Webinar Pack Price
Offer Price: US$450.00
You Save: US$624.00 (58%)*
Regular Price: US$1,074.00

Webinar Packs Access recorded version only for one participant; unlimited viewing for 6 months.
(For Customize Webinar Packs Please Call Customer Care)

Instructor : Jim Sheldon Dean
Product Id : 20060PACK

Overview: For many years, HIPAA enforcement was not taken seriously, and enforcement actions used to consist of little more than a slap on the wrist and some advice on what to do better the next time. But all that has changed, and now the US Department of Health and Human Services Office for Civil Rights has begun vigorous enforcement of the HIPAA regulations, and is not hesitant about applying multi-million dollar fines.

Now that the rules have been in place for more than ten years, the days of advice and counseling have been replaced by a hard-nosed enforcement attitude, where HHS OCR is ready to make health care organizations that violate the rules feel some pain for their actions.

If your organization is not ready, the HIPAA rules have new, significantly higher fines, including mandatory minimum fines of $10,000 for willful neglect of compliance. In addition, HIPAA enforcement has taken on a new importance at HHS; officials have publicly stated that enforcement is now a priority, and that means being ready for an audit or compliance review is more important than ever.

If you don't take the proper steps to ensure your patients' rights and health information are being protected according to the HIPAA Privacy, Security, and Breach Notification Rules, you can be hit with significant fines and penalties. With the increased HIPAA fines beginning at $10,000 in cases of willful neglect, following the privacy requirements, providing good information security, and being in compliance are more important than ever.

In this session we will review the HIPAA enforcement actions that have taken place and examine why the enforcement took place, and what could have been done to prevent the incident that led to the enforcement. We will look at the requirements that were not met and discuss what HIPAA entities need to do to ensure that the proper policies, procedures, training, and documentation of their application are in place to prevent problems and limit the organization's exposure in incidents.

In this session we will also discuss the HIPAA audit program and how it works, and discuss the areas that caused the most issues in the 2012 audits. We will explore what kind of issues and what kind of entities had the most problems, and show where entities need to improve their compliance the most, and also explore the typical risk issues that lead to breaches of health information and see how those issues may be a target for auditors in 2015.

We will discuss the HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and business associates. We will explain the recent changes that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000.

The results of prior enforcement actions and HHS audits (and their penalties) will be discussed, including recent actions involving multi-million dollar fines and settlements. In addition, new trends in information security risks will be discussed so you can start to plan for the work you'll need to do to stay in compliance and keep patient information private and secure.

Why should you attend: HIPAA Compliance requires that you be prepared to handle Protected Health Information properly and follow the requirements in the HIPAA Privacy, Security, and Breach Notification Rules. If there is a problem that comes to the surface, through a complaint, breach, or audit, an enforcement action can result. Enforcement actions include financial settlements that can reach into the millions of dollars, as well as Corrective Action Plans that can take years to complete and can cost many times the expense of the monetary settlements.

Violations originated from such simple things as returning copiers to the leasing company without removing the PHI on the hard drive, moving offices without accounting for hard drives stored in a closet, and improperly disposing of printed materials, that all could have been prevented with the implementation of policies and procedures and training on them. Several settlements for violations involve improper consideration of the requirements in the Security Rule, which calls for extensive policies and procedures based on an accurate and thorough entity-wide risk analysis.

Every entity under the HIPAA regulations needs to know why the enforcement actions took place and what could have been done differently to prevent the violations that led to enforcement, so they can avoid those issues and their significant impact. Failure to do so can lead to financial settlements, fines, and/or corrective action plans that can severely impact your organization.

Areas Covered in the Session:
  • The HIPAA enforcement processes and how they apply to covered entities and business associates
  • The HIPAA Privacy, Security, and Breach Notification regulations (and the recent changes to them) and how their compliance will be evaluated in enforcement circumstances
  • Recent changes to the HIPAA enforcement regulations that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000
  • The information and documentation that needs to be prepared in advance so that you can be ready for an enforcement review or an audit without notice
  • The results of prior HHS enforcement actions and audits (and their penalties), including recent actions involving multi-million dollar fines and settlements
  • Identification of weaknesses in organizational compliance
  • Questions asked in prior audits and enforcement reviews
  • Future threats to the security of patient information
  • The importance of a good compliance process to help you stay compliant more easily

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Instructor : Jim Sheldon Dean
Product Id : 20060PACK

Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures, but also that you ensure you have the right policies, procedures, and documentation, and have performed the appropriate analysis of the risks to the confidentiality, integrity, and availability of electronic Protected Health Information.

Using Risk Analysis can help you make defensible, documented decisions about your compliance in a variety of circumstances, for a variety of regulations. Risk Analysis is the key to making your health information privacy and security regulatory compliance work more sensible as well as defensible.

HIPAA enforcement is on the increase and random audits of HIPAA compliance have begun. In addition, audits of Meaningful Use attestations are examining compliance with Objective 15, which calls for a HIPAA Security Rule risk analysis. Failures in any of these reviews or audits can lead to significant penalties and fines. Your HIPAA Covered Entity or Business Associate needs to have the right reviews and documentation right now.

There are tools freely available that can help in the performance of a Risk Analysis, but a risk analysis takes more than tools, it takes an understanding of what to examine and how to consider what you find, to create a coherent analysis of the risks to your electronic PHI. This session will focus on how you can use the tools as part of an analysis process to give you actionable plans and documentation of considerations made in the process.

If you don't take the proper steps to ensure your patients' health information is being protected according to the HIPAA Security Rule, you can be hit with significant fines and penalties. With the increased HIPAA fines beginning at $10,000 in cases of willful neglect, providing good information security and being in compliance are more important than ever, and a good Risk Analysis is key to that compliance.

We will also discuss the HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and business associates. We will explain the recent changes that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000. We will explore what kind of issues and what kind of entities had the most problems, and show where entities need to improve their compliance the most, and also explore the typical risk issues that lead to breaches of health information and see how those issues may be a target for auditors in 2015.

The results of prior enforcement actions and HHS audits (and their penalties), especially those relating to Risk Analysis, will be discussed, including recent actions involving multi-million dollar fines and settlements. In addition, new trends in information security risks will be discussed so you can start to plan for the work you'll need to do to stay in compliance and keep patient information private and secure.


Why should you attend: The HIPAA Security Rule calls for identification of risks through a risk analysis that considers all of your electronic information, from fax machines and voicemail, to servers and systems. Once those risks are identified, the rules require you to mitigate the identified risks. All of this depends on knowing what to do to create a risk analysis that will guide your security compliance efforts and help you avoid penalties in the event of incidents and breaches.

The meaningful use requirements also require eligible hospitals and eligible professionals to conduct or review a HIPAA Security Rule risk assessment of the certified electronic health record (EHR) technology annually, and implement security updates and correct identified security deficiencies as part of its risk management process. And the policies reviewed, risk analysis performed, and mitigation actions taken must all be documented so that they can withstand the scrutiny of investigators from the US Department of Health and Human Services.

Compliance with HIPAA Rules requires being able to make decisions about how to implement the rules in your own circumstances, and using a risk analysis approach can make that process more logical and better documented. The HIPAA Security Rule requires that all entities periodically evaluate the risks to the confidentiality, integrity, and availability of Protected Health Information, and the rules are backed up by new fines, and penalties, and a new enforcement effort. The changes to the rules create new challenges for HIPAA entities, and new risks for non-compliance and penalties.

Areas Covered in the Session:
  • What the HIPAA Security Rule requires
  • What Meaningful Use Objective 15 requires
  • What a good risk analysis is and isn't
  • Risk Analysis tools and methods
  • The policies you should have for security compliance
  • Finding and filling any gaps in your policies and procedures
  • How to perform risk assessment and analysis
  • Planning the continuing management of your risks
  • Planning your next reviews and your information security management process

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Instructor : Jim Sheldon Dean
Product Id : 20060PACK

Overview: The session will discuss the requirements, the risks, and the issues of the increasing use of social networking for patient communications, and provide a road map for how to use it safely and effectively, to increase the quality of health care and patient satisfaction.

In order to integrate the use of social networking into patient communications, it is essential to perform the proper steps in an information privacy and security compliance process to evaluate and address the risks of using the technology. The process must include consideration of various patient access requirements in the HIPAA Privacy Rule, including new requirements to provide patients electronic access of electronically held PHI which raise new questions of how that access will be provided and how the information will be protected during and after access. And there has long been a HIPAA requirement for covered entities to do their best to meet the requests of their patients for particular modes of communication, and using social networking is no exception.

We will review policies and procedures, documentation, major compliance areas and training to ensure they are updated to meet these new challenges of Social Media.

We will discuss how providers and patients want to use social media for communications and how they may cause privacy and security issues. We will explore how requirements under the Privacy Rule, as explained in guidance from the US Department of Health and Human Services Office for Civil Rights, allow patients to choose their communication method, with new rules for electronic access of records held electronically.

Learn about using an integrated information security management process to integrate new technologies into business processes safely and securely.

Discover how your information security Risk Analysis must be updated to include social media, and how a lack of consideration for new technologies can lead to breaches and enforcement actions.

Learn about the importance of policies and procedures and documentation of their training and use in order to provide the proper privacy and security protections and preparation for the new random audit program, now getting under way.

We will also explain how any improper exposure of PHI may result in an official breach that must be reported to the individual and to the US Department of Health and Human Services. At the same time, complaints by a patient if they are not afforded the access they desire can bring about HHS inquiries and enforcement actions. We will discuss how to find the right balance of access and control.

The session will discuss the uses patients and providers have for social media and what must be considered for compliance, and provide a road map for how to use them safely and effectively, to increase the quality of health care and patient satisfaction, and avoid breaches and penalties.

Why should you attend: It seems everyone is signing up for social media and wants to use it in all the incredible ways it can be used, including for health care purposes. Social networking sites offer individuals new ways to relate to each other and share experiences.

The Internet has changed the way people communicate and introduced new risks into the process of providing health care services. Patients want to be able to communicate with their health care providers, and providers want to communicate with their patients, using social networking sites. But communications using social networking sites has some inherent privacy and security risks that may put providers out of compliance. New technologies present new challenges to health care providers, as there are simultaneously new requirements to share information with patients, and a new enforcement effort to ensure the privacy and security of Protected Health Information (PHI). Meeting both challenges requires careful consideration of all the regulations and technologies, as well as patient preferences and work flow.

The stakes are high – any improper exposure of PHI may result in an official breach that must be reported, at great cost and with the potential to bring fines and other enforcement actions. But if a patient complains that they are not afforded the access they desire HHS inquiries and enforcement actions can result, so it is essential to find the right balance of access and control.

HHS compliance audit activity and enforcement penalties are both increased, especially in instances of willful neglect of compliance, if, for instance, your organization hasn't adopted the complete suite of policies and procedures needed for compliance, or hasn’t adequately considered the impact of social networking on your compliance. It is essential to consider social networking sites and how their use affects the privacy and security of PHI; not doing so is inviting enforcement action by HHS.

Areas Covered in the Session:
  • How patients would like to use social media in their health care
  • How providers would like to use social media to deliver health care services
  • The risks of using Social Media for healthcare purposes
  • Using Risk Analysis to determine proper uses of social media in health care
  • The penalties for non-compliance with HIPAA when using Social Media
  • How the HHS HIPAA Audit program might look at social media usage
  • The importance of accepting and working with Social Media
  • Policies and Procedures for compliant use of Social Media
  • The role of training in using Social Media in health care

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Instructor : Jim Sheldon Dean
Product Id : 20060PACK

Overview: In this session we will discuss the HIPAA audit program and how it works, and discuss the areas that caused the most issues in prior audits. We will explore what kind of issues and what kind of entities had the most problems, and show where entities need to improve their compliance the most. We will also explore the typical risk issues that lead to breaches of health information and see how those issues may be a target for auditors in the 2014-2015 round.

  • We will review the contents of the HIPAA Audit Protocol used in 2012 to show what documentation needs to be on hand should your organization be selected for an audit in the 2014-2015 round. The HIPAA Audit Protocol is not easy to use in its incarnation as a Web-based tool, and it does have several deficiencies because of the changes in the rules that became enforceable September 23, 2013, but we will present methods for using the contents of the HIPAA Audit Protocol to build your own compliance plan by extracting and updating the contents and relating your compliance activities directly to the questions that might be asked.
  • In this session we will discuss the HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and business associates. We will explain the enforcement regulations and the recent changes that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000.
  • We will discuss what information and documentation must be prepared in advance so that you can be ready for an audit at any time, including sample information request forms and questions asked at prior audits. The session will also cover how to know if you may become the subject of an audit or enforcement action, and what you can do to help limit your exposure. We will discuss how most enforcement actions come about and what can be done to prevent incidents that lead to enforcement activity.
  • The HIPAA Privacy, Security, and Breach Notification regulations (and the recent changes to them) and how they will be audited will be explained. Documentation requirements for compliance will be explored and a framework of security policies necessary for compliance will be presented. The HIPAA Audit Protocol questions will be explored and ways of using the content to develop a compliance plan will be discussed. The process of exporting the questions will be shown, and a sample spreadsheet showing the results will be presented.
  • The results of prior HHS audits (and their penalties) will be discussed, including recent actions involving multi-million dollar fines and settlements. A plan for attaining compliance will be presented. The steps to follow to prepare for an audit and respond to an audit request will be outlined.

Why should you attend:
  • While in the past, audits had been performed only at entities that reported a breach or had a compliant filed against them, the new rule calls for audits whether or not there is a complaint or breach. This means that the HHS Office for Civil Rights (OCR) can show up and ask to perform an audit on short notice, and your organization will need to provide a response in less than ten business days. Knowing what questions are likely to be asked and have been asked at prior HIPAA compliance audits can make preparing for and surviving a HIPAA audit much easier
  • USDHHS has published the protocol used for the 2012 HIPAA audits by the HHS contractors, and sets of questions asked in audots have become available, so it is possible to know much better now how to prepare for an audit. Nearly any health care covered entity or business associate may be subject to an audit; all entities need to know what kinds of questions they’ll be asked, what information they'll need to provide and how to prevent issues that could lead to violations and fines
  • Areas of weakness as shown in the 2012 audits and as shown by breach reports are likely targets for the next round of audit questions. If your organization is not ready, the HIPAA rules have new, significantly higher fines, including mandatory minimum fines of $10,000 for willful neglect of compliance
  • In addition, HIPAA enforcement has taken on a new importance at HHS; officials have publicly stated that enforcement is now a priority, and that means being ready for an audit is more important than ever. The "slap-on-the-wrist" days are over and fines and settlements are being levied, with more on the way -- don't let your organization be hit for an audit unprepared

Areas Covered in the Session:
  • Find out what the audit process is, what HHS OCR is likely to ask you if you are selected for an audit, and what you'll have to have prepared already when they do
  • Learn how to make the HIPAA Audit Protocol useful to you as a way to organize and track your compliance work, and collect your documentation references
  • Find out what you'll need to have documented to survive an audit and avoid fines
  • Learn how to use an information security management process to evaluate risks and make decisions about how best to protect PHI and meet patient needs and desires
  • Find out what policies and procedures you should have in place
  • Learn about the training and education that must take place and be documented to ensure your staff uses health information properly and does not risk exposure of PHI
  • Find out the steps that must be followed in the event of a breach of PHI
  • Learn about how the HIPAA audit and enforcement activities are now being increased and how you must be prepared or risk significant penalties

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Instructor : Jim Sheldon Dean
Product Id : 20060PACK

Overview: This session will focus on the rights of individuals to communicate in the manner they desire, and how a medical office can decide what is an acceptable process for communications with individuals. The session will explain how to discuss communications options with individuals so that you can best meet their needs and desires, while preserving their rights under the rules.

  • With the new HIPAA random audit program now getting under way, and increases in enforcement actions following breaches, now is the time to ensure your organization is in compliance with the regulations and meeting the e-mail and texting communication needs and desires of its providers and patients. You need the proper privacy protections for health information, and the necessary documented policies and procedures, as well as documentation of any actions taken pursuant to your policies and procedures. Your policies and procedures will probably need major revisions to maintain compliance in areas such as individual access of records, accounting of disclosures, and breach notification. And, of course, you will need to train your staff in all the new policies and procedures.
  • E-mail has long been a staple of people's lives, but as we move into the new digital age, it seems everyone is moving to a new smart phone and wants to use it in all the incredible ways it can be used for health care purposes, including the use of e-mail and texting. Doctors are finding that texting is far more flexible, convenient, and effective than paging, and patients want to be able to use short message texting for handling of appointments, updates, and the like, where even e-mail or the telephone would seem inconvenient.
  • In order to integrate the use of e-mail and texting into patient communications, it is essential to perform the proper steps in an information security compliance process to evaluate and address the risks of using the technology. This session will describe the information security compliance process, how it works, and how it can help you decide how to integrate e-mail and texting into your organization in a compliant way. The process, including the use of information security risk analysis, will be explained, and the policies needed to support the process will be described.
  • But the process must also include consideration of various patient access requirements in the HIPAA Privacy Rule. There are new requirements to provide patients electronic access of electronically held PHI which raise new questions of how that access will be provided and how the information will be protected during and after access. And there has long been a HIPAA requirement for covered entities to do their best to meet the requests of their patients for particular modes of communication, and using e-mail or texting is no exception.
  • The stakes are high - any improper exposure of PHI may result in an official breach that must be reported to the individual and to the US Department of Health and Human Services, at great cost and with the potential to bring fines and other enforcement actions if a violation of rules is involved. Likewise, complaints by a patient if they are not afforded the access they desire can bring about HHS inquiries and enforcement actions, so it is essential to find the right balance of access and control.
  • HHS compliance audit activity and enforcement penalties are both increased, especially in instances of willful neglect of compliance, if, for instance, your organization hasn't adopted the complete suite of policies and procedures needed for compliance, or hasn't adequately considered the impact of e-mail or texting on your compliance.
  • The session will discuss the requirements, the risks, and the issues of the increasing use of e-mail and texting for patient and provider communications and provide a road map for how to use them safely and effectively, to increase the quality of health care and patient satisfaction. In addition, the session will discuss how to be prepared for the eventuality that there is a breach, so that compliance can be assured.

Why should you attend:
  • Now that requirements for allowing patients electronic access to their health information are in effect, and as patients increasingly come to depend on electronic communications, there are new demands for communication via e-mail and texting. Patients don't want to bother with secure Web-site-based solutions, they just want to use the tools they already use for communication, and they have a right to communicate how they wish.
  • How can HIPAA requirements for privacy and security be reconciled with patient requests for information provided by e-mail and text messages? This session will discuss the differences between professional communications and patient communications, and how they must be treated to best serve patients, most efficiently enable communications, and remain within the bounds of HIPAA compliance.
  • The HIPAA Omnibus Update rules contain numerous changes to HIPAA Privacy, Security, and Breach Notification rules that affect communication with patients and clients of health care services, who often ask to communicate with health care offices via e-mail or text message. Many of the policies and procedures in place at every health care-related organization will need to be reviewed and updated to meet the new requirements. Organizations need to understand the various ways that health care communications can take place, and how patient communications fit in with the HIPAA rules. They need to design and implement a patient communication policy and plan, and train their staff on it, or they may face significant new fines for noncompliance.
  • E-mail and texting present new challenges to health care providers, as there are simultaneously new requirements to share information with patients, and a new enforcement effort to ensure the privacy and security of Protected Health Information (PHI). Meeting both challenges requires careful consideration of all the regulations and technologies, as well as patient preferences and work flow.
  • Most HIPAA covered entities now face difficult choices between compliance and ease of communication. Most organizations haven't updated their information security risk analysis or policies and procedures and run the risk of breaches, rule violations, and fines in the event of mishandling of PHI using these new technologies.

Areas Covered in the Session:
  • Find out the ways that patients want to use their e-mail and texting to communicate with providers, and the ways providers want to use e-mail and texting to enable better patient care
  • Learn what are the risks of using e-mail and texting, what can go wrong, and what can result when it does
  • Find out about HIPAA requirements for access and patient preferences, as well as the requirements to protect PHI
  • Learn how to use an information security management process to evaluate risks and make decisions about how best to protect PHI and meet patient needs and desires
  • Find out what policies and procedures you should have in place for dealing with e-mail and texting, as well as any new technology
  • Learn about the training and education that must take place to ensure your staff uses e-mail and texting properly and does not risk exposure of PHI
  • Find out the steps that must be followed in the event of a breach of PHI
  • Learn about how the HIPAA audit and enforcement activities are now being increased and what you need to do to survive a HIPAA audit

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Instructor : Jim Sheldon Dean
Product Id : 20060PACK

Overview: New changes modifying the HIPAA Privacy and Security Regulations are going into place to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009. The changes include establishing new rights for individuals as well as changes to the limitations on uses and disclosures. New requirements for patient access to records and requirements to notify individuals in the event of a breach are only two of the many areas affected in the new law, including new requirements for restriction and accounting of disclosures and increased enforcement activity.

  • Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates and their subcontractors will need to establish compliance programs. And if you are required to have a HIPAA Notice of Privacy Practices, you will need to update that to show all the new rights that patients will have, such as electronic copies, new rights to restrict disclosures, and much more.
  • Business associates are now directly covered by the HIPAA privacy and security regulations and are liable for fines and penalties if they do not comply. If a business associate supplies services that interact with the new changes to the rules, the BA will need to be aware of the new requirements. We will explain what a Business Associate needs to do differently under the new regulations.
  • Electronic records have new demands placed on them, in both providing access and in accounting for all disclosures of health information - the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be tracked in an EHR and review the various ways patient records can be supplied electronically.
  • The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be changed and how. We will show what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights. Now that there is a legislative mandate to audit compliance, and a random audit plan well under way, you need to be prepared to respond to audit requests.
  • Not only are the compliance rules changed, but the enforcement rules have changed, with a new four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. And any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty.
  • Whereas the former practice of USDHHS has been to audit compliance only in instances where a violation was reported, the law now requires USDHHS to conduct a regular HIPAA compliance audit program. The new audit program is already under way. With the far-reaching changes in the rules and the new enforcement and penalty levels, it’s never been more important to review your HIPAA compliance and meet the new requirements.
  • This Webinar will help health information professionals understand what they have to do, and when, and what to keep in mind as they move forward, in order to be prepared for compliance with the new regulations. It will provide a comprehensive look at the changes in the law and prepare attendees for the process of incorporating the changes into how they do business in their facilities.

Why should you attend:
  • The HIPAA privacy and security regulations are changing in ways that affect every health care-related entity, from providers to insurers to business associates, and more. The HIPAA Privacy and Security Regulations have been modified in regulations previously issued as interim final rules (IFRs) and notices of proposed rule making (NPRMs) by the US Department of Health and Human Services (USDHHS), and many of these new regulations have been finalized in the new final HIPAA update. There are new rights established for individuals that entities must be prepared to honour, as well as new limits on disclosures that entities must be aware of to be fully compliant.
  • All kinds of covered entities, and now, business associates of covered entities and their subcontractors as well, need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the changes in the rules. Any entity whose activities involve the new rights and limitations will need to update their policies and procedures.
  • Changes in marketing regulations are creating new obligations and limiting behaviours that may already be in place.
  • New regulations around the release and accounting of electronic records are creating new burdens that your EHR and your medical records department must deal with. You will even have to update your HIPAA Notice of Privacy Practices to show how you support the new patient rights under HIPAA as amended by HITECH.
  • The enforcement rules have changed, with a new four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. And any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty.

Areas Covered in the Session:
  • The new regulations will be reviewed and their effects on usual practices will be discussed, as well as what policies need to be changed and how.
  • Learn how the new regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.
  • Find out about how individuals can now request certain restrictions on disclosures that you must honour.
  • Learn about the new requirements for disclosers of health information to apply "minimum necessary" standards.
  • Find out about how new limitations on marketing and fund-raising may change how entities can reach out to individuals.
  • The features that must be available in EHR systems and the questions to ask system vendors will be described. The processes for responding to requests for copies of electronic records and accountings of disclosures will be related to the regulations that require them.
  • The role of business associates will be discussed, and the extension of some new requirements out to them by way of their use of Designated Record Set data will be explored, including potential necessary changes to business associate agreements.
  • Learn all about how new audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.
  • We will show what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights. Now that there is a legislative mandate to audit compliance, and a random audit plan under way, you need to be prepared to respond to audit requests.

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.