Instant Discount
Purchase Any WEBINAR And Get Off
Speaker |
Jim Sheldon Dean |
Industry |
HIPAA and Compliance Conference |
Speciality |
HIPAA and Compliance Conference |
Available |
All Days |
Duration |
90 Minutes |
Description
The US Department of Health and Human Services (HHS) has been busy with enforcement focused on individual access as well as new areas and on new kinds of entities, and compliance responsibilities for HIPAA Business Associates have been clarified. At the same time enforcement has been relaxed during the pandemic emergency for some HIPAA Business Associate requirements pertaining to telemedicine and vaccination appointments.
Session Highlights
Areas Covered
While the worldwide pandemic has prompted some relaxation of HIPAA requirements in specific circumstances to ease the provision of medical services while preserving social distancing requirements and addressing emergency vaccination needs, enforcement of HIPAA has continued.
HHS OCR has focused heavily on compliance with the HIPAA rules on individual access to information, with more than three dozen enforcement settlements since September of 2019, and the new Information Blocking rules provide a fresh impetus for HHS to keep up the pressure. At the same time, enforcement actions continue for other violations, such as systemic noncompliance, lack of security risk analysis, and improperly addressed business relationships between affiliated entities.
Recent enforcement actions show a willingness for HHS to work in conjunction with State Attorneys General to bring about settlements for violations of several laws at once, a new emphasis on the importance of prompt action on requests for individual access to Protected Health Information (PHI), and a new crack-down on doctors’ responding to patients’ social media posts and including PHI in the posting.
New guidance from HHS about the liability of Business Associates for compliance makes it more clear what Business Associates are liable for, and what responsibilities for HIPAA compliance remain in the Covered Entities’ hands. Both Covered Entities and Business Associates need to be prepared for the enforcement distinctions and responsibilities.
In this session, we will discuss the enforcement actions that have been taken, and the lessons that can be learned from those actions. We will explore what kind of issues were most prevalent and what kind of entities had the most problems, and show where entities need to improve their compliance the most based on real enforcement experience.
Even though the HIPAA audit program is on hold for at least the time being, that doesn’t mean there will be no enforcement of the HIPAA rules. In fact, preparing for a HIPAA Audit is one of the best ways to be ready to respond to any enforcement action, and going through an internal HIPAA Audit will help you find issues before they become problems that can lead to penalties.
USDHHS has published a protocol for HIPAA audits, so it is possible to know how to prepare for an audit or enforcement review. Nearly any healthcare-covered entity may be subject to an audit or enforcement investigation; all entities need to know what kinds of questions they’ll be asked, what information they'll need to provide, and how to prevent issues that could lead to violations and fines. Being ready to reply to an inquiry can help minimize potential penalties.
Why Should You Attend
The HHS Office for Civil Rights (OCR) has indicated a new emphasis on the culpability of organizations when determining penalties for rule violations. If you have taken steps to be in compliance, you will be treated less severely than if you have ignored compliance. Taking steps to meet compliance requirements can help minimize potential penalties, according to the new HIPAA Safe Harbor Law.
Who Should Attend
(Principal and Director of Compliance Services)
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than two decades of experience specializing in HIPAA compliance, four decades of experience in policy analysis and implementation, business process analysis, information systems, and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.