New changes modifying the HIPAA Privacy and Security Regulations have gone into place to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009, as implemented in the HIPAA Omnibus Update rule published January 25, 2013.
Areas Covered in the Session:
- Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules. New regulations around the release of electronic records have created new burdens that your EHR and your medical records department must deal with. And if you are required to have a HIPAA Notice of Privacy Practices, you will need to update that to show all the new rights that patients will have, such as electronic copies, new rights to restrict disclosures, and much more.
- Electronic records have new demands placed on them, in both providing access and in restricting some disclosures of health information – the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be restricted in an EHR and review the various ways patient records can be supplied electronically.
- The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be changed and how. We will show what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights. Now that there is a legislative mandate to audit compliance, you need to be prepared to respond to audit requests.
- Not only are the compliance rules changed, but the enforcement rules have changed, with a new four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. And any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty. We will discuss what is necessary to avoid penalties and make sound compliance decisions.
- Whereas the former practice of USDHHS has been to audit compliance only in instances where a violation was reported, the law now requires USDHHS to conduct a regular HIPAA compliance audit program. The new audit program is being renewed in 2014, with a new focus based on the experience learned in prior audits. With the far-reaching changes in the rules and the new enforcement and penalty levels, it’s never been more important to review your HIPAA compliance and meet the new requirements.
- This Webinar will help health information professionals understand what they have to do, and when, and what to keep in mind as they move forward, in order to be prepared for compliance with the new regulations. It will provide a comprehensive look at the changes in the rules and prepare attendees for the process of incorporating the changes into how they do business in their facilities.
Who Will Benefit:
- The new regulations will be reviewed and their effects on usual practices will be discussed, as well as what policies need to be changed and how.
- We will show what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights. Now that there is a legislative mandate to audit compliance, and a random audit plan under way, you need to be prepared to respond to audit requests.
- The features that must be available in EHR systems and the questions to ask system vendors will be described. The processes for responding to requests for copies of electronic records and restrictions of disclosures will be related to the regulations that require them.
- Learn how the new regulations change the way individuals have access to their records.
- Find out about how Individuals can now request certain restrictions on disclosures that you must honor.
- Learn about the new requirements for disclosers of health information to apply "minimum necessary" standards.
- Find out about how new limitations on marketing and fund-raising may change how entities can reach out to individuals.
- Learn all about how new audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.
- Compliance Director
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
Upon completion of this activity, participants will be able to:
CME Credit Statement
- Explain how to maintain compliance with the new HIPAA Omnibus requirements.
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of CFMC and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.
CFMC designates this educational activity for a maximum of 1.5 AMA PRA Category 1 Credits™. Physicians should only claim credit commensurate with the extent of their participation in the activity.
Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 1.5 hours.
It is the policy of CFMC and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity.
All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations
Obtaining Certificate of Credit
Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.