The Office of Civil Rights (OCR) released the long awaited final regulations that affect four things; the privacy law, the security law, the HITECH rules and Genetic Information Nondiscrimination Act (GINA). These become effective September 23, 2013. These mean big changes to hospitals. This document was 563 pages long and is referred to as the mega rule. Hospitals will need to rewrite some of their policies and procedures. Staff will need to be educated.
Hospitals will need to revise their Notice of Privacy Practice which is provided to patients. Hospitals will need to revise their Business Associate (BA) agreements. Additional resources will be provided on this issue. The penalties have been increased. The kid gloves have come off and now it is more important than ever that every hospital ensure compliance with the new HIPAA regulations.
The Office for Civil Rights has issued a number of guidance notices in addition to the some model notices of privacy practices. This includes a new guidance on the following: marketing and refill reminders, decedents, and immunizations. OCR also issues a HIPAA Law Enforcement Guide and a sample business associate contract.
There are many changes to the HITECH law including the new standard that will replace the "harm standard." Changes have been made for the use and disclosure of medical record information, commonly referred to as protected health information (PHI). Changes have been made to fundraising research authorization and expanded protection for the medical records or PHI of a patient who is deceased
Why should you attend:All hospitals and other healthcare providers and entities must be compliant with the HIPAA regulations. This includes compliance with recent changes in privacy, security, HITECH (breach notification law) and the Genetic Information Nondiscrimination Act (GINA). The government has taken the kid gloves off when it comes to HIPAA. There are new penalties and OCR now has staff that go out and audit to ensure compliance.
Areas Covered in the Session:
Who Will Benefit:
- OCR Model NPP (Notice of Privacy Practices)
- OCR Business Associate Sample Contract
- Office for Civil Rights and HIPAA
- Topics discussed in Final Rules
- Topics not addressed in the Final Rules
- How to locate a copy of the final rule
- Revised Notice of Privacy Practices
- New penalties and enforcement
- Patient rights to receive an electronic copy of their medical records
- Exceptions, cost,
- Access to protected health records
- HIPAA compliant authorization form
- PHI of deceased patients
- Revision of hospital policies and procedures
- Staff education
- Changes to the Breach Notification Rule
- Definition of breach
- No longer to do a "harm analysis"
- Four objective factors to determine if PHI is compromised
- Document the risk assessment
- Marketing, fundraising and the sale of PHI
- Case managers, care coordination
- What costs are permitted
- OCR Guidance on Refill Reminders and Marketing
- Immunization records
- GINA Genetic Information Nondiscrimination Act
- Relationship to the CMS hospital CoP grievance standard
- CMS Hospital Memo on Privacy and Confidentiality
- HIPPA Privacy and Security Officers
- Compliance Officer
- Risk Management
- Chief Nursing Officer
- Director of Health Information Management (HIM)
- Medical Records Staff (HIM)
- Chief Financial Officer
- Operational Directors
- Chief Medical Officer
Upon completion of this activity, participants will be able to:
CME Credit Statement
- Discuss how to be compliant with the recent changes in privacy, security, HITECH, and GINA and the penalties that can apply.
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of CFMC and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.
CFMC designates this educational activity for a maximum of 2 AMA PRA Category 1 Credits™. Physicians should only claim credit commensurate with the extent of their participation in the activity.
CNE Credit Statement
CFMC is an approved provider of continuing nursing education by the California Board of Registered Nurses, an accredited approver by the American Nurses Credentialing Center's Commission on Accreditation.
Provider approved by California Board of Registered Nursing, Provider # 16031 for 2 contact hours.
Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 2 hours.
It is the policy of CFMC and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity.
All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations
Obtaining Certificate of Credit
Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.