HIPAA/HITECH Omnibus Final Rule: Stay Compliant With 2013 ChangesWednesday May 8, 2013.
Chris Apgar, CISSP
Is your organization ready to comply with the HIPAA Omnibus Final Rule? Our experts help you understand the HIPAA Final Rule, describe the changes you need to know, and provide best practices to meet the new rule and stay in compliance.
Released in January, organizations are struggling with implementing and conforming to the changes imposed by the new HIPAA omnibus rule guidance. Privacy and security updates, enforcement rule changes, impact to business associates and subcontractors, and changes to the breach notification rule must be addressed to keep your facility out of trouble.
- Receive an overview of the HIPAA/HITECH Omnibus rule including an outline of key provisions and deadlines
- Learn how the final rule meshes with, and differs from, assumptions made following the passage of the HITECH Act
- Know the changes HHS made in interpretation of privacy, security and enforcement requirements
- Ensure business associates and subcontractors don’t put your facility at risk of a PHI breach, civil penalty, or other harm
- Prepare your organization for the impact of the new enforcement rule
- Know the questions to ask and how to comply in a timely manner
At the conclusion of this program, participants will be able to:
- List the most important changes in the HIPAA/HITECH Final Rule
- Discuss steps organizations must take to educate staff and vendors on the changes
- Describe ways to stay in compliance with the changes and avoid those civil penalties
I. Breaking down the Final Rule
- These “big deals” will impact most covered entities
- Changes to who is a Business Associate (BA): Now subcontractors, SaaS vendors, cloud vendors, and others up and down the line are business associates and subject to HIPAA Privacy and Security by statute and rule
- Business Associates and soon to be BAs are now subject to civil penalties
- Privacy changes: Patient rights, research, and the like
- Breaches Notification: ”low risk of compromise” replaces the“harm” determination
II. Expanded concept of a BA
- Expanding the rules and changing definitions
- Civil penalties
III. Elimination of Harm Standard, replacement with the Low Probability of Compromise Standard
- Risk analysis
- Initial assumption – reportable breach?
- Determine low risk of harm: replaced with low probability of compromise
- Subjective to objective, at least in theory
- Violation of minimum necessary may be a reportable breach
- Business associate responsibilities
IV. Patient rights, research, and other privacy changes
- Marketing changes: talking to patient in person vs. phone or other contact
- Hybrid entities
V. GINA regulations
VI. Steps to comply and where to turn for information
WHO SHOULD LISTEN?
HIM managers, compliance officers, legal teams, practice managers, CISO, Chief Privacy Officers, Benefits Manager, CIOs, HR directors, Training departments, Finance, Clinical Documentation Improvement Specialists, CDI managers, HIM Directors, inpatient coders, physician advisors, case managers
MEET THE SPEAKERS
Chris Apgar, CISSP
Chris Apgar, CISSP, CEO and president of Apgar & Associates, LLC, and former HIPAA compliance officer for Providence Health Plans, is a nationally recognized information security, privacy, HIPAA/HITECH, and electronic health information exchange expert. He is a member of the WEDI Board of Directors, on which he has served for seven years, and is a member of the Oregon & SW Washington Healthcare, Privacy and Security Forum Board of Directors. He is also a member of the Oregon Prescription Drug Monitoring Program Advisory Commission.
Jeff Drummond is a partner with Jackson Walker in Dallas and his areas of expertise include representing hospitals, physicians, and other healthcare providers in corporate, transactional, and regulatory matters, including mergers and acquisitions, provider joint ventures, contract negotiations, and finance matters, including the issuance of tax-exempt bonds. He regularly advises clients regarding compliance with healthcare, pharmaceutical, and tax exemption laws and regulations. He is a frequent writer and speaker on medical record privacy and security issues, HIPAA, and the FTC Red Flags Rule, and advises clients regarding compliance with those laws and regulations. Since 2002 he has written the original HIPAA Blog at www.hipaablog.blogspot.com.
MISSED THE LIVE EVENT?
No problem. This webcast is now available ON-DEMAND. Use it as a training tool at your convenience—whenever your new or existing staff need a refresher or need to understand a new concept. Play it once or dozens of times! $259 value!