With the recent changes to HIPAA and increasing focus on patient information, patient rights, and HIPAA enforcement – now is the time for the HIPAA Privacy Officer to review and update their organization's policies and practices and have the documentation necessary to avoid the significant penalties for non-compliance. Patients have a number of rights under HIPAA – from rights of access to certain records, requests for amendment of records the patient feels are incorrect, requests for additional privacy protections, to requests for accountings of disclosures and restriction of disclosures, and the HIPAA Privacy Officer is responsible for making sure those rights are properly provided.
Changes to the HIPAA Privacy Regulations now in effect call for significant changes to the relationship between health care providers and their patients. Patients have new rights of access to and restrictions on the use of Protected Health Information (PHI) by HIPAA-covered healthcare providers and those providers also have additional changes to the allowable uses and disclosures of that PHI. The new rules are in effect now, and the HIPAA Privacy Officer is responsible for making sure the changes in the rules are accurately represented in policy and procedure.
Now, individuals have the right to receive electronic copies of any medical records held electronically, and they can ask that certain disclosures not be made to their insurers, a request that must be complied with, no matter how ready your systems and processes are to handle the restriction. These new rights require the HIPAA Privacy Officer to ensure that processes are in place to provide these rights. Regulations around the release of electronic records and the restriction of disclosures create burdens that your EHR and medical records department must deal with. If you haven’t already, you must update your HIPAA Notice of Privacy Practices to show how you support the new patient rights under HIPAA as amended by HITECH.
Not only are the compliance rules changed, but the enforcement rules have changed, with a new four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. And any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty. It’s never been more important for the HIPAA Privacy Officer to ensure the rules are being followed and compliance is fully documented. The HIPAA regulations define the relationship between providers and patients and provide certain rights to patients. Patients have various rights of access, amendment, restriction of disclosures, accounting of disclosures, limitations on marketing and fundraising, privacy, and security. In addition, new changes modifying the HIPAA Regulations have gone into place to meet the requirements within the HIPAA Omnibus Update Rule implementing the HITECH Act.
Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules. Electronic records have new demands placed on them, in both providing access and in restricting some disclosures of health information – the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. In this conference, expert speaker Jim Sheldon-Dean will discuss how disclosures must be restricted in an EHR and review the various ways patient records can be supplied electronically. He will review the new regulations and their effects on usual practices, as well as discuss what policies need to be changed and how. You will also understand the evidence you must produce if you are audited by the HHS Office of Civil Rights.
Whereas the former practice of USDHHS has been to audit compliance only in instances where a violation was reported, the law now requires USDHHS to conduct a regular HIPAA compliance audit program, and a new program is under way. All HIPAA Privacy Officers need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the rules as well as the new changes in the rules. With the far-reaching changes in the rules and the new enforcement and penalty levels, it’s never been more important to review your HIPAA compliance and meet the new requirements.
Who should attend?
Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer.
Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...
More Events By The Speaker