Patient Rights and the HIPAA Privacy Officer: Making Compliance Decisions and Avoiding Violations

Event Information
Product Format
Prerecorded Event
60 minutes
Product Description

Be Compliant with Patient Rights under HIPAA as A Privacy Officer, Learn to Avoid Penalties and Violations of Non-Compliance.

With the recent changes to HIPAA and increasing focus on patient information, patient rights, and HIPAA enforcement – now is the time for the HIPAA Privacy Officer to review and update their organization's policies and practices and have the documentation necessary to avoid the significant penalties for non-compliance. Patients have a number of rights under HIPAA – from rights of access to certain records, requests for amendment of records the patient feels are incorrect, requests for additional privacy protections, to requests for accountings of disclosures and restriction of disclosures, and the HIPAA Privacy Officer is responsible for making sure those rights are properly provided.

Changes to the HIPAA Privacy Regulations now in effect call for significant changes to the relationship between health care providers and their patients.  Patients have new rights of access to and restrictions on the use of Protected Health Information (PHI) by HIPAA-covered healthcare providers and those providers also have additional changes to the allowable uses and disclosures of that PHI.  The new rules are in effect now, and the HIPAA Privacy Officer is responsible for making sure the changes in the rules are accurately represented in policy and procedure.

Now, individuals have the right to receive electronic copies of any medical records held electronically, and they can ask that certain disclosures not be made to their insurers, a request that must be complied with, no matter how ready your systems and processes are to handle the restriction.  These new rights require the HIPAA Privacy Officer to ensure that processes are in place to provide these rights. Regulations around the release of electronic records and the restriction of disclosures create burdens that your EHR and medical records department must deal with.  If you haven’t already, you must update your HIPAA Notice of Privacy Practices to show how you support the new patient rights under HIPAA as amended by HITECH.

Not only are the compliance rules changed, but the enforcement rules have changed, with a new four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. And any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty. It’s never been more important for the HIPAA Privacy Officer to ensure the rules are being followed and compliance is fully documented. The HIPAA regulations define the relationship between providers and patients and provide certain rights to patients. Patients have various rights of access, amendment, restriction of disclosures, accounting of disclosures, limitations on marketing and fundraising, privacy, and security. In addition, new changes modifying the HIPAA Regulations have gone into place to meet the requirements within the HIPAA Omnibus Update Rule implementing the HITECH Act.   

Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules.  Electronic records have new demands placed on them, in both providing access and in restricting some disclosures of health information – the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals.  In this conference, expert speaker Jim Sheldon-Dean will discuss how disclosures must be restricted in an EHR and review the various ways patient records can be supplied electronically. He will review the new regulations and their effects on usual practices, as well as discuss what policies need to be changed and how. You will also understand the evidence you must produce if you are audited by the HHS Office of Civil Rights.  

Whereas the former practice of USDHHS has been to audit compliance only in instances where a violation was reported, the law now requires USDHHS to conduct a regular HIPAA compliance audit program, and a new program is under way. All HIPAA Privacy Officers need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the rules as well as the new changes in the rules.  With the far-reaching changes in the rules and the new enforcement and penalty levels, it’s never been more important to review your HIPAA compliance and meet the new requirements.

Session Highlights:

  • The patient rights provided by HIPAA will be explained, and the obligations of the Privacy Officer will be reviewed.  
  • The new regulations will be reviewed and their effects on usual practices will be discussed, as well as what policies need to be changed and how.  
  • Understand what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights.  
  • The features that must be available in EHR systems and the questions to ask of system vendors will be described.  
  • The processes for responding to requests for copies of electronic records and restrictions of disclosures will be related to the regulations that require them.
  • Learn how the new regulations change the way individuals have access to their records.
  • Find out about how Individuals can now request certain restrictions on disclosures that you must honor.
  • Learn about the new requirements for disclosers of health information to apply “minimum necessary” standards.
  • Find out about how new limitations on marketing and fund-raising may change how entities can reach out to individuals.
  • Learn all about how new audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.

Who should attend?

Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer.


Order Below or Call 1-866-458-2965 Today


You can also order through:




About Our Speaker

Jim Sheldon Dean - HIPAA Compliance & Regulations Expert

Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...   More Info
More Events By The Speaker

Why AudioEducator?
  • Save money on travel.
  • Meet your specific training needs.
  • Keep learning after the event.
  • Save time training your whole staff.
Join Our Mailing List
Our Accreditation Partners
Facebook Twitter Linkedin Youtube RSS Feeds Google Plus