Description

The HIPAA rules for Privacy and Security of Protected Health Information are undergiong significant expansion, with new requirements, fines, and penalties, and a new enforcement effort.

Why should you Attend:

The HIPAA privacy and security regulations are changing in ways that affect every health care-related entity, from providers to insurers to business associates, and more. The HIPAA Privacy and Security Regulations have been modified in regulations issued as interim final rules (IFRs) and notices of proposed rule making (NPRMs) by the US Department of Health and Human Services (USDHHS).

• All kinds of covered entities, and now, business associates of covered entities and their subcontractors as well, need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the changes in the rules. Some subcontractors of business associates may not even be aware that they handle protected health information and now fall under the regulations.

• A whole range of new regulations around the release and accounting of electronic records have created new burdens that your EHR and your medical records department must deal with.

• Not only are the compliance rules changed, but the enforcement rules have changed, with a new four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. And any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty.

• Whereas the former practice of USDHHS has been to audit compliance only in instances where a violation was reported, the law now requires USDHHS to conduct a regular HIPAA compliance audit program, and soon those individuals harmed by a violation will have the right to a share in any settlements or penalty collections. The new audit program is already getting under way.

• With the far reaching changes in the rules and the new enforcement and penalty levels, it’s never been more important to review your HIPAA compliance and meet the new requirements.

Description of the topic:

• New regulations modifying the HIPAA Privacy and Security Regulations have been proposed and/or finalized to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009. New requirements for business associates of HIPAA covered entities and requirements to notify individuals in the event of a breach are only two of the many areas affected in the new law, including new requirements for restricting and accounting of disclosures and increased enforcement activity.

• All kinds of covered entities, and now, business associates of covered entities and their subcontractors as well, need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the changes in the rules. Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates and their subcontractors will need to establish compliance programs.

• And the regulations include new requirements for audits by the US Department of Health and Human Services and mandatory penalties in the event of willful neglect of the regulations.

• This teleconference will help health information professionals understand what they have to do, and when, and what to keep in mind as they move forward, in order to be prepared for compliance with the new regulations. It will provide a comprehensive look at the changes in the law and prepare attendees for the process of incorporating the changes into how they do business in their facilities.

• Business associates are now directly covered by the HIPAA privacy, security, and breach notification regulations and are liable for fines and penalties if they do not comply. In addition, there are new kinds of businesses that are considered to be business associates, such as Health Information Exchanges and e-Prescribing Gateways,as well as patient safety organizations and any subcontractors of business associates, putting thousands of businesses under regulation that were not regulated before now. We will explain what a Business Associate needs to do differently under the new regulations, including providing a policy framework for information security.

• Penalties for violations have been increased, including a new, four-tier penalty structure and new mandatory penalties for willful neglect that begin at a minimum of $10,000 and can go up to $1.5 million or more. The definitions of the penalty levels include new definitions for reasonable cause and reasonable diligence, as well as willful neglect, which have a direct impact on the amount of penalty a violation may be subject to.

• Electronic records have new demands placed on them, in both providing access and in accounting for all disclosures of health information – the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be tracked in an EHR and review the various ways patient records can be supplied electronically.

• The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be changed and how. We will show what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights. Now that there is a legislative mandate to audit compliance, and a random audit plan under development, you need to be prepared to respond to audit requests.

Areas Covered in the Session:

The new regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.

Individuals can now request certain restrictions on disclosures that you must honor.

There are new requirements for disclosers of health information to apply “minimum necessary” standards.

Business Associates have new requirements to comply with HIPAA privacy protections and security safeguards and are subject to enforcement and penalties directly by HHS.

Health Information Exchanges, Regional Health Information Exchanges, and e-Prescribing gateways are now considered to be Business Associates

New limitations on marketing and fund-raising may change how entities can reach out to individuals.

New audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.

o Learn how changes to HIPAA came to pass

o Find out the details of the changes to HIPAA, including new definitions

o Understand how the changes affect your organization

o Plan for implementing new requirements

o Learn how to attain compliance

o Find out about new penalties and enforcement of HIPAA

o Discover the Changes to HIPAA Practices in the areas of:

A. Business Associates

B. Breach Notification

C. Accounting of Disclosures

D. Restriction of Disclosures

E. Enforcement, Audits, and Penalties

Who will benefit

Compliance director

CEO

CFO

Privacy Officer

Security Officer

Information Systems Manager

HIPAA Officer

Chief Information Officer

Health Information Manager

Healthcare Counsel/lawyer

Office Manager

Contracts Manager

About Speaker

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of Virginia, New York City, New York State, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Price List: Live: $189.00 One Dial In - Unlimited attendance $249 Recorded: $289.00, CD: $349.00
For any assistance contact us at support@compliance2go.com or call us at 877.782.4696

Description

More health care providers than ever are adopting electronic health records, and new regulations on using them and protecting the information on them are here, with more on the way.

Why Should You Attend:

• Recent and proposed changes to HIPAA that expand the regulation’s reach and increase enforcement, along with incentives to adopt electronic health records, have created a perfect storm for the privacy and security of protected health information (PHI).

• Many of the new changes to HIPAA focus directly on aspects of the use of electronic records, such as the accounting of disclosures of all kinds, even for treatment, payment, and healthcare operations, and the provision of records in electronic formats when requested. These proposed rules have a tremendous impact on not only EHRs, but any electronic systems that hold protected health information in the designated record set.

• The proposed requiement to provide a list of all accesses of an individual records is based on an ability to track accesses that not all systems can provide today. Using electronic records of any kind could mean big headaches for compliance with HIPAA accounting of disclosures requirements.
• To qualify for incentive funding, providers must perform HIPAA Security compliance activities that may have been sidestepped in the past, but no longer can be due to new, higher penalties, including mandatory penalties in the tens of thousands of dollars for willful neglect of compliance. Risk analysis is now clearly required, both for HIPAA and for EHR funding, but many organizations have not yet performed one and find the task overwhelming.

• Providers will need to change how they do business to meet the new requirements as they move to newer electronic records systems, and qualifying for the funding will require the kind of attention to privacy and security that health information has always deserved, but not always received.

Description of the topic

The new and proposed HIPAA Privacy and Security regulations will be reviewed and their effects on the use of EHRs will be discussed. The proposed rules call for an ability to make an electronic copy of an individual's protected health information for any information held in an entity's designated record set. In addition, any accesses of electronic PHI in a designated record set must be recorded so that they can be provided in an access list if requested by the individual. Not only do these requirements call for technical capabilities that may or may not be present in a particular system, but they also imply that an organization would be well-advised to carefully define its designated record set in order to limit its exposure under these requirements, giving the definition of a designated record set new importance.

We will discuss how disclosures and accesses must be tracked in an EHR and review the various ways patient records can be supplied electronically. The proposed rules allow for a variety of methods to accomplish the objectives, but all will require new policies, procedures, and practices. We will show what policies need to be changed and how.

Adopting an EHR and securing funding for it through the Federal program requires that certain objectives be met according to defined measures, including a required objective to protect the privacy and security of information in an EHR. That measure calls for a HIPAA Security risk analysis. We will discuss the scope and methods of a risk analysis that can meet the requirements and make it easier to prioritize your activities to reduce risks and improve security most cost-effectively.

Some of the new regulations require an ability to restrict certain disclosures that may not be easy to implement in EHRs, and may require modifications and upgrades before you can be in compliance.

To be prepared for compliance, you need to be prepared for an audit by the HHS Office of Civil Rights. This session will show you what policies and evidence you need to produce if you are audited, and what you can do ahead of time to show you have securely implemented your EHR and continue to monitor and maintain its security. We will show you how to find out what has been asked of entities in reviews before and what you need to prepare in advance so you can be ready when they call.

Finally, the new enforcement penalty structure and the latest plans for audits by HHS OCR will be described, so you can know what you're up against if you don't make the effort to ensure compliance. Protecting your EHR will require new practices and new routines to help you avoid breaches and the significant penalties of violations, and we will help you understand the ramifications of not doing what's necessary to protect your EHR and its data, so you can make intelligent decisions about your security priorities.

Areas Covered in the Session

• The new regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.

• Individuals can request an accounting of disclosures of their health information including those made for purposes of treatment, payment, or healthcare operations, from an electronic health record, going back three years.

• Individuals have the right to obtain electronic copies of their health information that is stored electronically, from any electronic system in the HIPAA designated record set.

• Individuals can now request certain restrictions on disclosures that you must honor.

• Meaningful Use requirements for EHR funding call for a HIPAA Information Security Risk Analysis and implementation of risk mitigation measures.

• New audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.

• The new penalty structure and plans for audits mean that you are more likely to be audited for HIPAA compliance, and you may be facing significantly higher penalties for non-compliance than ever before.

Who will benefit: The designations

• Compliance director
• CEO
• CFO
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager

About Speaker
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, and has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of Virginia, New York City, New York State, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Price List: Live : $189.00 Corporate live : $499.00 Recorded : $249.00, CD:$299.00

For any assistance contact us at support@compliance2go.com or call us at 877.782.4696

https://compliance2go.com/index.php?option=com_training&speakerkey=12&pr...

Description

Enforcement of HIPAA regulations is being stepped up and new fines and penalties make being ready for an audit in advance essential.

Why Should You Attend
• The US Department of Health and Human Services (HHS)is actively developing plans with consulting firm KPMG to meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA) for performing periodic audits of compliance with the HIPAA Privacy and Security Rules. In addition new enforcement is taking place related to the new HIPAA Breach Notification Rule. While in the past, audits had been performed only at entities that had had a compliant filed against them, the new rule calls for audits whether or not there is a complaint. This means that the HHS Office for Civil Rights (OCR) can show up at your door and ask to perform an audit on short notice, and your organization will need to be ready.

• If your organization is not ready, the HIPAA rules have new, significantly higher fines, including mandatory minimum fines of $10,000 for willful neglect of compliance. All HIPAA Covered Entities and Business Associates need to be fully in compliance and prepared for an audit at any time, or risk the significant fines for non-compliance.

• In addition, HIPAA enforcement has taken on a new importance at HHS, as shown in multi-million dollar fines and even a one million dollar settlement for a breach of just 192 records. HHS OCR officials have publicly stated that enforcement is now a priority, and that means being ready for an audit is more important than ever. The "slap-on-the-wrist" days are over and fines and settlements are being levied, with more on the way -- don't let your organization be hit for an audit unprepared.

• By using an information security management process, those responsible for health and payment information can develop the procedures and policies that can help prevent security problems, and help prepare the organization for any incidents, audits, or enforcement actions.

• If you don't take the proper steps to ensure your patients' health information is being protected according to the HIPAA Security Rule, you can be hit with significant fines and penalties. With the increased HIPAA fines beginning at $10,000 in cases of willful neglect, providing good information security and being in compliance are more important than ever.

Description of the topic

In this session we will discuss the HIPAA audit and enforcement processes and how they apply to covered entities and business associates. We will explain the enforcement regulations and their recent changes that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000. We will discuss what information and documentation needs to be prepared in advance so that you can be ready for an audit without notice. Sample information request forms and questions asked at prior audits will be presented.

• The session will also cover how to know if you may become the subject of an audit or enforcement action, and what you can do to help limit your exposure. We will discuss how most enforcement actions come about and what can be done to prevent incidents that lead to enforcement.

• The HIPAA Privacy, Security, and Breach Notification regulations (and the recent changes to them) and how they will be audited will be explained. Documentation requirements for compliance will be explored and a framework of security policies necessary for compliance will be presented. Meeting any set of information security requirements always involves conducting a thorough risk analysis to make sure you haven't overlooked any weaknesses. We'll discuss what's involved and how it is the cornerstone of your compliance efforts.

• The results of prior HHS audits (and their penalties) will be discussed, including recent actions involving multi-million dollar fines and settlments. A plan for attaining compliance will be presented. The steps to follow to prepare for an audit and respond to an audit request will be outlined. In addition, upcoming trends in information security risks will be discussed.

Areas Covered in the Session

Fines and penalties for violations of the HIPAA regulations have been significantly increased and now include mandatory fines for willful negligence that begin at $10,000 minimum.

HIPAA Audits have been few and far between in the past, but that's now changing - the HHS will be auditing HIPAA covered entities and business associates even if there have been no complaints or problems reported.

Find out what HHS OCR is likely to ask you if you are selected for an audit, and what you'll have to have prepared already when they do.

Find out what the rules are that you need to comply with and what policies you can adopt that can help you come into compliance.

Learn how the HIPAA rules have changed and how you may need to change how you work to keep up with them.

Learn how having a good compliance process can help you stay compliant more easily.

Find out what you'll need to have documented to survive an audit and avoid fines.

Find out what you'll need to think about to deal with future threats to the security of patient information.

Who will benefit: The designations

• Compliance director
• CEO
• CFO
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager

About Speaker
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, and has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of Virginia, New York City, New York State, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Price List: Live : $189.00 Corporate live : $499.00 Recorded : $249.00, CD:$299.00

For any assistance contact us at support@compliance2go.com or call us at 877.782.4696

https://compliance2go.com/index.php?option=com_training&speakerkey=12&pr...

Confusion around the intended application of PhRMA guidelines and lack of awareness of insurance implications for clinical trial participants are unnecessarily handicapping clinical trial enrollment. Reactions to recent PhRMA guidelines have caused some sponsors to overly limit tactics for motivating and retaining both sites and trial participants. By doing so, sponsors are further decreasing sites’ abilities to maintain participants’ engagement in trials, and may be limiting site performance. Likewise, a lack of strategic planning around the implication of insurance coverage for study participants is directly affecting the likelihood that otherwise interested patients will participate in clinical trials.

This Webinar will address these two important issues and share best practices optimizing participant enrollment and site engagement within applicable guidelines.