Compliance Planning for HIPAA 2 - What Needs to Change in Policies and Procedures

Why Should You Attend:

The HIPAA privacy and security regulations have changed in ways that affect every health care-related entity, from providers to insurers to business associates, and more. The HIPAA Privacy and Security Regulations have been significantly modified from the former practices and the new final rules are now in effect. Policies and procedures at HIPAA entities must be modified to match the changes in the rules.

This 90-minute webinar will review the new regulations and discuss their effects on usual practices. You will also learn what policies need to be changed and how. It will show what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights. Now that there is a legislative mandate to audit compliance, and a new random audit plan being implemented in 2014, you need to be prepared to respond to audit requests. It’s never been more important to review your HIPAA compliance and meet the new requirements. This session will describe the changes and the related policies that need modification for compliance with the new HIPAA rules.

Areas Covered in the Webinar:

• New regulations and their effects on usual practices as well as what policies need to be changed and how.
• What policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights.
• The features that must be available in EHR systems.
• How the new regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.
• How Individuals can now request certain restrictions on disclosures that you must honor.
• New requirements for Business Associates (BAs) to comply with HIPAA privacy protections and security safeguards and how BAs are subject to enforcement and penalties directly by HHS.
• How new limitations on marketing and fund-raising may change and how entities can reach out to individuals.
• How new HIPAA random audit program and penalty requirements for violations increase the need to make sure you are in compliance before HHS OCR knocks on the door.

Who will Benefit:

This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc). The titles that will benefit are

• Compliance director
• CEO
• CFO
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager

Instructor Profile:

Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, currently serves on the WEDI Breach Notification sub-workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before regional HFMA chapter meetings and state hospital associations.

Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Topic Background:

All kinds of covered entities and now business associates of covered entities and their subcontractors as well need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the changes in the rules. Many business associates won’t even be aware they are now under the rules, and some subcontractors of business associates may not even be aware that they handle any protected health information and therefore now fall under the regulations.

New regulations around the release of electronic records and restrictions on disclosures are creating new burdens that your EHR and your medical records department must deal with. There are new patient rights and new provider obligations. You will even have to update your HIPAA Notice of Privacy Practices to show how you support the new patient rights under HIPAA as amended by HITECH.

New regulations on marketing simplify determining what needs to have an authorization to be performed, but provide greater restrictions on the use of PHI. Fundraising, however, sees a loosening of restrictions that many institutions have ignored, but more stringent requirements for honoring opt-outs; policies and practices must be adjusted to the new rules.

Follow us :