HIPAA Omnibus Update - Tracking Down the Details

Why Should You Attend:

This webinar will review the new requirements for the notice of privacy practices (NPPs) to include notice of fundraising activity and an opportunity to opt out, new requirements for individuals to provide authorization for the sale of PHI, new rights of access to electronic records, new rights to restrict certain disclosures, and rights of notice in the event of a breach.

The changes are numerous and many are subtle and require an in depth examination of your NPPs. To illustrate this, the course will also examine:

• New regulations and their effect on HIPAA policies
• New rights that must be added to your policies and NPPs
• Areas where current rights need to be modified
• Areas that no longer need notice
• Typical policy content
• Areas where changes might best be made
• Information that needs to be added or removed to meet requirements most efficiently and economically
• Sample policies, additional resources and templates

The instructor will outline the work that must be done for updating HIPAA compliance for medical offices with a to-do list of activities that must be undertaken.

Areas Covered in the Webinar:

• All HIPAA privacy policies and NPPs must be updated to meet the new rules that became enforceable in September 2013. The schedule of implementation and scope of the changes will be described.
• Breach notification policies must be updated to meet the new requirements, and privacy notices will need to include mention of the right to be notified in the event of a breach of the privacy or security of their protected health information (PHI).
• Individuals have a new right to request electronic copies of information held electronically that must be reflected in policy and the NPP.
• Individuals have new rights to restrict disclosure of encounter information to an insurer if it is paid fully out of the pocket by the individual. Policies and the NPP must identify this right.
• Fundraising policies may need to be updated, and fundraising activity must be described in the NPP, with an opportunity to opt-out.
• Healthcare operations involving potential marketing activity must be re-evaluated in light of the new rules and policies and notices must be updated.
• How you should update your policies and your NPP – how do you document them, to whom does the new NPP go, and how?

Who Will Benefit:

This webinar will provide valuable assistance to all personnel in: medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). This includes:

• Compliance officers and directors
• CEOs
• CFOs
• Privacy officers
• Information systems managers
• HIPAA officers
• Chief information officers
• Health information managers
• Healthcare counsel/lawyers
• Office managers
• Contract managers

Instructor Profile:

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Electronic Data Interchange Privacy and Security Workgroup, currently serves on the WEDI Breach Notification sub-workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before regional HFMA chapter meetings and state hospital associations.

Mr. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related websites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Mr. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

Topic Background:

All HIPAA covered healthcare providers must update the way they deal with certain patient requests and certain business activities, or face stiff penalties. All HIPAA covered entities that currently provide a notice of privacy practices (NPP) must update their NPPs to reflect the changes in individual rights. Violations are subject to enforcement that can include fines up to $50,000. Changes to policies and notices will be necessary in areas of patient access to records, restrictions of disclosures, marketing, fundraising, breach notification, and more.

The final amendments to HIPAA resulting from the HITECH Act are now in effect and fully enforceable. The amendments require changes in several areas of operation, including health information management, marketing, fundraising, breach notification, and security, and many of the changes will require significant effort to implement

Health plans also have changes related to the Genetic Information Nondiscrimination Act (GINA) that must be reflected in their NPPs. Reimbursed marketing activity that may have been permissible without authorization from the individual under the old rules used to require notice in the NPP. Now all such marketing activity paid for, above costs, by a third party wishing to promote a product or service will require authorization.

Follow us :