ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

SPEAKER : Jim Sheldon-Dean 2011 - HIPAA and EHRs - what your systems need to do so you can be in compliance with new rules

Date2011-10-13

Deadline2011-10-13

Venuehouston, USA - United States USA - United States

KeywordsHealth Care,Medical device,pharma

Websitehttps://compliance2go.com/index.php?opti...

Topics/Call fo Papers

More health care providers than ever are adopting electronic health records, and new regulations on using them and protecting the information on them are here, with more on the way.

Why Should You Attend:

? Recent and proposed changes to HIPAA that expand the regulation’s reach and increase enforcement, along with incentives to adopt electronic health records, have created a perfect storm for the privacy and security of protected health information (PHI).

? Many of the new changes to HIPAA focus directly on aspects of the use of electronic records, such as the accounting of disclosures of all kinds, even for treatment, payment, and healthcare operations, and the provision of records in electronic formats when requested. These proposed rules have a tremendous impact on not only EHRs, but any electronic systems that hold protected health information in the designated record set.

? The proposed requiement to provide a list of all accesses of an individual records is based on an ability to track accesses that not all systems can provide today. Using electronic records of any kind could mean big headaches for compliance with HIPAA accounting of disclosures requirements.
? To qualify for incentive funding, providers must perform HIPAA Security compliance activities that may have been sidestepped in the past, but no longer can be due to new, higher penalties, including mandatory penalties in the tens of thousands of dollars for willful neglect of compliance. Risk analysis is now clearly required, both for HIPAA and for EHR funding, but many organizations have not yet performed one and find the task overwhelming.

? Providers will need to change how they do business to meet the new requirements as they move to newer electronic records systems, and qualifying for the funding will require the kind of attention to privacy and security that health information has always deserved, but not always received.

Description of the topic

The new and proposed HIPAA Privacy and Security regulations will be reviewed and their effects on the use of EHRs will be discussed. The proposed rules call for an ability to make an electronic copy of an individual's protected health information for any information held in an entity's designated record set. In addition, any accesses of electronic PHI in a designated record set must be recorded so that they can be provided in an access list if requested by the individual. Not only do these requirements call for technical capabilities that may or may not be present in a particular system, but they also imply that an organization would be well-advised to carefully define its designated record set in order to limit its exposure under these requirements, giving the definition of a designated record set new importance.

We will discuss how disclosures and accesses must be tracked in an EHR and review the various ways patient records can be supplied electronically. The proposed rules allow for a variety of methods to accomplish the objectives, but all will require new policies, procedures, and practices. We will show what policies need to be changed and how.

Adopting an EHR and securing funding for it through the Federal program requires that certain objectives be met according to defined measures, including a required objective to protect the privacy and security of information in an EHR. That measure calls for a HIPAA Security risk analysis. We will discuss the scope and methods of a risk analysis that can meet the requirements and make it easier to prioritize your activities to reduce risks and improve security most cost-effectively.

Some of the new regulations require an ability to restrict certain disclosures that may not be easy to implement in EHRs, and may require modifications and upgrades before you can be in compliance.

To be prepared for compliance, you need to be prepared for an audit by the HHS Office of Civil Rights. This session will show you what policies and evidence you need to produce if you are audited, and what you can do ahead of time to show you have securely implemented your EHR and continue to monitor and maintain its security. We will show you how to find out what has been asked of entities in reviews before and what you need to prepare in advance so you can be ready when they call.

Finally, the new enforcement penalty structure and the latest plans for audits by HHS OCR will be described, so you can know what you're up against if you don't make the effort to ensure compliance. Protecting your EHR will require new practices and new routines to help you avoid breaches and the significant penalties of violations, and we will help you understand the ramifications of not doing what's necessary to protect your EHR and its data, so you can make intelligent decisions about your security priorities.

Areas Covered in the Session

? The new regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.

? Individuals can request an accounting of disclosures of their health information including those made for purposes of treatment, payment, or healthcare operations, from an electronic health record, going back three years.

? Individuals have the right to obtain electronic copies of their health information that is stored electronically, from any electronic system in the HIPAA designated record set.

? Individuals can now request certain restrictions on disclosures that you must honor.

? Meaningful Use requirements for EHR funding call for a HIPAA Information Security Risk Analysis and implementation of risk mitigation measures.

? New audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.

? The new penalty structure and plans for audits mean that you are more likely to be audited for HIPAA compliance, and you may be facing significantly higher penalties for non-compliance than ever before.

Who will benefit: The designations

Compliance director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Contracts Manager

Last modified: 2011-10-04 02:17:37