Share Your Research, Maximize Your Social Impacts
Main Menu
Searching By
PARTNERS
SPEAKER : Jim Sheldon-Dean 2011 - New Changes to HIPAA Rules - Their expected impact and enforcement schedule
Date2011-11-15
Deadline2011-11-15
Venuehouston, USA - United States 
KeywordsPharmaceuticals; Medical Devices;Biologics,Health care,Hippa
Topics/Call fo Papers
The HIPAA rules for Privacy and Security of Protected Health Information are undergiong significant expansion, with new requirements, fines, and penalties, and a new enforcement effort.
Why should you Attend:
The HIPAA privacy and security regulations are changing in ways that affect every health care-related entity, from providers to insurers to business associates, and more. The HIPAA Privacy and Security Regulations have been modified in regulations issued as interim final rules (IFRs) and notices of proposed rule making (NPRMs) by the US Department of Health and Human Services (USDHHS).
? All kinds of covered entities, and now, business associates of covered entities and their subcontractors as well, need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the changes in the rules. Some subcontractors of business associates may not even be aware that they handle protected health information and now fall under the regulations.
? A whole range of new regulations around the release and accounting of electronic records have created new burdens that your EHR and your medical records department must deal with.
? Not only are the compliance rules changed, but the enforcement rules have changed, with a new four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. And any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty.
? Whereas the former practice of USDHHS has been to audit compliance only in instances where a violation was reported, the law now requires USDHHS to conduct a regular HIPAA compliance audit program, and soon those individuals harmed by a violation will have the right to a share in any settlements or penalty collections. The new audit program is already getting under way.
? With the far reaching changes in the rules and the new enforcement and penalty levels, it’s never been more important to review your HIPAA compliance and meet the new requirements.
Description of the topic:
? New regulations modifying the HIPAA Privacy and Security Regulations have been proposed and/or finalized to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009. New requirements for business associates of HIPAA covered entities and requirements to notify individuals in the event of a breach are only two of the many areas affected in the new law, including new requirements for restricting and accounting of disclosures and increased enforcement activity.
? All kinds of covered entities, and now, business associates of covered entities and their subcontractors as well, need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the changes in the rules. Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates and their subcontractors will need to establish compliance programs.
? And the regulations include new requirements for audits by the US Department of Health and Human Services and mandatory penalties in the event of willful neglect of the regulations.
? This teleconference will help health information professionals understand what they have to do, and when, and what to keep in mind as they move forward, in order to be prepared for compliance with the new regulations. It will provide a comprehensive look at the changes in the law and prepare attendees for the process of incorporating the changes into how they do business in their facilities.
? Business associates are now directly covered by the HIPAA privacy, security, and breach notification regulations and are liable for fines and penalties if they do not comply. In addition, there are new kinds of businesses that are considered to be business associates, such as Health Information Exchanges and e-Prescribing Gateways,as well as patient safety organizations and any subcontractors of business associates, putting thousands of businesses under regulation that were not regulated before now. We will explain what a Business Associate needs to do differently under the new regulations, including providing a policy framework for information security.
? Penalties for violations have been increased, including a new, four-tier penalty structure and new mandatory penalties for willful neglect that begin at a minimum of $10,000 and can go up to $1.5 million or more. The definitions of the penalty levels include new definitions for reasonable cause and reasonable diligence, as well as willful neglect, which have a direct impact on the amount of penalty a violation may be subject to.
? Electronic records have new demands placed on them, in both providing access and in accounting for all disclosures of health information ? the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be tracked in an EHR and review the various ways patient records can be supplied electronically.
? The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be changed and how. We will show what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights. Now that there is a legislative mandate to audit compliance, and a random audit plan under development, you need to be prepared to respond to audit requests.
Areas Covered in the Session:
The new regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.
Individuals can now request certain restrictions on disclosures that you must honor.
There are new requirements for disclosers of health information to apply “minimum necessary” standards.
Business Associates have new requirements to comply with HIPAA privacy protections and security safeguards and are subject to enforcement and penalties directly by HHS.
Health Information Exchanges, Regional Health Information Exchanges, and e-Prescribing gateways are now considered to be Business Associates
New limitations on marketing and fund-raising may change how entities can reach out to individuals.
New audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.
o Learn how changes to HIPAA came to pass
o Find out the details of the changes to HIPAA, including new definitions
o Understand how the changes affect your organization
o Plan for implementing new requirements
o Learn how to attain compliance
o Find out about new penalties and enforcement of HIPAA
o Discover the Changes to HIPAA Practices in the areas of:
A. Business Associates
B. Breach Notification
C. Accounting of Disclosures
D. Restriction of Disclosures
E. Enforcement, Audits, and Penalties
Who will benefit
Compliance director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Contracts Manager
Why should you Attend:
The HIPAA privacy and security regulations are changing in ways that affect every health care-related entity, from providers to insurers to business associates, and more. The HIPAA Privacy and Security Regulations have been modified in regulations issued as interim final rules (IFRs) and notices of proposed rule making (NPRMs) by the US Department of Health and Human Services (USDHHS).
? All kinds of covered entities, and now, business associates of covered entities and their subcontractors as well, need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the changes in the rules. Some subcontractors of business associates may not even be aware that they handle protected health information and now fall under the regulations.
? A whole range of new regulations around the release and accounting of electronic records have created new burdens that your EHR and your medical records department must deal with.
? Not only are the compliance rules changed, but the enforcement rules have changed, with a new four-tier violation schedule with increased minimum and maximum fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. And any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty.
? Whereas the former practice of USDHHS has been to audit compliance only in instances where a violation was reported, the law now requires USDHHS to conduct a regular HIPAA compliance audit program, and soon those individuals harmed by a violation will have the right to a share in any settlements or penalty collections. The new audit program is already getting under way.
? With the far reaching changes in the rules and the new enforcement and penalty levels, it’s never been more important to review your HIPAA compliance and meet the new requirements.
Description of the topic:
? New regulations modifying the HIPAA Privacy and Security Regulations have been proposed and/or finalized to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009. New requirements for business associates of HIPAA covered entities and requirements to notify individuals in the event of a breach are only two of the many areas affected in the new law, including new requirements for restricting and accounting of disclosures and increased enforcement activity.
? All kinds of covered entities, and now, business associates of covered entities and their subcontractors as well, need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the changes in the rules. Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates and their subcontractors will need to establish compliance programs.
? And the regulations include new requirements for audits by the US Department of Health and Human Services and mandatory penalties in the event of willful neglect of the regulations.
? This teleconference will help health information professionals understand what they have to do, and when, and what to keep in mind as they move forward, in order to be prepared for compliance with the new regulations. It will provide a comprehensive look at the changes in the law and prepare attendees for the process of incorporating the changes into how they do business in their facilities.
? Business associates are now directly covered by the HIPAA privacy, security, and breach notification regulations and are liable for fines and penalties if they do not comply. In addition, there are new kinds of businesses that are considered to be business associates, such as Health Information Exchanges and e-Prescribing Gateways,as well as patient safety organizations and any subcontractors of business associates, putting thousands of businesses under regulation that were not regulated before now. We will explain what a Business Associate needs to do differently under the new regulations, including providing a policy framework for information security.
? Penalties for violations have been increased, including a new, four-tier penalty structure and new mandatory penalties for willful neglect that begin at a minimum of $10,000 and can go up to $1.5 million or more. The definitions of the penalty levels include new definitions for reasonable cause and reasonable diligence, as well as willful neglect, which have a direct impact on the amount of penalty a violation may be subject to.
? Electronic records have new demands placed on them, in both providing access and in accounting for all disclosures of health information ? the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be tracked in an EHR and review the various ways patient records can be supplied electronically.
? The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be changed and how. We will show what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights. Now that there is a legislative mandate to audit compliance, and a random audit plan under development, you need to be prepared to respond to audit requests.
Areas Covered in the Session:
The new regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.
Individuals can now request certain restrictions on disclosures that you must honor.
There are new requirements for disclosers of health information to apply “minimum necessary” standards.
Business Associates have new requirements to comply with HIPAA privacy protections and security safeguards and are subject to enforcement and penalties directly by HHS.
Health Information Exchanges, Regional Health Information Exchanges, and e-Prescribing gateways are now considered to be Business Associates
New limitations on marketing and fund-raising may change how entities can reach out to individuals.
New audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.
o Learn how changes to HIPAA came to pass
o Find out the details of the changes to HIPAA, including new definitions
o Understand how the changes affect your organization
o Plan for implementing new requirements
o Learn how to attain compliance
o Find out about new penalties and enforcement of HIPAA
o Discover the Changes to HIPAA Practices in the areas of:
A. Business Associates
B. Breach Notification
C. Accounting of Disclosures
D. Restriction of Disclosures
E. Enforcement, Audits, and Penalties
Who will benefit
Compliance director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Contracts Manager
Other CFPs
- Design Controls: What to know when it comes to FDA regulated industry?
- ISO14000: Environmental Management - Ins and Outs of Implementation and Understanding
- Document Approval, Control, and Distribution: How to Develop a Compliant, Cost Effective System
- Latin America: Regulatory Compliance Requirements for Life Science Products (Focus: Brazil, Mexico, Argentina)
- 3rd International ACM Sigsoft Symposium on Architecting Critical Systems
Last modified: 2011-10-19 22:14:49