HIPAA and Business Associates - New Rules and New Obligations

Instructor: Jim Sheldon Dean
Webinar Id: 800069

Duration: 90 Minutes

  • Recorded
  • Only for one participant ?
  • Price $245.

Overview:

This session will start with the definition of a HIPAA Business Associate including what is and is not a Business Associate and what other kinds of relationships can exist besides a HIPAA Business Associate relationship. The role of business associates will be explored and how they are treated under HIPAA will be explained.

  • New changes modifying the HIPAA Privacy and Security Regulations are going into place to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009. New requirements for business associates of HIPAA covered entities are significant and represent a significant departure from the old ways of regulating Business Associates under HIPAA.
  • The new regulations will be reviewed and their effects on usual practices for Business Associates and their relationships with covered entities will be discussed. We will explain what a Business Associate needs to do differently under the new regulations, provide a policy framework for information security, show what policies need to be changed and how, and describe the required and recommended elements of a Business Associate Agreement.
  • The new enforcement penalty structure and the latest plans for audits by HHS OCR will be described and a plan for being prepared for audits will be discussed.
  • Business associates are now directly covered by the HIPAA privacy and security regulations and are liable for fines and penalties if they do not comply. In addition, there are new kinds of businesses that are considered to be business associates, such as Health Information Exchanges and e-Prescribing Gateways, but also patient safety organizations and any subcontractors of business associates, putting thousands of businesses under regulation that were not regulated by HHS before now. We will explain what a Business Associate needs to do differently under the new regulations.
  • Not only are the compliance rules changed, but the enforcement rules have changed, with a new four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. And any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty.
  • This Webinar will help health information professionals understand what they have to do, and when, and what to keep in mind as they move forward, in order to be prepared for compliance with the new regulations. It will provide a comprehensive look at the changes in the law and prepare attendees for the process of incorporating the changes into how they do business in their facilities.
Why should you attend:
  • New updates to the HIPAA regulations contain numerous changes based, for the most part, on The HITECH Act passed in 2009. Some of the most significant changes have to do with how Business Associates of HIPAA covered entities are treated under the regulations. HIPAA Business Associates are now covered directly under the Privacy Rule’s use and disclosure limitations and the Security Rule’s safeguard provisions, and will be responsible for their own compliance with the regulations and may be held directly liable for any violations of the regulations.
  • The latest regulations also change such things as who is a Business Associate: now sub-contractors of Business Associates are also treated as business associates, greatly expanding the pool of entities under regulation to some that may not even be aware they have become HIPAA Business Associates. The new requirements have a direct impact on what needs to be put into the business associate agreements you establish.
  • In addition, other changes put into effect new rights of individuals to receive electronic copies of information held electronically, ask for certain restrictions on disclosures, and other capabilities that Business Associates may need to provide for their covered entity clients. All kinds of covered entities, and now, business associates of covered entities as well, need to review their HIPAA compliance, policies, and procedures to see of they are prepared to meet the changes in the rules.
  • In addition, Business Associates have emerged as a leading source of health information breaches, and we will discuss what covered entities should do to ensure good practices by their Business Associates in order to avoid the considerable expense of breaches.
Areas Covered in the Session:
  • Business Associates have new requirements to comply with HIPAA privacy protections and security safeguards and are subject to enforcement and penalties directly by HHS.
  • Sub-contractors of Business Associates are also considered to be Business Associates under the new rules.
  • Health Information Exchanges, Regional Health Information Exchanges, and e-Prescribing gateways are now considered to be Business Associates
  • The new regulations change the way individuals have access to their records, how much they can find out about who has accessed their records, and allow new rights to restrict certain disclosures, and Business Associates who supply EHR services will need to provide those capabilities.
  • Business Associate Agreements are now more important than ever, because breaches by Business Associates are common and carry tremendous expenses for the affected covered entities.
  • New limitations on marketing and fund-raising may change how entities can reach out to individuals, and may change business associate relationships.
  • New audit and penalty requirements increase the need to make sure covered entities and Business Associates are in compliance before HHS OCR knocks on the door.
  • The new penalty structure and the new audit program mean that you are more likely to be audited for HIPAA compliance, and you may be facing significantly higher penalties for non-compliance than ever before.
  • Learn how Health Information Exchanges, Regional Health Information Exchanges, and e-Prescribing gateways are now considered to be Business Associates.

Who Will Benefit:
  • Compliance director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.


You Recently Viewed