HIPAA Compliance Course: Avoid HIPAA Issues and Prepare For Audits

Learn How to Integrate Email and Texting in Your Communications With Patients

Jim Sheldon-Dean
AAPC: 5.5 Credits

Overview

If you are a HIPAA-covered entity or a business associate, and are not in compliance with the HIPAA rules or have a privacy or security incident that affects protected health information, your organization could face serious penalties. HIPAA compliance requires you to consider dozens and dozens of practices that your office engages in; but what are the most likely issues to cause problems in HIPAA compliance? Communicating with patients over email and texting is a crucial and increasingly complex issue in HIPAA compliance. Ensuring compliant access to patient records, while maintaining individual rights, is another key but thorny area that most compliance managers and other individuals responsible for compliance tend to overlook or ignore, and that can later result in noncompliance and, in many cases, huge penalties!

Our comprehensive HIPAA compliance course by healthcare compliance and HIPAA expert Jim Sheldon-Dean will provide you with a wide range of information to assist you and your organization in staying HIPAA-compliant. It will help you identify the current compliance issues that should be addressed to ensure a clean report in any review.

The use of texting and email is an issue of current interest in HIPAA compliance as staff begins to adopt the technologies they are already used to, for use in the healthcare setting. Communicating with patients’ cell phones via texting or voice calls for purposes of payment and even for providing healthcare information requires consent, and using texting for official purposes still remains outside the bounds of physician orders. These issues must be considered when evaluating the use of texting and email for all kinds of communications. In addition, the focus of HIPAA audits in 2016 was on proper patient access to information as a significant compliance problem, and it is expected that the upcoming HIPAA audit program will include reviews of patient access policies and practices.

The stakes are high—any improper exposure of PHI that violates the HIPAA rules may result in an official breach that must be reported to the individual and to the U.S. Department of Health and Human Services (HHS), at great cost and with the potential to bring fines and other enforcement actions. This course will familiarize you with the high-risk issues that lead to breaches of health information and how those issues might be targets for auditors in the future.


Practical Applications Include:
  • HIPAA compliance audit program: trends and learning from past years
  • 10 steps to achieve compliance and avoid HIPAA issues
  • Top 10 HIPAA compliance issues: how to avoid willful neglect of compliance
  • Integrating email and texting in healthcare communications: requirements, risks, and issues
  • New patient access rights and regulations
Jim Sheldon-Dean

Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis, He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA topics and has spoken at numerous regional and national healthcare association conferences and conventions, including the annual NIST/OCR HIPAA Security Conference. He has over 15 years of experience specializing in HIPAA compliance, over 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont-certified volunteer emergency medical technician. Jim received his B.S., summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Session IDate: Nov 27, 2017Duration: 90 min
The 10-Day HIPAA Compliance Plan: How to Achieve Compliance and Avoid HIPAA Issues

Introduction:

The Health Insurance Portability and Accountability Act (HIPAA) requires every company associated with the handling of protected health information (PHI) to follow set standards and regulations for safeguarding sensitive patient data. While all HIPAA-covered entities and business associates (BAs) are subject to the HIPAA privacy, security and breach notification rules, not all entities have done all that’s necessary to comply. Are you among them?

If you aren’t in compliance with the HIPAA rules and you have a privacy or security incident affecting protected health information (PHI), your organization can face serious penalties. In this session, expert speaker Jim Sheldon-Dean gives you the tools to get your organization or practice in line with HIPAA in just 10 days. Jim provides you with the basics of HIPAA compliance and identifies the top current compliance issues that should be addressed first to ensure you’re ready for your first – or next – review. You will be provided with ways to cover HIPAA compliance in a format which will focus on the work to be done according to 10 steps or topic areas that will assist the HIPAA privacy or security officer to make progress in compliance and document it effectively.

Session Highlight:
  • Ensure you have the right policies, procedures and documentation for HIPAA compliance
  • Ensure appropriate patient rights and controls on your PHI uses and disclosures
  • Perform appropriate analysis of confidentiality, integrity and availability risks of electronic PHI
  • Protect your PHI from exposure through accidental acts, including loss of a data holding device, intentional acts, and attacks on health information by hackers
  • Understand various HIPAA-defined safeguards
  • Identify policies and procedures that must be implemented to protect the privacy and security of PHI

Session IIDate: Dec 1, 2017Duration: 60 min
Texting and Emailing With Patients: Complying With HIPAA Guidelines

Introduction:

Communicating with patients continues to be one of the most difficult issues that physicians and other healthcare providers face. Texting and emailing present particular thorny problems, as medical staffs begin to adopt new technologies in the healthcare setting. Email has long been a staple of people’s lives, but as we move into the new digital age, texting is often the preferred, or sometimes the best way of communicating. Communicating with patients’ cell phones via texting or voice calls for the purposes of payment and even for providing healthcare information requires consent, and using texting for official purposes still remains outside the bounds of physician orders. These issues must be considered when evaluating the use of texting and emailing for all kinds of communications.

However, there has long been a HIPAA requirement for covered entities to do their best to meet the requests of their patients for particular modes of communication, and using email or texting is no exception. As HIPAA requirements for allowing patients electronic access to their health information are now in effect, and as patients increasingly come to depend on electronic communications, there are new demands for communication via email and texting. In this course, expert speaker Jim Sheldon-Dean discusses the requirements, risks, and issues of the increasing use of email and texting for healthcare communications. Jim provides a road map for how to use them safely and effectively in order to increase the quality of health care and patient satisfaction.


Session Highlight:
  • Understand the risks of using email and texting, what can go wrong, and what can result when it does
  • HIPAA requirements for access and patient preferences, as well as the requirements to protect PHI
  • Limitations on the use of messages and calls to cell phones under the Telephone Consumer Protection Act (TCPA)
  • How The Joint Commission decided to allow and then withdraw allowing the use of texting for physician orders
  • Policies and procedures you should have in place for dealing with email and texting
  • Steps that must be followed in the event of a breach of PHI
Session IIIDate: Dec 8, 2017Duration: 60 min
HIPAA and Patient Access to Records: Poor Access Processes Can Lead to Penalties

Introduction:

Providing individuals easy access to their health information enables them to make prompt decisions regarding their well-being and health. HIPAA has expanded patient rights and has included several new rights for individuals to access their medical records. HIPAA has now started to provide individual rights for electronic copies of records that are held electronically. Under the Clinical Laboratory Improvement Amendments (CLIA) and HIPAA, patients also have new rights to directly access test results from the labs creating the data.

Recently issued guidance on access to records offers detailed information on how to provide access, what can be charged for fees, and the rights of an individual when it comes to accessing his or her information. These key changes to the rules regarding patient access to records must be included in the policies and procedures of every healthcare organization: Have you updated yours lately?

In this course, expert speaker Jim Sheldon-Dean will discuss the new access rights under HIPAA and CLIA regulations. The focus of HIPAA audits in 2016 was on proper patient access to information as a significant compliance problem, and it is expected that the upcoming HIPAA audit program will include reviews of patient access policies and practices. Compliance with HIPAA is required and violations for willful neglect of the rules carry huge fines and penalties. Not only are the compliance rules changed, but the enforcement rules have changed, too, with a new four-tier violation schedule with increased fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million each. Any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty. In this session, you will learn about recent guidance from the HHS Office of Civil Rights, including additional updates to the guidance, so that you can make sure you’re providing patients with the correct access under the rules.


Session Highlight:
  • New access rights under HIPAA and CLIA regulations
  • Extensive new guidance from the HHS Office of Civil Rights on access of protected health information (PHI)
  • Guidance from HHS regarding access of mental health information and minors’ information
  • Required process for the review of certain denials of access
  • How email and texting should be handled, what can go wrong, and what can result when it does
  • HIPAA requirements for access and patient preferences, as well as the requirements to protect PHI

Session IVDate: Dec 15, 2017Duration: 60 min
Preparing for HIPAA Audits: Having Documentation Ready to Go and Avoiding Issues

Introduction:

Now that you know and are well aware of healthcare communication and healthcare information access guidelines and regulations, you need to prepare yourself for the next important thing – audits!

The Department of Health and Human Services (HHS) has indicated that the HIPAA audit program will become permanent, following the HHS HIPAA compliance program’s trial audits and a second round of audits in 2016, which also included those of HIPAA associates. It’s time to focus on lessons learned from the current round while the final program is being designed. All covered entities may be subject to an audit, and they need to know what kinds of questions they’ll be asked, what information they'll need to provide, and how to prevent issues that could lead to violations and fines.

In this course, Jim Sheldon-Dean will discuss the HIPAA audit program and how it works, the areas that caused the most issues in the past audits, and the areas that were targeted in the recent audits. He will also explore the typical risk issues that lead to breaches of health information and will discuss how those issues might be targets for auditors in the future. Jim will examine the updated HIPAA audit protocol as well as other questionnaires that have been used in the past and might be used to help prepare an organization for a future review.


Session Highlight:
  • Risk issues that lead to breaches of health information and how those issues might be targets for auditors now
  • Contents of the past HIPAA audit protocol
  • What documentation needs to be on hand if your organization is selected for an audit now
  • How to the contents of the HIPAA audit protocol to build your own compliance plan
  • Enforcement regulations and recent changes that increase fines and create new penalty levels
  • Documentation requirements for compliance
  • Framework of security policies necessary for compliance
  • Results of prior HHS audits (and their penalties), including recent actions involving multi-million dollar fines and settlements
  • Steps to prepare for an audit and respond to an audit request
  • Upcoming trends in information security risks
  • The refocused and redefined HIPAA audit program
  • Prevalent security and privacy compliance issues based on HIPAA 2012 and 2016 audits and the breach notification process
  • How the HHS is now auditing HIPAA covered entities and business associates even if there have been no complaints or problems reported
  • Examining the HIPAA audit protocol and the sets of questions asked at other HIPAA audits previously
  • What HHS OCR is likely to ask you if you are selected for an audit, and how to prepare
  • Rules you need to comply with and policies you can adopt to come into compliance

Session VDate: Dec 22, 2017Duration: 60 min
The HIPAA HOT List: Key Issues in HIPAA Compliance Today

Introduction:

HIPAA rules and regulations require you to consider dozens and dozens of practices your office engages in, but what are the most likely issues to cause problems in HIPAA compliance? Your organization needs to handle protected health information properly and follow your HIPAA privacy, security and breach notification rule requirements. When there are problems related to audit, breaches or complaints, you may have to face an enforcement action which can reach up to millions of dollars. Corrective action plans can take years to complete and cost your organization much more than monetary settlements.

Taking care of the most recent hot spots on the feds’ radar will help keep your practice or organization out of hot water. Our expert speaker Jim Sheldon-Dean will present the top 10 issues involved in HIPAA breaches, enforcement actions and audit activities. He will help you be aware of significant consequences and help you avoid the top 10 HIPAA compliance issues. Simple things could lead to violations and they can be easily prevented if policies and procedures are implemented and people are trained on them. Various violation settlements involve improper consideration of the requirements in the Security Rule, which lead to the involvement of extensive procedures and policies based on thorough entity-wide risk analysis. If you’re subject to HIPAA regulations, you must know the top issues which organizations are facing in HIPAA compliance these days, and understand the issues most prevalent in breaches, enforcements and audits – so that, you can avoid such issues and the impact they will have on your organization. If you fail to do so, it will lead to financial settlements, and you will have to pay fines or get into corrective action plans, all of which will affect your organization severely.


Session Highlight:
  • HIPAA enforcement processes and how do they apply to business associates and covered entities
  • The HIPAA privacy, security, and breach notification regulations (and the recent changes to them) and how their compliance will be evaluated in enforcement circumstances
  • Recent changes to the HIPAA enforcement regulations that increase fines and create new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000
  • The information and documentation that needs to be prepared in advance so that you can be ready for an enforcement review or an audit without notice
  • The results of prior HHS enforcement actions and audits (and their penalties), including recent actions involving multimillion-dollar fines and settlements
  • Identification of weaknesses in organizational compliance
  • Questions asked in prior audits and enforcement reviews
  • Future threats to the security of patient information
  • The importance of a good compliance process to help you stay compliant more easily

AAPC - 5.5 Credits
Certificate of Completion
Who Will Benefit:
  • Compliance managers
  • HIPAA privacy officers
  • HIPAA security officers
  • CEOs
  • Office managers
  • HR directors
  • Privacy officers
  • CIOs
  • Records release managers
  • HIM managers
  • Anyone involved with HIPAA compliance