Description:

Over many years, the U.S. Department of Health and Human Services Office for Civil Rights has indicated that patient access to information is a crucial priority to improve the nation's health. Patient rights under HIPAA have been expanded to include several access rights, and detailed guidance has been issued on access to records. And more than four dozen HIPAA enforcement actions were against entities that did not correctly provide patient access to records. HHS is now using HIPAA Individual Access Rights to implement new rules on prohibitions to Data Blocking effectively, and the proposed changes to the HIPAA Privacy Rule will set the current guidance on compliance.

To facilitate the delivery of services and necessary communications during the COVID-19 emergency, the U.S. Department of Health and Human Services issued guidance relaxing some HIPAA requirements about teleconferencing tools and reiterating HIPAA allowances for communication with family and friends of patients. Now that the emergency is ending, the allowances are ending, and entities must follow the rules without exceptions.

HIPAA compliance is essential to an organization's security strategy and risk mitigation efforts. Failure to comply with HIPAA standards puts your data security at risk—which can lead to fines and penalties (including civil and criminal lawsuits), disrupt business, break customer trust, and result in profit loss.

There are three main rules organizations must follow to be HIPAA compliant:

• The Privacy Rule
• The Security Rule
• The Breach Notification Rule

Webinar Highlights:

• Overview of HIPAA Regulatory Expectations
• New Regulatory Directions
• Pandemic Rule Relaxations Ending
• Overdue Regulatory Action
• Court Ruling Limiting Regulations
• Issues in Individual Access of Records under HIPAA
• Continued Emphasis on Enforcement of Individual Access Rules
• Court Ruling Limiting Third-Party Access Requests
• Limitation of Business Associate Liability for Compliance
• HIPAA Security Rule Enforcement
• Using an Information Security Management Process Helps
• Dealing with Incidents and Breaches
• HIPAA Accounting of Disclosures Changes
• Current Accounting of Disclosures Requirements
• Required Changes and Difficulties Implementing Them
• Likely Regulation to be Proposed.
• Potential Rules Changes
• Acknowledgment of Receipt of Notice of Privacy Practices
• Easing Care Coordination
• TCPA and Cell Phone Communications
• HIPAA Controls and New Technologies
• Difficulty in Managing Privacy
• Calls for HIPAA Expansions

Session Highlights: 

• Understand the HIPAA 2023 Guidance and Compliance and apply the HIPAA rules on providing information under the regulations for individual requests for PHI.
• Know the extent of the limitations on the fees charged to individuals for access to their records and the new changes according to a Federal Court ruling.
• Understand how individual requests to direct their information to a third party are treated differently and the differences when paper vs. electronic records are requested.
• Know what parties are responsible for compliance with the timeliness, form, and format requirements for individual requests and what parties are responsible for the fee requirements for individual requests of PHI.
• See how the US Department of Health and Human Services has sanctioned entities that have yet to manage individual access appropriately.
• Understand how the new rules on data sharing work with the HIPAA individual access rules and how the rules may be updated under the proposed changes.
• Find out the rules for permitted communications with the Family and Friends of patients.
• See how HIPAA allows communications necessary for First Response circumstances., disclosures to Disaster Recovery agencies, and disclosures to Prevent a Serious and Imminent Threat.

Why Should You Attend:

HIPAA of 1996 directs the Secretary of the U.S. Department of Health and Human Services (HHS) to develop and implement regulations to protect the privacy and security of individually identifiable health information. HHS Office for Civil Rights (OCR) administers and enforces HIPAA Rules. This webinar, HIPAA 2023 Guidance and Compliance, will discuss the issues surrounding using various communication technologies under HIPAA controls, including discussing Business Associate responsibilities for compliance under new guidance from HHS. The webinar will prepare organizations for the impacts of likely rule changes in areas such as Accounting of Disclosures, the Notice of Privacy Practices, cell phone communications, and new technologies. Proposed Privacy Rule changes in Care Coordination areas will be explored.

Who Should Attend:

• CEO
• HIPAA Privacy Officers
• HIPAA Security Officers
• Information Security Officers
• Risk Managers
• Compliance Officers
• Privacy Officers
• Health Information Managers
• Information Technology Managers
• Information Systems Managers
• Medical Office Managers
• Chief Financial Officers
• Systems Managers
• Chief Information Officer
• Healthcare Counsel/lawyer
• Operations Directors

Presenter Information:

Name: Jim Sheldon-Dean

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. 

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C. 

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.