI. BA subcontractors are defined by HIPAA as BAs and are fully liable for compliance.

  • CEs must obtain “satisfactory assurances” from each BA, documented in writing, that the BA complies with HIPAA before disclosing PHI to the BA or allowing the BA to create, receive, maintain or transmit PHI on their behalf.
  • BAs must obtain “satisfactory assurances” from each Subcontractor BA, documented in writing, that the Subcontractor BA complies with HIPAA before permitting the Subcontractor BA to perform services involving PHI.

This webinar explains the interconnected HIPAA compliance responsibilities and liabilities of CEs and BAs. HIPAA Rules that apply to both are easy to follow, step-by-step, when you know the steps.

HIPAA Rules that apply to CEs in dealing with BAs and that BAs must follow are discussed and explained including:

  • Serious Business Associate HIPAA Violations
    Brief review of current OCR BA Enforcement and Class Action lawsuits based on BA HIPAA violations
  • Explanation of how HIPAA Rules apply to BAs
    • Security, Privacy and Breach Notification Rules
  • Business Associate Agreements and the key Agency Issue – Don’t make your BA or Subcontractor BA your legal agent by mistake like many do
  • CE Due Diligence for BAs and BA Due Diligence for Subcontractor BAs
  • Who’s in Charge? – Responsibility & Authority – Responsibility of Senior Management and Owners – Delegation of Authority for development and implementation of a BA HIPAA compliance program

Why You Should Attend This Webinar

CEs can find themselves fully liable for HIPAA violations committed by BAs and BAs for violations committed by Subcontractors under the little known Federal Common Law of Agency. However, risks associated with BA HIPAA compliance can be managed calmly and confidently by following the HIPAA Rules that are easy to follow, step-by-step.
CEs should attend to see what to look for in Due Diligence, how to obtain HIPAA required satisfactory assurances that a BA is complying with HIPAA and avoid liability by inadvertently making a BA their agent.
BAs should attend this webinar to see exactly what they must do to comply with HIPAA Rules – Security, Privacy and Breach Notification Rules. And what to look for in Due Diligence and how to obtain HIPAA required satisfactory assurances that a Subcontractor BA is complying with HIPAA while avoiding liability by inadvertently making a Subcontractor BA their agent

Who Should Attend This Webinar

Covered Entities of all types who disclose PHI to BAs and allow BAs to create, receive, maintain and transmit PHI on their behalf
Business Associates of all types including for example:

  • Billing and Coding companies
  • Practice Management Companies
  • IT Vendors
  • Data Storage firms (electronic and paper)
  • Secure and unsecure providers of PHI email and text message services
  • Vendors of patient satisfaction surveys
  • PHI record retrieval and release of information vendors
  • Law and Accounting Firms
  • Health Plan Third Party Administrators
  • CE Owner – CEO – COO Compliance Manager
  • Board of Directors – for profit and non-profit CEs
  • Healthcare Practice Manager
  • Administrator, Long Term Care Facility
  • BA Owner – CEO – COO
  • Security and Privacy Officers
  • Compliance, Information Security and Risk Management Directors
  • Business Manager
  • Attorney – General Counsel, Associate General Counsel, Inside Compliance Attorney, Outside Health Law Attorney

Venue: Recorded Webinar

Enrollment option


Paul R. Hales
Paul R. Hales, J.D. is widely recognized for his ability to explain HIPAA Rules clearly in plain language. He is an attorney licensed to practice before the Supreme Court of the United States, a graduate of Columbia University Law School and Senior Counselor of the Missouri Bar with an international practice in HIPAA privacy and…

Related Events

Revenue Codes vs CPT/HCPCS Edits:  Does Your Chargemaster Reflect Best Matches?
Compliance Webinars
Live Webinar

Revenue Codes vs CPT/HCPCS Edits: Does Your Chargemaster Reflect Best Matches?

A hospital chargemaster is a comprehensive list of a hospital's products, procedures, and services. Everything from prescription drugs to supplies for diagnostic tests has a unique price listing in the chargemaster. Major components include revenue codes that reflect the site of service and applicable CPT/HCPCS codes that indicate the service provided/charged. Poor matches between these code sets may lead to distorted cost centers, lost revenue, charges bundled that should be separately reported and incomplete departmental charging. Webinar’s Goals Understand chargemaster code functions Understand revenue leakage resulting from poor chargemaster structure Understand why correct departmental charging is vital to revenue integrity Appropriate training for charge entry staff Billing attention to posted charges Who Should Attend Chargemaster Maintenance Staff Compliance staff Billers Coders Revenue Cycle Managers & Staff Risk Management Charge entry staff

Conducting A Charge Audit to Increase Revenue
Compliance Webinars
Live Webinar

Conducting A Charge Audit to Increase Revenue

Areas Covered A major component of successful revenue management is accurate charging for services provided. Charges must be identified, posted timely and completely. Hospital charge capture is typically handled by the department that provided the service. Professional charges may be posted by the provider. In either case, the function may be a low administrative priority with little to limited training for charging activities. Coordination between departments may not be established. Accountability for correct charging may be minimal. There may be no formal policies or baseline controls for correct charge capture. Different systems may be used for charging and reconciliation An effective charge audit can identify lost revenue opportunities Webinar’s Goals Understand the importance of accurate charge capture Tips for charge review Departmental charge capture errors & omissions Revenue leakage resulting from charging errors Reduce non-compliance exposure Improvement of operational efficiency Enhance patient satisfaction Key Points Why Errors Occur Multiple departments entering charges Charge master may be incorrect or incomplete Error in number of units selected Error in item selection Inactive charge New service not added Incorrect revenue code/cost center System conversions Overreliance on claims scrubber Target Audience Physicians Practice managers Medical assistants Nurses Compliance staff Billers Coders Revenue Cycle Risk Management

Seven Criteria for High Quality Clinical Documentation
Compliance Webinars
Live Webinar

Seven Criteria for High Quality Clinical Documentation

Clinical documentation is the cornerstone for all patient medical records. This information should be of the highest quality to allow for optimal patient outcomes as well as supporting research, medical coding and other uses of the medical record. Its purpose is to adequately relate the patient’s current and historical conditions and treatments with primary focus placed on situations that affect the current medical encounter. It also supports the provider’s defense should the case become a legal issue. Webinar’s Goals Review of 7 criteria that all entries in the medical record should include Impact of documentation on coding & claims Establishing a CDI team Significance of abnormal lab results: querying the provider. Measurement of lesions, when taken and inclusion of margins. Why it matters & how reimbursement may be affected. Start & stop times & methodology for infusions & discrepancies in billing. Complete reporting for administration and substance. Diagnostic testing and medications should be supported in a diagnosis. Unsupported documentation may cost you money. Depth of wounds and cause should be clear. Clarity needed for both depth and origin of wound. Severity of illness. Hospitals and payers are increasingly scrutinizing patient severity. Lack of detail costs money. Diagnosis present on admission? Certain conditions do not generate additional revenue if occurrence after admission. Areas Covered The ICD-10 code set requires explicit documentation of conditions & treatments in order to support the severity of patients under treatment as well as allow for the significant specificity required by this code set. Ambiguous documentation and generic coding will no longer guarantee reimbursement and may generate a claims denial for lack of medical necessity. In this session, we will review the theory of high-quality clinical documentation which has the support of healthcare regulatory guidelines and peer-review research. Additional consideration involves medical outcomes that may result in legal action. When clinical documentation is vague, missing key elements and conflicting statements, the provider may find that he/she is handicapped in supporting medical decisions and patient results, particularly when the result is a negative outcome for the patient. In today’s healthcare environment, many patients have become educated consumers of medical services. They are more inclined to request their own medical record, carefully review explanation of benefits from payers, and request a review of any information they deem to be incomplete or questionable. Target Audience Coding Billing Revenue Cycle Physicians Mid-level providers Nurses Claims follow-up Compliance Auditors

Excel - Master the Latest & Greatest 365-Only Functions
Compliance Webinars
Live Webinar

Excel - Master the Latest & Greatest 365-Only Functions

Elevate your Excel prowess with this training. Aimed at users already versed in Excel's core functions (SUM, X/VLOOKUP, COUNTIF etc), this course introduces users to some of the new innovative functions added since 2020, exclusively available to Microsoft 365 and Excel 2021 users. These cutting-edge tools are designed to streamline your formula creation process, enhance your data interaction, and expand your analytical capabilities. Embrace the simplicity of extracting unique values, sorting and filtering datasets, creating dynamic, self-updating lists and much more! Whether you’re looking to improve efficiency, accuracy, or both, these features will set you on a path to becoming an Excel ninja. Ensure your skill set remains at the forefront of technological advancements with these essential, transformative functions that redefine what's possible in Excel. Topics We’ll Explore UNIQUE: Extract distinct values effortlessly FILTER: Refine your data with precision SEQUENCE: Generate ordered lists automatically SORT & SORTBY: Arrange your data with ease CHOOSECOLS & CHOOSEROWS: Select specific data segments TEXSPLIT, TEXTBEFORE, and TEXTAFTER: Manipulate text data like never before VSTACK: Merge arrays vertically with simplicity Who Should Attend? This intermediate-level training is tailored for Excel users eager to learn the cutting-edge functions exclusive to Microsoft 365 subscribers and Excel 2021 users. Prior to attending, confirm with your IT department whether your subscription includes these features.