HIPAA Privacy Policies and Procedures: Prepare for Updates and New Requirements

Duration: 90 Minutes
Instructor: Jim Sheldon Dean
Webinar Id: 800004


One Attendee


Learn how having good policies and procedures and good documentation can make compliance easier.

  • If your office handles patient information, don’t miss this teleconference on compliance with the extensive requirements for policies and procedures in the HIPAA privacy regulation. The HIPAA Privacy Rule includes numerous requirements for policies and procedures around the use and disclosure of protected health information, including such areas as the release of information, privacy rights, and protection from unauthorized uses and disclosures.
  • Proposed changes and expansions to HIPAA, going into effect in 2011, dramatically expand the types of entities to which the regulations directly apply, which means that more entities than ever need to adopt the proper HIPAA Privacy policies and procedures to be in compliance.
  • HHS compliance audit activity and enforcement penalties are both increased, especially in instances of willful neglect of compliance, if, for instance, your organization hasn't adopted the complete suite of polcies and procedures needed for compliance.
  • Learn what it takes to get in compliance and stay there, even as your operations and environment change. Find out what compliance actions are required by the regulations, what policies they call for, and how you decide what’s right for HIPAA compliance for your organization. This teleconference will provide the background and details necessary to develop an understanding of the origins of the HIPAA privacy regulation and the process used in complying with the rule, including the adoption of policies and procedures.
  • With the proposed changes to HIPAA, many policies and procedures now in place will need to be changed, including significant changes to how individuals access their own information, what they can ask you to report about their information, what privacy restrictions they can request, and how you can use their information in several areas. There may be significant hurdles to overcome in developing the procedures necessary to implement compliance with the new regulations. The changes and their impacts will be described.
  • If you are asked by the US Department of Health and Human Services to show that you are in compliance with the HIPAA privacy regulation, you will need to show that you have the proper policies and procedures in place as required by the rules and that you have been using them. This teleconference will lay out a structure for the set of policies needed and identify the topic areas that policies should include, making it easier to deal with the dozens of policy details that are required.
Why you should attend:
  • The HIPAA Privacy Rule has been in place since 2003 and is now getting a major overhaul with a number of proposed amendments going into effect in 2011. HIPAA compliance has always required a full set of policies and procedures, but with the proposed changes, it will be time to revisit all your HIPAA Privacy policies and procedures to make sure you don't get in trouble in one of the new HIPAA compliance audits just getting under way.
  • Have you reviewed your privacy policies recently to see if they're up to date? Has your staff been trained to know what policies apply and how to respond to patient inquiries? Do you know what policies will need to be changed to meet the upcoming HIPAA requirements going into effect in 2012?
  • Now there are new, increased penalties for HIPAA violations and a new auditing process being developed so that HIPAA covered entities will be subject to reviews by the US Department of Health and Human Services' Office for Civil Rights even if no one files a complaint.
  • If you haven’t done what’s required under the HIPAA Privacy Rule, you could be liable for willful neglect penalties that begin at $10,000 minimum and go up from there. You need the proper privacy protections for health information, and the necessary documented policies and procedures, as well as documentation of any actions taken pursuant to your policies and procedures.
  • And the changes to HIPAA going into effect in 2012 will have a fundamental effect on how patients interact with their health information and how it is used. Your policies and procedures will probably need major revisions to maintain compliance in areas such as individual access of records, restrictions on disclosures, and accounting of disclosures. And, of course, you will need to train your staff in all the new policies and procedures.
Areas Covered in the Session:
  • Find out what the requirements for policies and procedures are and why they're a good thing.
  • Learn how having good policies and procedures and good documentation can make compliance easier.
  • Learn what policies need to be in place to meet HIPAA requirements for use and disclosure of protected health information, including everything from identifying the Privacy Officer to handling requests for corrections in records.
  • Learn how to use your policies and procedures, and the documentation of use of your policies and procedures, to satisfy audit requirements and avoid penalties.
  • Hear how the Privacy Rule is changing, and how the changes will need to be reflected in your policies.
  • Find out how training is an essential part of policies and procedures new and old, for long-time employees as well as new staff.
  • Learn what the significant penalties are for non-compliance with policy and procedure requirements.
  • Find out what are the first steps to take in developing your policies and procedures for HIPAA Privacy Rule compliance.
Who Will Benefit:
  • Compliance director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

You Recently Viewed