Online Webinar 2019 - Patient Access to Health Information, Texting, and E-mail — HIPAA Requirements for Easy, Low-cost Access by Jim Sheldon-Dean

Session Highlights
Current topics of interest to be discussed include:The place of Information Security and incident management under the HIPAA Security and Breach Notification Rules will be explained.
Using texting and e-mail for patient engagement and reminders
Current enforcement and audit activity
Changes to Substance Use Disorder records confidentiality under 42 CFR Part 2,
Dealing with the European Union’s General Data Protection Regulation (GDPR)
Ensuring individuals have adequate access of their information under the rules
Processes to be used in managing security, mitigating risks, and handling incidents will be explained.
Proper methods of documentation and training to ensure compliance and help avoid penalties will be explained, including the use of internal audits and drills to develop and hone the ability to:
improve compliance continuously and
be prepared for incidents and enforcement investigations.
Who Will Benefit
Compliance director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information ManagerHealthcare Counsel/lawyer
Office Manager
Contracts Manager
Instructor Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than 19 years of experience specializing in HIPAA compliance, more than 37 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Overview
Recently the head of the US DHHS indicated that patient access of information is a key priority for the current administration, in order to improve the health of the nation. Patient rights under HIPAA have been expanded to include several new rights of access, and guidance has recently been issued on access of records, and been expanded more than once since its publication. The emphasis on and changes to rules having to do with patient access of records will need to be reflected in every health care-related organization’s policies and procedures. The guidance provides clear and detailed information on how to provide access, what can be charged for in fees, and what the individual’s rights are when it comes to access of information.
When it comes to how the information is to be communicated, HIPAA rules must be considered, and while professional communications containing any Protected Health Information should be encrypted when traveling over the Internet, patients have rights to choose their method of communication, including the right to use insecure methods such as plain e-mail and plain texting. How patient communication is handled, and how patient rights are honored within the abilities of your organization is key to patient satisfaction and avoidance of complaints and investigations that can lead to penalties.
HIPAA now provides for individual rights to receive electronic copies of records held electronically. Patients also now have new rights under HIPAA and the Clinical Laboratory Improvement Amendments (CLIA) to directly access test results from the laboratories creating the data. Many labs that did not deal directly with patients before will now have to create patient-facing operations, and how they communicate sensitive results to patients will need to be considered. These changes must be respected by entities subject to the HIPAA rules through modifications to policies and notices, and training of staff to reflect the new requirements.