HIPAA and EHRs: Special Considerations for Electronic Records
What Providers Need To Change In Their Systems To Be Compliant With New Rules?
Recent and upcoming changes to HIPAA that expand the regulation’s reach and increase enforcement, along with Federal incentives to adopt electronic health records, have created a perfect storm for the privacy and security of protected health information (PHI). To meet many of the requirements, it will be necessary to carefully define the Designated Record Set to which the regulations apply, which may not have been done previously. To qualify for incentive funding, providers must perform HIPAA Security compliance activities that may have been sidestepped in the past, but no longer can be due to new, higher penalties, including mandatory penalties starting in the tens of thousands of dollars for willful neglect of compliance.
Providers will need to change how they do business to meet the new requirements as they move to newer electronic records systems, and qualifying for the funding will require the kind of attention to privacy and security that health information has always deserved.
During this 60-minute audio conference, our expert speaker Jim Sheldon-Dean will review for you the new and expected regulations and will discuss their effects on the use of EHRs. Jim will provide insights on: what policies need to be changed and how, how disclosures must be tracked in an EHR, review the various ways patient records can be supplied electronically, discuss the requirements for meeting the mandatory Privacy and Security Objective in the meaningful use regulations (including requirements for a HIPAA Security Risk Analysis), and show what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights. The new enforcement penalty structure and the new program for random audits by HHS OCR will be described in this session.
This session will help you:
- The new regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.
- Individuals can request an accounting of disclosures of their health information including those made for purposes of treatment, payment, or healthcare operations, from an electronic health record, going back three years.
- Individuals will be able to request an access report of all uses and disclosures of PHI from any records in the Designated Record Set – clearly defining that set is now a priority.
- Individuals have the right to obtain electronic copies of their health information that is stored electronically, from any electronic system in the HIPAA Designated Record Set.
- Individuals can now request certain restrictions on disclosures that you must honor, and that may be difficult to implement.
- Meaningful Use requirements for EHR funding call for a HIPAA Information Security Risk Analysis and implementation of risk mitigation measures.
- New audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.
- The new penalty structure and plans for audits mean that you are more likely to be audited for HIPAA compliance, and you may be facing significantly higher penalties for non-compliance than ever before.
Who should attend? Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer.
Order Below or Call 1-866-458-2965 Today
About Our Speaker
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates.
Sheldon-Dean serves on the HIMSS Information Systems Security... More Info
More Events By The Speaker
- Save money on travel.
- Meet your specific training needs.
- Keep learning after the event.
- Save time training your whole staff.