Overview: In this session we will discuss the HIPAA audit and enforcement processes and how they apply to covered entities and business associates, and the new random HIPAA compliance audit program in particular. We will review the new audit processes and discuss what will be asked in an audit and how. Protocols and the questions asked at recent audits will be explained. We will explain the enforcement regulations and their recent changes that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000. We will discuss what information and documentation needs to be prepared in advance so that you can be ready for an audit without notice. Sample information request forms and questions asked at prior audits will be presented.The session will also cover how to know if you may become the subject of an audit or enforcement action, and what you can do to help limit your exposure. We will discuss how most enforcement actions come about and what can be done to prevent incidents that lead to enforcement.The HIPAA Privacy, Security, and Breach Notification regulations and how they will be audited will be explained. Documentation requirements for compliance will be explored and a framework of security policies necessary for compliance will be presented.The results of prior HHS audits (and their penalties) will be discussed, including recent actions involving multi-million dollar fines and settlments. A plan for attaining compliance will be presented. The steps to follow to prepare for an audit and respond to an audit request will be outlined. In addition, upcoming trends in information security risks will be discussed.This session will prepare health care professionals so they can quickly and properly respond to audits and minimize any issues related to responding to audit requests, based on the latest information from HHS and entities that have been recently audited.