The HIPAA Omnibus Update rules contain numerous changes to HIPAA Privacy, Security, and Breach Notification rules that affect communication with patients and clients of health care services, who often ask to communicate with health care offices via e-mails or text messages. Many of the policies and procedures in place at every health care-related organization will need to be reviewed and updated to meet the new requirements. Organizations need to understand the various ways that health care communications can take place, and how patient communications fit in with the HIPAA rules. They need to design and implement a patient communication policy/ plan, and train their staff on it, or they may face significant new fines for noncompliance.
As new requirements for allowing patient’s electronic access to their health information go into effect, and as patients increasingly come to depend on electronic communications, there are new demands for communication via e-mail and texting. Patients don’t want to bother with secure Web-site-based solutions, they just want to use the tools they already use for communication, and they have a right to communicate how they wish. How can HIPAA requirements for privacy and security be reconciled with patient requests for information provided by e-mail and text messages?
Join compliance expert Jim Sheldon Dean in this information packed session to discuss the differences between professional communications and patient communications, and how they must be treated to best serve patients, most efficiently enable communications, and remain within the bounds of HIPAA compliance.
Some of the most significant changes in HIPAA under the new Omnibus Update rules have to do with changes to individual rights under HIPAA that must be reflected in policies and procedures and an entity’s HIPAA policies and Notice of Privacy Practices (NPPs). All HIPAA Covered Entities should have updated their policies, procedures, and Notices of Privacy Practices to reflect the changes by September 23, 2013. Violations are subject to enforcement that can include fines up to $50,000 per day. Included are new rights of access to electronic records that illustrate the flexibility inherent in HIPAA and allow communications that many offices may have thought to be prohibited, such as using plain e-mail and texting. While professional communications between providers, insurers, business associates, and other business parties should always be conducted securely, there is more flexibility in using less secure technologies for communications with patients in some circumstances.
Jim will focus on the rights of individuals to communicate in the manner they desire, and how an office can decide what’s an acceptable process for communication with individuals. He will explain how to discuss communications options with individuals so that you can best meet their needs and desires, while preserving their rights under the rules. With the new HIPAA random audit program now getting under way, and increases in enforcement actions following breaches, now is the time to ensure your organization is in compliance with the regulations and meeting the e-mail and texting communication needs and desires of its providers and patients. You need the proper privacy protections for health information, and the necessary documented policies and procedures, as well as documentation of any actions taken pursuant to your policies and procedures. And, of course, you will need to train your staff in all the new policies and procedures.
E-mail has long been a staple of people's lives, but as we move into the new digital age, it seems everyone is moving to a new smart phone and wants to use it in all the incredible ways it can be used for health care purposes, including the use of e-mail and texting. Doctors are finding that texting is far more flexible, convenient, and effective than paging, and patients want to be able to use short message texting for handling of appointments, updates, and the like, where even e-mail or the telephone would seem inconvenient.
The stakes are high – any improper exposure of PHI may result in an official breach that must be reported to the individual and to the US Department of Health and Human Services, at great cost and with the potential to bring fines and other enforcement actions if a violation of rules is involved. Likewise, complaints by a patient if they are not afforded the access they desire can bring about HHS inquiries and enforcement actions, so it is essential to find the right balance of access and control.
Our expert will discuss the requirements, the risks, and the issues of the increasing use of e-mail and texting for patient and provider communications and provide a road map for how to use them safely and effectively, to increase the quality of health care and patient satisfaction. In addition, the session will discuss how to be prepared for the eventuality that there is a breach, so that compliance can be assured.
Topics covered in the session:
Who should attend? Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer
- Jugna Shah, MPH
- Wayne J. Miller, Esq.
- Sue Dill Calloway, RN, MSN, JD
- Susan Ulrey,
- Duane C. Abbey, Ph.D.
- Jugna Shah, MPH
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more...
More Events By The Speaker