HIPAA Business Associates - New Rules Mean New Obligations with Compliance by September 23, 2013

Instructor: Jim Sheldon Dean
Webinar Id: 800158

Duration: 90 Minutes

  • Recorded
  • Only for one participant ?
  • Price $225.

Overview:

This session will start with the definition of a HIPAA Business Associate including what is and is not a Business Associate and what other kinds of relationships can exist besides a HIPAA Business Associate relationship. The role of business associates will be explored and how they are treated under HIPAA will be explained.

The new regulations will be reviewed and their effects on usual practices for Business Associates and their relationships with covered entities will be discussed. We will explain what a Business Associate needs to do differently under the new regulations, provide a policy framework for information security, show what policies need to be changed and how, and describe the required and recommended elements of a Business Associate Agreement.

Specific language must be incorporated in all HIPAA BA agreements, and agreements must be examined to ensure that liability, indemnification, and notification for incidents and breaches are properly covered. Any agreement signed since January 25, 2013 will need to meet the new standards by September 23, 2013; valid agreements and “evergreen” auto-renewing contracts already in place and signed under the old rules prior to January 25, 2013 have until September 23, 2014 to be updated.

This Webinar will help health information professionals understand what they have to do, and when, and what to keep in mind as they move forward, in order to be prepared for compliance with the new regulations. It will provide a comprehensive look at the changes in the law and prepare attendees for the process of incorporating the changes into how they do business in their facilities.

Areas Covered in the Session:

  • Business Associates have new requirements to comply with HIPAA privacy protections and security safeguards and are subject to enforcement and penalties directly by HHS.
  • Sub-contractors of Business Associates are also considered to be Business Associates under the new rules.
  • Patient Safety Organizations, Health Information Exchanges, Regional Health Information Exchanges, and e-Prescribing gateways are now considered to be Business Associates
  • The new regulations change the way individuals have access to their records, how much they can find out about who has accessed their records, and allow new rights to restrict certain disclosures, and Business Associates who supply EHR services will need to provide those capabilities.
  • Business Associate Agreements are now more important than ever, because breaches by Business Associates are common and carry tremendous expenses for the affected covered entities.
  • New limitations on marketing and fund-raising may change how entities can reach out to individuals, and may change business associate relationships.
  • New audit and penalty requirements increase the need to make sure covered entities and Business Associates are in compliance before HHS OCR knocks on the door.
  • The new penalty structure and the new audit program mean that you are more likely to be audited for HIPAA compliance, and you may be facing significantly higher penalties for non-compliance than ever before.

Who Will Benefit:
  • Compliance director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager

CME Credit Statement
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of Colorado Foundation for Medical Care (CFMC) and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.

Colorado Foundation for Medical Care designates this educational activity for a maximum of 1.5 AMA PRA Category 1 Credits™. Physicians should only claim credit commensurate with the extent of their participation in the activity.

Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 1.5 hours.

Disclosure Statement
It is the policy of Colorado Foundation for Medical Care (CFMC) and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity. All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations.

#
Obtaining Certificate of Credit

Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC’s online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.


You Recently Viewed