Maintaining Continuous HIPAA Compliance through Effective Monitoring and Auditing Practices


Instructor: John Steiner
Product ID: 703453

  • Duration: 60 Min
This webinar will explain how to design and administer HIPAA monitoring and auditing programs to meet HIPAA requirements. This session will cover some of the most common exceptions under the Privacy Rule and include practical tips for demonstrating good faith compliance efforts. In addition, there will be discussion of next-generation technologies that can help covered entities and business associates detect and report inappropriate accesses and disclosures of electronic protected health information.
Purchase option for this webinar is currently unavailable. Please contact our Customer Care for more info.


Customer Care

Fax: +1-650-362-2367

Email: [email protected]

Read Frequently Asked Questions

Why Should You Attend:

HIPAA ‘covered entities’ (providers, health plans, and clearinghouses) and ‘business associates’ should implement and maintain sound monitoring and auditing practices. Those practices should help covered entities and business associates avoid or reduce the risk of civil or criminal sanctions for HIPAA violations. The new leadership of the Department of Health and Human Services, Office for Civil Rights (OCR) has been very visible and vocal about the new HIPAA enforcement tone from the OCR.

This webinar will address aspects of the enforcement rule from a practical perspective; particularly the interpretation of ‘wilful neglect’ under the civil sanctions provision. In addition, the difference between a ‘breach’ and an ‘incident’ will be addressed.

The focus of monitoring and auditing efforts will vary, based on specific provisions of the HIPAA/HITECH laws. For example, the Privacy Rule requirements relate closely to behaviors of many different groups of employees, including clinicians, allied health practitioners, business office workers, information technology staff, volunteers and so on.

Periodic reports on the HIPAA compliance program should be provided to the governing body and senior management. This session will include examples of suggested reporting ‘metrics’ for those groups.

Areas Covered in the Webinar:

  • Key areas to monitor or audit to demonstrate ‘good faith’ compliance efforts
  • Difference between a ‘breach’ and an ‘incident’
  • How to use an OCR ‘Resolution Agreement’ for a monitoring or auditing plan
  • Tips to help your workforce identify and speak up about possible HIPAA violations
  • Highlights of some of the most common exceptions under the HIPAA Privacy Rule
  • Recommendations for follow-up steps based on audit findings
  • How to select technologies to augment your current privacy monitoring program
  • Suggestions for working with Human Resources based on monitoring or audit results

Who Will Benefit:

  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Compliance Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager
  • Supervisors and Managers who use or disclose protected health information
  • Lawyers and auditors who advise clients on HIPAA compliance
Instructor Profile:
John Steiner

John Steiner
Former Chief Compliance Officer, Cancer Treatment Centers of America

John E. Steiner, Jr., Esq., CHC, CCEP, is the Former Chief Compliance and Privacy Officer and Associate General Counsel for Cancer Treatment Centers of America (CTCA), based in Schaumburg, Illinois. He is a member of the Executive Team and responsible for the design, implementation and administration of an enterprise compliance program. He is a national speaker on health law and compliance topics. He also is a nationally recognized author and editor of a variety of health care and compliance publications.

Prior to his current position, Mr. Steiner served as the Chief Compliance Officer for UK HealthCare of the University of Kentucky, Lexington, Kentucky, where he was responsible for the enterprise wide compliance program. He previously served as the Chief Compliance and Privacy Officer for the Cleveland Clinic Health System, an international referral center and multi-specialty, academic medical center in Cleveland, Ohio, and Florida. He was the first compliance officer in the history of the Cleveland Clinic and designed, implemented and administered the corporate compliance program for the health care system.

Mr. Steiner also was Senior Counsel for the American Hospital Association, where he served as an attorney and advocate for this national trade association and its 5,000 member hospitals. He obtained his BA from the Johns Hopkins University, his Certificate from the Johns Hopkins University Nitze School of Advanced International Studies, and his JD, with honors, from Chicago-Kent College of Law in Chicago, Illinois. He is the Vice Chairman of the American Bar Association Health Law Committee, a former board member of the Health Care Compliance Association and former chairman of the American Medical Group Association's Council of Compliance Officers.

Topic Background:

On January 25, 2013, the Department of Health and Human Services (HHS) issued the final HIPAA Omnibus Rule, which became effective on March 26, 2013 and required compliance by September 23, 2013. Modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules were included in the “Health Information Technology for Economic and Clinical Health Act” (HITECH).

The final rule and HITECH requirements place more comprehensive HIPAA requirements on Business Associates and change the enforcement and penalty framework for HIPAA violations.

Follow us :



Refund Policy

Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. ComplianceOnline would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange. Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time.If you have any concern about the content of the webinar and not satisfied please contact us at below email or by call mentioning your feedback for resolution of the matter. We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email [email protected] call +1-888-717-2436 (Toll Free).




6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube


Copyright © 2021 MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method