2012 - Live webcast on New Rules for HIPAA Business Associates: How the changes to HIPAA create new compliance obligations By compliance2go
Date2012-06-19
Deadline2012-06-19
Venuehouston, USA - United States
KeywordsTraining, web seminar,FDA,Japan,EU, pharmaceutical and biologic products, Life Science Industry, CE Marking, Medical Device R&D, Clinical research and medical operations
Topics/Call fo Papers
DESCRIPTION
Under regulations now being finalized, Business Associates of HIPAA Covered Entities will be covered directly under the HIPAA regulations, and will have to create HIPAA Privacy, Security, and Breach Notification compliance programs. In addition, any subcontractors of Business Associates will fall under the same rules and will need to be HIPAA compliant.
Areas Covered in the Session:
* Learn about the new requirements for HIPAA Business Associates
? Find out what is changing in the regulations for Business Associates
? Learn how the definition of BA has been significantly expanded
? Learn what goes into a proper Business Associate Agreement
? Find out about the new, higher enforcement penalties
? Learn about the new violation categories
? Learn about being prepared for a HIPAA Compliance Audit
Agenda:
I. Old Ways, New Ways - Changes to the Rules
A. Origins of Changes to Business Associate Rules
B. New Definitions of Business Associates
C. Contractors of Business Associates
II. New Requirements and Changed Requirements for HIPAA Business Associates
A. HITECH Act Required Capabilities
B. Required Amendments to BAAs
C. BAA Provisions to Consider
D. Transitioning to the New Rules
III. Enforcement and Audits
A. New HIPAA Violation Categories
B. New HIPAA Penalty Structure
C. Preparing for HIPAA Audits
Why should you Attend:
In the past, business associates of HIPAA covered entities were not directly covered under HIPAA and were required to conduct themselves only according to the contract with the covered entity being served. The American Recovery and Reinvestment Act of 2009 (ARRA) establishes new requirements for business associates (BAs) who handle the protected health information of covered entities under HIPAA. In addition, Federal Breach Notification requirements for health information directly impact the relationship of covered entities, business associates, and their subcontractors.
New HIPAA regulations being finalized in 2012 put HIPAA business associates and their subcontractors directly under the HIPAA rules and make them responsible for the privacy and security of the information they handle, as well as liable for violations under the rules. Now BAs will need to be in compliance with HIPAA Privacy and Security protections, and must also treat all their contractors as BAs as well, meaning that new agreements must be established between parties that have not formerly been required to have formal agreements, and existing agreements must be amended. And the business associate definition now is expanded to include entities such as health information exchanges, regional health information organizations, and e-prescribing gateways.
Under the proposed regulations, specific language must be incorporated in all HIPAA BA agreements, and ARRA requires that business associates can be subject to random compliance audits by the US Department of Health and Human Services. HIPAA breach notification requirements enacted in 2009 also apply to business associates, which means that all existing agreements must be examined to ensure that liability, indemnification, and notification are properly covered in the agreements.
Description of the topic:
? The new HIPAA Business Associate rules change the game for HIPAA compliance responsibility. We will discuss how the responsibilities have changed and how the changes affect both Business Associates and Covered Entities. Not only have the rules changed, but also there are new kinds of businesses now covered as HIPAA BAs such as Health information exchanges, e-prescribing initiatives, patient safety organizations, and now even the subcontractors of Business Associates, greatly expanding the pool of entities directly under Federal health care regulation.
? The new rules require updating all existing Business Associate Agreements (BAAs). We will discuss what goes into a compliant HIPAA Business Associate agreement, including what's required and what's advisable to protect parties in the event of breaches. The new regulatory language for HIPAA business associates will be explained and discussed. How a BA deals with making their contractors BAs under the new rules will be examined, and the chain of Business Associate relationships will be discussed.
? The new responsibilities for business associates will be explored, as well as the new liabilities for business associates under the rules. In essence, Business Associates are now subject to the same Security Rule safeguards, and restrictions on uses and disclosures under the Privacy Rule, as Covered Entities, and are equally as responsible for adopting BAAs and equally subject to penalties for violations.
? What goes into a compliance plan will be discussed and we will discuss how to develop your compliance plan and how to prepare for a HIPAA audit. Showing your compliance is a matter of showing that you have adopted sufficient policies and procedures, and that you have been using them through documented actions.
? The new HIPAA penalty structure will be discussed, including new criminal penalties for individuals involved with wrongful disclosures, new mandatory penalties for willful neglect of compliance (starting at $10,000 and going up), and the new, four-tier penalty structure and definitions.
? The session will provide attendees the following tools, benefits, and solutions:
- The audience will learn how business associates are now handled under the law and the proposed regulations and what has changed from the old rules.
- The suggested and required content for a compliant business associate agreement will be presented.
- Issues of how to assign liability and costs in the event of a breach will be discussed.
- Current BAs will learn what they have to do to get their contractors established as their business associates.
- BAs will discover the new obligations on them to ensure their clients comply with HIPAA in their dealings with the BA.
- BAs will learn how to be prepared for compliance audits and avoid the mandatory penalties for willful neglect of compliance.
Who will benefit: The designations
Compliance director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Contracts Manager
About Speaker
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of Virginia, New York City, New York State, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Under regulations now being finalized, Business Associates of HIPAA Covered Entities will be covered directly under the HIPAA regulations, and will have to create HIPAA Privacy, Security, and Breach Notification compliance programs. In addition, any subcontractors of Business Associates will fall under the same rules and will need to be HIPAA compliant.
Areas Covered in the Session:
* Learn about the new requirements for HIPAA Business Associates
? Find out what is changing in the regulations for Business Associates
? Learn how the definition of BA has been significantly expanded
? Learn what goes into a proper Business Associate Agreement
? Find out about the new, higher enforcement penalties
? Learn about the new violation categories
? Learn about being prepared for a HIPAA Compliance Audit
Agenda:
I. Old Ways, New Ways - Changes to the Rules
A. Origins of Changes to Business Associate Rules
B. New Definitions of Business Associates
C. Contractors of Business Associates
II. New Requirements and Changed Requirements for HIPAA Business Associates
A. HITECH Act Required Capabilities
B. Required Amendments to BAAs
C. BAA Provisions to Consider
D. Transitioning to the New Rules
III. Enforcement and Audits
A. New HIPAA Violation Categories
B. New HIPAA Penalty Structure
C. Preparing for HIPAA Audits
Why should you Attend:
In the past, business associates of HIPAA covered entities were not directly covered under HIPAA and were required to conduct themselves only according to the contract with the covered entity being served. The American Recovery and Reinvestment Act of 2009 (ARRA) establishes new requirements for business associates (BAs) who handle the protected health information of covered entities under HIPAA. In addition, Federal Breach Notification requirements for health information directly impact the relationship of covered entities, business associates, and their subcontractors.
New HIPAA regulations being finalized in 2012 put HIPAA business associates and their subcontractors directly under the HIPAA rules and make them responsible for the privacy and security of the information they handle, as well as liable for violations under the rules. Now BAs will need to be in compliance with HIPAA Privacy and Security protections, and must also treat all their contractors as BAs as well, meaning that new agreements must be established between parties that have not formerly been required to have formal agreements, and existing agreements must be amended. And the business associate definition now is expanded to include entities such as health information exchanges, regional health information organizations, and e-prescribing gateways.
Under the proposed regulations, specific language must be incorporated in all HIPAA BA agreements, and ARRA requires that business associates can be subject to random compliance audits by the US Department of Health and Human Services. HIPAA breach notification requirements enacted in 2009 also apply to business associates, which means that all existing agreements must be examined to ensure that liability, indemnification, and notification are properly covered in the agreements.
Description of the topic:
? The new HIPAA Business Associate rules change the game for HIPAA compliance responsibility. We will discuss how the responsibilities have changed and how the changes affect both Business Associates and Covered Entities. Not only have the rules changed, but also there are new kinds of businesses now covered as HIPAA BAs such as Health information exchanges, e-prescribing initiatives, patient safety organizations, and now even the subcontractors of Business Associates, greatly expanding the pool of entities directly under Federal health care regulation.
? The new rules require updating all existing Business Associate Agreements (BAAs). We will discuss what goes into a compliant HIPAA Business Associate agreement, including what's required and what's advisable to protect parties in the event of breaches. The new regulatory language for HIPAA business associates will be explained and discussed. How a BA deals with making their contractors BAs under the new rules will be examined, and the chain of Business Associate relationships will be discussed.
? The new responsibilities for business associates will be explored, as well as the new liabilities for business associates under the rules. In essence, Business Associates are now subject to the same Security Rule safeguards, and restrictions on uses and disclosures under the Privacy Rule, as Covered Entities, and are equally as responsible for adopting BAAs and equally subject to penalties for violations.
? What goes into a compliance plan will be discussed and we will discuss how to develop your compliance plan and how to prepare for a HIPAA audit. Showing your compliance is a matter of showing that you have adopted sufficient policies and procedures, and that you have been using them through documented actions.
? The new HIPAA penalty structure will be discussed, including new criminal penalties for individuals involved with wrongful disclosures, new mandatory penalties for willful neglect of compliance (starting at $10,000 and going up), and the new, four-tier penalty structure and definitions.
? The session will provide attendees the following tools, benefits, and solutions:
- The audience will learn how business associates are now handled under the law and the proposed regulations and what has changed from the old rules.
- The suggested and required content for a compliant business associate agreement will be presented.
- Issues of how to assign liability and costs in the event of a breach will be discussed.
- Current BAs will learn what they have to do to get their contractors established as their business associates.
- BAs will discover the new obligations on them to ensure their clients comply with HIPAA in their dealings with the BA.
- BAs will learn how to be prepared for compliance audits and avoid the mandatory penalties for willful neglect of compliance.
Who will benefit: The designations
Compliance director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Contracts Manager
About Speaker
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of Virginia, New York City, New York State, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Other CFPs
- Live webinar on Drug Master Files (DMFs) - Understanding and Meeting Your Global Regulatory and Processing Responsibilities By Compliance2go
- Live Web seminar on Import Compliance- How to Reduce Your Import Risks By compliance2go
- Live webinar on 21 CFR Part 11: Audit Trails ? Ins and Outs BY Compliance2go
- Live webinar on An Approach to Fair Lending and UDAAP By Compliance2go
- Live webinar on Effective Root Cause Analysis and CAPA Program BY Compliance2go
Last modified: 2012-05-26 02:58:42