New HIPAA Rules, Tools, and Guidance - Latest Changes and What to Expect Next

Why Should You Attend:

The HIPAA rules for Privacy, Security, and Breach Notification were updated last year in the Omnibus Update and are now in effect, containing numerous changes based, for the most part, on The HITECH Act passed in 2009. Some of the most significant changes have to do with changes to individual rights under HIPAA that require changes in policies and procedures and must be properly noted in your forms and notices.

This webinar will review the new regulations and will discuss their effects on HIPAA policies. Every HIPAA Covered Entity is required to have a Notice of Privacy Practices that accurately reflects patient rights and practices at the entity. Because there are new finalized changes to the HIPAA rules, the NPP for every organization having one must be updated. This webinar will examine the new templates provided by the US Department of Health and Human Services and show how they can be used to improve your notice and make it compliant with the new rules, available in English and Spanish.

Accounting of disclosures regulations pursuant to the HITECH Act have been proposed but not finalized, due to heavy criticism of the proposed rule. New recommendations have been made that are reasonable, implementable, and meet the needs of individuals and the law well, while minimizing the regulatory burden. It will discuss the recommendations that are likely to see their way into new rules in 2014.

The HIPAA Audit program required by the HITECH Act is coming to life again in 2014, with a review that may encompass ten times the number of entities reviewed in 2012. The new program will be discussed. The work that must be done for updating HIPAA compliance will outlined, with a to-do list of activities that must be undertaken to ensure compliance, and identification of additional resources and templates.

Areas Covered in the Webinar:

• Updates to HIPAA privacy policies and Notices of Privacy Practices to comply with new rules that came into force in September 2013
• Schedule of implementation and scope of changes
• Updates to Breach notification policies
• New rights of individuals to restrict disclosure of information
• Re-evaluation of marketing activity by healthcare operations
• Templates for notices and agreements will be identified and guidance for implementation of the new rules will be discussed.
• New recommendations for accounting of disclosures regulations
• Audit preparation methods

Who Will Benefit:

This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The titles are

• Compliance director
• CEO
• CFO
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Compliance Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager

Instructor Profile:

Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, co-chairs the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and co-chairs the WEDI HIPAA Updates and Privacy and Security Meaningful Use sub-workgroups. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of New York City, New York State, Virginia, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania.

Mr. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

Topic Background:

All HIPAA-covered healthcare providers must update certain business activities and the way they deal with certain patient requests, or face stiff penalties. HIPAA entities and business associates need updated policies and procedures to meet the new rules and all HIPAA Covered Entities that currently provide a Notice of Privacy Practices must update their NPPs to reflect the changes in individual rights. Violations are subject to enforcement that can include fines up to $50,000. Changes to policies and notices will be necessary in areas of patient access to records, restrictions of disclosures, marketing, fundraising, breach notification, business associates, and more.

Included are new requirements for notice of fundraising activity and an opportunity to opt out, new requirements for individuals to provide authorization for the sale of PHI, new rights of access to electronic records, new rights to restrict certain disclosures, and rights of notice in the event of a breach. Reimbursed marketing activity paid for, above costs, by a third party wishing to promote a product or service will require authorization. Health Plans also have changes related to the Genetic Information Nondiscrimination Act (GINA) that must be reflected in their NPPs, and now, under new rules just finalized this year, laboratories need to be prepared to respond to requests from individuals for copies of their test results.

Follow us :