HIPAA Omnibus Update - Required Changes To Medical Office Policies And Procedures

Event Information
Product Format
Prerecorded Event
60 Minutes
Product Description

Get Insights on What Policies and Evidence You Need To Produce, If You Are Audited By the HHS Office of Civil Rights

The new Omnibus Update to the HIPAA regulations now in effect and fully enforceable, containing numerous changes based, for the most part, on The HITECH Act passed in 2009. The amendments require changes in several areas of operation, including health information management, marketing, fundraising, breach notification and security, and many of the changes will require significant effort to implement.

Some of the most significant changes for medical offices have to do with changes to individual rights under HIPAA that require changes in policies and procedures and must be listed in an entity’s HIPAA Notice of Privacy Practices. All HIPAA-covered healthcare providers must update the way they deal with certain patient requests, or face stiff penalties. And all HIPAA Covered Entities that currently provide a Notice of Privacy Practices must update their NPPs to reflect the changes in individual rights because violations are subject to enforcement that can include fines up to $50,000 per day. Changes to policies and notices will be necessary in areas of patient access to records, restrictions of disclosures, marketing, fundraising, breach notification, and more.

Included are new requirements for the Notice of Privacy Practices to include notice of fundraising activity and an opportunity to opt out, new requirements for individuals to provide authorization for the sale of PHI, new rights of access to electronic records, new rights to restrict certain disclosures, and rights of notice in the event of a breach.

Reimbursed marketing activity that may have been permissible without authorization from the individual under the old rules used to require notice in the NPP. Now all such marketing activity paid for, above costs, by a third party wishing to promote a product or service will require authorization. The Breach Notification Rule has been significantly modified, discarding the “harm standard” used to determine if a breach were reportable, and replacing it with a risk assessment process to determine if there is a “low probability of compromise” of the information.

The changes are numerous and many are subtle. In this audio session, Jim Sheldon Dean will review the new regulations and discuss their effects on HIPAA policies.  He will describe the new rights that must be added into your policies and Notice of Privacy Practices, and identify the places where current rights need to be modified.

The work that must be done for updating HIPAA compliance for medical offices will be outlined by Jim, with a to-do list of activities that must be undertaken to ensure compliance, and identification of additional resources and templates. With the far-reaching changes in the rules and the new audits, enforcement, and penalty levels, it’s never been more important to review your HIPAA compliance and meet the new requirements.

Topics covered in the session:

  • Review of the new regulations and their effects on usual practices, as well as what policies need to be changed and how.  
  • Changes to rights of individual access of records include new rights to access information electronically, and have access in a shorter time period than before, and the differences will be explained
  • The processes for responding to requests for copies of electronic records will be related to the regulations that require them. Learn how the new regulations change the way individuals have access to their records
  • Find out about how Individuals can now request certain restrictions on disclosures that you must honor
  • The features that must be available in EHR systems and the questions to ask system vendors will be described
  • Learn about the new requirements for disclosers of health information to apply “minimum necessary” standards
  • Find out about how new limitations on marketing and fund-raising may change how entities can reach out to individuals
  • The process to be used in determining whether or not a breach is reportable will be explained and the new requirements will be discussed
  • The role of business associates will be discussed, including the extension of the rules to cover them directly under HIPAA, as well as potential necessary changes to business associate agreements
  • Insights on what policies and evidence you need to produce, if you are audited by the HHS Office of Civil Rights. Now that there is a legislative mandate to audit compliance, and a random audit plan under way, you need to be prepared to respond to audit requests.
  • Learn all about how new audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door
  • Know how to proceed if you are behind schedule with compliance, and how to prioritize your compliance catch-up

Session Highlights:

  • All HIPAA privacy policies and Notices of Privacy Practices must be updated to meet the new rules that became enforceable in September of 2013. The scope of the changes will be described
  • Breach notification policies must be updated to meet the new requirements, and privacy notices will need to include mention of the right to be notified in the event of a breach of the privacy or security of their Protected Health Information
  • Individuals have a new right to request electronic copies of information held electronically that must be reflected in policy and the NPP
  • Individuals have new rights to restrict disclosure of encounter information to an insurer if it is paid fully out of pocket by the individual. Policies and the NPP must identify this right
  • Fundraising policies may need updating, and fundraising activity must be described in the NPP, with an opportunity to opt-out
  • Healthcare Operations involving potential marketing activity must be re-evaluated in light of the new rules and policies and notices must be updated
  • How you should update your policies and your NPP – how do you document them, to whom does the new NPP go, and how

Who should attend Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer

Order Below or Call 1-866-458-2965 Today

You can also order through:




About Our Speaker

Jim Sheldon Dean - HIPAA Compliance & Regulations Expert

Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...   More Info
More Events By The Speaker

Why AudioEducator?
  • Save money on travel.
  • Meet your specific training needs.
  • Keep learning after the event.
  • Save time training your whole staff.
Join Our Mailing List
Our Accreditation Partners
Facebook Twitter Linkedin Youtube RSS Feeds Google Plus
Audio Educator


Dear Valued Customers


We regret to announce that ProEdTech LLC and all its affiliate brands will cease operations on April 1, 2019.


We are no longer able to fulfill online orders. We will fullfill all DVD and book orders already placed.


Customers of canceled webinars and subscription products may request a refund at (800) 223-8720 or service@proedtech.com. You must do so by April 1, 2019.


Thank you for your business and loyalty over the years. We sincerely apologize for any inconvenience caused.


Best regards,

The ProEdTech Team