New HIPAA rules: Make sure you are in compliance because your liability has increased

Healthcare providers have until September 23 to put into place internal policies and procedures needed to comply with sweeping changes coming to the Health Insurance Portability and Accountability Act (HIPAA).

In January, the U.S. Department of Health and Human Services (HHS) released a set of rules, known collectively as the omnibus rule, designed to supplement and modify the privacy, security, breach notification, and enforcement rules governing patient health information in HIPAA. HHS has made it clear that the September 23 compliance deadline is final. Penalties can range from $100 to $1.5 million depending on the violation.

For primary care and other physicians in private practice, compliance will mean:

  • conducting and documenting a risk analysis, which HHS defines as “an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability” of electronic protected health information (PHI) in your practice;

  • reviewing the practice’s policies and procedures for when PHI is lost or stolen or otherwise improperly disclosed, and making sure your staff members are trained in them;

  • ensuring that the electronic PHI your practice holds is encrypted so that it cannot be accessed if it is lost or stolen (see “Encrypting your patients’ health information”);

  • modifying the practice’s  electronic health record (EHR) system so that you can flag information a patient does not want shared with an insurance company;

  • having the ability to send patients their health information in an electronic format;

  • reviewing your contracts with any vendors that have access to your practice’s PHI; and

  • updating your practice’s notice of privacy practices.

Other provisions

Other provisions of the omnibus rule include restrictions on selling PHI or using it for marketing and fundraising purposes without obtaining the patient’s permission and loosening some of the restrictions on sharing PHI with family members or other caregivers of deceased patients. Disclosure is only permitted, however, to the extent that the PHI is relevant to the role the family member or caregiver played in the decedent’s treatment. Moreover, release is not permitted in cases in which the individual expressly stated before death that he or she did not want the PHI released.

The omnibus rule also permits doctors in states with compulsory vaccination laws to disclose a child’s immunization records to schools without obtaining formal authorization from parents. Physicians now can do so with only a verbal agreement, provided they document that they obtained the permission. Lastly, the rule prohibits health plans from using or disclosing genetic information for the purpose of insurance underwriting.

The rule also sets and describes the four categories of penalties for violating the rules and the dollar amounts for each.

The omnibus rule is the latest step in a process that began when Congress enacted the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. Among other provisions, the HITECH Act required HHS to strengthen HIPAA’s privacy and security protections for health information. HHS adopted interim rules for doing so in 2010 and finalized the rules with adoption of the omnibus rule.

Growth in EHRs drive changes

Driving many of the changes in the omnibus rule is the proliferation of EHRs and the accompanying digitization of patient information, says Jeffrey J. Cain, MD, FAAFP, president of the American Academy of Family Physicians (AAFP).

“The [original] HIPAA legislation is 15 years old now and was enacted at a time when EHRs were nothing more than a gleam in Microsoft’s eye, but now everyone’s using them, and the rules were seen to be in need of tightening up,” he says.

Angela Dinh Rose, director of health information management excellence for the American Health Information Management Association, says, “HITECH was a huge factor in pushing the adoption of health information technology, so along with that, Congress saw the need for improved privacy and security practices to protect patient information now that so much of it is becoming electronic.”

According to a study of breaches reported on the HHS Web site by Kaufman Rossin & Co., an accounting and consulting firm based in Miami, Florida, the number of individuals affected by data breaches doubled from 2010 to 2011, even though the number of entities involved in a breach declined (see “Summary of health breach information reported to HHS, 2010 to 2011,” below). The largest cause of breaches was theft (53%), followed by unauthorized access (20%) and loss (14%).

New rules for data breaches

The changes likely to have the greatest effect on medical practices are those concerning how PHI should be secured and kept private and what practices must do in case of a  breach—meaning the PHI is lost, stolen, or otherwise made available to someone who should not have it. Why? Whereas before the omnibus rule, breaches only had to be reported if they involved a “significant risk of harm,” now the presumption is that virtually any unauthorized disclosure of PHI may be a breach, unless the practice can demonstrate a low probability that the information has been compromised, explains Kenneth Rashbaum, JD, a health law attorney with Rashbaum Associates in New York, New York.

“These changes are a big deal because  the standard [of what constitutes a reportable breach] is much lower, and as a result there’s now a presumption of harm to the patient by virtue of the breah by the entity that made the disclosures,” Rashbaum says.

Given the new standard, the most important action practices can take to protect themselves against penalties, experts emphasize, is to encrypt patient data, both within the practice itself and when they are taken outside the practice in a laptop computer, smartphone, or other portable device.  Why? “In the [omnibus] rule now, they’re defining a breach as the loss of unsecured PHI,” explains Juli A. Ochs, CPA, healthcare engagement director for the consulting and accounting firm CliftonLarsonAllen LLP. “So anything that renders the data ‘unusable, unreadable, or undecipherable’ is now not considered a breach.”  (See “Encrypting your patient’s health information” below for suggestions on how to encrypt data in a way that meets HHS requirements.)

Determining risk of harm

Whenever a breach does occur, it is presumed to be reportable to HHS unless the practice can demonstrate a low risk of probability that the PHI will be compromised, meaning that anyone will be harmed as a result. Demonstrating the risk contains four components:

  • The nature and extent of the data involved. “Was the information just a list of patients? Did it include identifying data like Social Security numbers or other financial information? Were there intimate medical or psychotherapy records? Those are the types of questions that need to be asked,” says Aldo Leiva, JD, a data security and privacy attorney in Coral Gables, Florida.

  • The unauthorized person who used the PHI or to whom it was disclosed (something you can’t know if the breach resulted from a device being lost or stolen).

  • Whether the PHI was actually acquired or viewed.

  • The extent to which the risk has been mitigated after the fact. An example, Leiva says, might be having a contractor to whom the PHI accidentally was sent sign a non-disclosure agreement.

In addition, the rule requires practices to notify patients whose PHI has been breached within 60 days of discovery of the breach. If the breach affects more than 500 patients, then HHS and the local news media must be notified within the same 60-day timeframe. Practices must keep a log of all breaches regardless of the number of patients affected, and they must submit the log annually to HHS.

Another requirement of the rule is that practices and other covered entities conduct a risk analysis. The purpose of the exercise is to discover where the practice might be vulnerable to having its patient information lost or stolen—through theft of a laptop computer on which data are stored, for example—and putting in place policies and procedures to reduce those vulnerabilities.

“People get overwhelmed by this, because they think it needs to be a formal process,” Ochs says, “but it can be just everyone in the practice sitting down to talk about where are we vulnerable, assessing the risk of each vulnerability, deciding how to address it, and then documenting that they’ve gone through the process.”

In addition, practices should appoint a privacy and security officer with the responsibility for making sure the practice has policies and procedures for complying with the rules and that staff members are trained in them. Practices can—and often do—assign the responsibilities to a current employee rather than hire someone new, Ochs says. “The main thing is just that it’s assigned,” she adds.

Violators of the privacy and security rules will be fined in amounts ranging from $100 to $50,000 per violation (see “HIPAA rule violation categories and penalty amounts”). The maximum a practice or other covered entity can be fined in a year is $1.5 million.

Relations with business associates

After changes to the PHI security and breach notification rules, the omnibus rule changes of greatest interest to practices are those affecting their relationships with “business associates,” vendors that have access to a practice’s PHI. Such vendors are now directly responsible to HHS for securing and guarding the privacy of PHI in the same way that practices are, and they are subject to the same penalties.

“Before [the omnibus rule], physicians and medical organizations might be protecting patient data the way they were supposed to, but their third-party providers were not obligated except under the terms of their contract with the providers,” notes Jorge Rey, CISA, CISM, director of security and compliance for Kaufman, Rossin & Co. “Now the rules say that if you have access to patient healthcare-related information, you need to comply with all the privacy requirements.” The rule also puts subcontractors to practice vendors under HHS jurisdiction.

The increased responsibility of business associates does not let doctors off the hook entirely. That’s because even if the business associate loses PHI or has it stolen, the medical practice ultimately is responsible for notifying affected patients and reporting the breach to HHS.

Leiva notes that many health information technology (HIT) vendors and consultants include boilerplate language in their contracts absolving them from liability for data loss. Consequently, he advises reviewing all contracts with HIT vendors to ensure that their wording conforms with the omnibus rules governing relations between covered entities and their business associates. (A sample business associate agreement is available from the government at http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contr…)

Greater patient control

The third part of the omnibus rule affecting doctors’ practices concerns patients’ rights related to their own health information.

The rules gives patients the right to:

  • obtain copies of their health information in an electronic format within 30 days of requesting it, with one 30-day extension permitted, and

  • instruct his or her doctor not to share information about a test or treatment for which the patient has paid out-of-pocket with his or her insurance company.

In addition, the rule requires practices to update their notice-of-privacy practices (NPPs) to reflect the changes to patients’  rights included in the omnibus rule and requires sending the updated NPP to all patients and posting it prominently in the practice and on the practice’s Web site.

Complying with the changes likely will be challenging for doctors due to the limitations of EHR systems. “EHRs were designed so that you could share information easily between healthcare providers and insurance providers,” notes the AAFP’s Cain. “Now we have this law saying that if a patient pays cash, the condition won’t be revealed to insurance providers, which is problematic for the way most EHRs are built.”

The design of EHRs also makes it difficult to share information with individuals who don’t have EHRs, Cain notes. “That’s going to be a problem and something the vendors will have to help us with,” he says.

In the meantime, possible alternatives include joining a private health information exchange network or a one of the regional or statewide networks many states are establishing. Regional extension centers and state and local medical societies are good sources of information about health information exchange networks.

Doctors should ask their EHR vendors about a timetable for implementing a function that allows them to meet the requirement by the September 23 deadline, advises Lisa Gallagher, CISM, vice president of technology solutions for the Healthcare Information and Management Systems Society.  If a vendor won’t be ready to provide such a feature, then the practice will have to still find a way to meet the requirement, maybe through a different way of recording the patient’s data until the function is available, Gallagher says.

“Sometimes regulatory requirements are misaligned,” she adds. “What’s happened here is the requirement for the provider to do something, and the requirement hasn’t made its way down to the vendor. But the important thing for everyone to realize is that HHS has said this requirement is going into effect and you have to meet it.”

Cain says that most AAFP members understand the need to provide patients with greater control over who can see their information and the need to guard confidentiality generally. Nevertheless, “it does add another layer of administrative complexity to managing an office practice,” he says.

 “All the rules are well-intentioned, but they may interact in ways that aren’t understood when they are developed,” Cain adds. “The law of unintended consequences is challenging for office-based physicians.”


What would you like to know about HIPAA? Post your questions to our Facebook page at www.facebook.com/MedicalEconomics or email us at medec@advanstar.com. We’ll present answers in future articles.


HIPAA rule violation categories and penalty amounts

The Health Insurance Portability and Accountability Act omnibus rule establishes four “tiers” of violations, based on what it terms “increasing levels of culpability,” with a rage of fines for each tier.

Violations of the same requirement or prohibition for any of the categories are limited to $1.5 million per calendar year.

The language of the rule states that actual dollar amounts will be based on “the nature and extent of the violation, the nature and extent of the resulting harm, and other factors…includ[ing] both the financial condition and size of the covered entity or business associate.”

Knowing what to expect in a HIPAA audit is the key to passing it

Knowing what to expect in a HIPAA audit is the key to passing itHealthcare professionals have to mandatorily carry out HIPAA audits in a way that satisfies the regulatory authorities. This needs a thorough understanding of the exact meaning and import of words contained in HIPAA. They also need to get a grasp of the purpose and intent conveyed in HIPAA’s language. This is absolutely essential for both the Covered Entity and the Business Associate to ensure HIPAA survival.

Other challenges

wordpress-2017-SEO

A new challenge has come up. For 2017, the federal government is set to increase the Office of Civil Rights (OCR)’s budget by 10 percent with the intention of increasing the OCR’s resources for carrying out HIPAA audits and to also reinforce the OCR’s efforts towards HIPAA audits.

Also, the OCR now requires Business Associates and Covered Entities to show compliance with around 180 areas as part of Phase 2 of HIPAA with a response window of just 10 days. The OCR has also clearly stated that its audit protocol is no longer going to be satisfied with general and vague references to policy documents from Covered Entities and Business Associates when they are required to furnish documents to corroborate their work. They have to furnish the specific and exact documents that the OCR asks for during a HIPAA audit.

So, to ensure HIPAA survival, Covered Entities and Business Associates need to put a process in place and make sure they control and implement it with the maximum assiduousness and thoroughness. This is to be ensured all the time, every time.

Learning on what it takes for HIPAA survival

Learning on what it takes for HIPAA survival

A proper grasp of the art of HIPAA survival will be the expert guidance a two-day seminar from GlobalCompliancePanel, a highly popular provider of professional trainings for the areas of regulatory compliance, will be offering. Want to benefit from it? Then, please enroll for it by visiting Knowing what to expect in a HIPAA audit is the key to passing it

The Director of this two-day seminar is Brian L Tuttle, a senior Compliance Consultant & IT Manager at InGauge Healthcare Solutions. The aim of this seminar is to arm regulatory compliance professionals with total guidance on how practice managers need to prepare for HIPAA audits. Since many changes have been suggested for 2017 for HIPAA; Brian will throw light on what changes can be expected under the Omnibus Rule and any other applicable updates for 2017.

The Director will bust the various misconceptions and myths about HIPAA, which are a major obstacle to ensuring HIPAA survival. He will explain real life audits conducted by the Federal government to explain HIPAA survival from his experience of having been in over a thousand risk assessments during his career.  He will also illustrate which the highest risk factors for being sued for wrongful disclosures of PHI are, and the manner in which patients are now using state laws to sue for wrongful disclosures.

During the course of this seminar, Brian will cover the following areas:

History of HIPAA

HITECH

HIPAA Omnibus Rule

How to perform a HIPAA Security Risk Assessment

What is involved in a Federal audit and how is it conducted

Risk factors for a federal audit

EHR and HIPAA

Business Continuity/Disaster Recovery Planning

Business Associates and HIPAA

In depth discussions on IT down to the nuts and bolts

BYOD

Risk factors that can cause an audit (low hanging fruit)

New rules which grant states ability to sue citing HIPAA on behalf of a patient

New funding measures

 

 

 

HIPAA compliance expectations from Small Healthcare Providers

For The Health Information Portability and Accountability Act (HIPAA), the Business Associate is a major component. According to HIPAA, a Business Associate (BA) is an organization or a person who works with or provides service to a Covered Entity. A CE is one who handles or discloses Protected Health Information (PHI). This makes a Business Associate any person or entity that is involved in creating, receiving, maintaining or transmitting PHI to a CE for a purpose or activity or function as mandated and regulated by the HIPAA Privacy Rule.

Small businesses struggle with meeting HIPAA requirements

There are specific requirements that small healthcare practices need to put in place and to show that their program is current and meets the regulatory requirements set out in HIPAA. They need to conceive and implement a HIPAA compliance program that meets the requirements set out in this legislation. The compliance program should not only be adequate; it should be robust and resilient enough to withstand HIPAA’s strict scrutiny at various levels.

Helping small healthcare providers with the knowledge and skill needed for meeting HIPAA requirements is the purpose of a two-day seminar that is being organized by GlobalCompliancePanel, a leading provider of professional trainings for all the areas of regulatory compliance. At this seminar, Jay Hodes, who is a leading expert in HIPAA compliance and President of Colington Consulting, which provides HIPAA consulting services for healthcare providers and Business Associates, will be the Director.

Want to get a complete understanding of the requirements that small healthcare providers need to meet to comply with HIPAA requirements? Just register for this learning session by visiting HIPAA compliance expectations from Small Healthcare Providers.

Full explanation of what all a small business provider needs to do

This seminar is particularly created for small healthcare providers who have a difficulty in understanding the HIPAA compliance requirements and meeting them. It will be useful for those of various business sizes, but is primarily focused on the small healthcare provider. Jay will impart the kind of teaching with which organizations will be able to meet all of the HIPAA, HITECH, and Omnibus Rules.

The basis to implementing the requirements of compliance program is to first fully understand them. This is the learning that this seminar will offer. At the end of two days of intense learning that will be interspersed with lively presentations; participants will have inculcated a full grasp of all of the requirements for a comprehensive HIPAA compliance program. They will also have got a clear understanding of the kind of steps that they need to take to mitigate risk.

Steps needed to develop, review and amend HIPAA

The Director will include practical exercises over these two days that will help participants know all that is needed for developing, reviewing, and amending HIPAA policy and procedure. He will equip the participants with a clear roadmap for what needs to be place when it comes to all of the HIPAA regulations.

Over the two days, Jay will cover the following areas:

o  Why was HIPAA created?

o  Who Must Comply with HIPAA Requirements?

o  What are the HIPAA Security and Privacy Rules?

o  What are the Consequences of being a Business Associate

o  What is a HIPAA Compliance Program for a Business Associate?

o  What is a HIPAA Risk Management Plan?

o  What is a HIPAA Risk Assessment?

o  What is the Role of the HIPAA Security Official?

o  What are HIPAA training requirements?

o  What is a HIPAA data breach and what happens if it occurs?

o  What are the penalties and fines for non-compliance and how to avoid them

o  Case Examples of HIPAA Data Breaches

o  Creating a Culture of Compliance

o  Q&A.

Seminar Calendar of Upcoming Courses – June to July – 2017

Upcoming-Courses-for-French-Circles-Club

GlobalCompliancePanel’s seminars are a wonderful opportunity for professionals in the regulatory compliance areas to understand the latest happenings and updates in the regulatory compliance areas and to implement them, something they need to climb in their professions. GlobalCompliancePanel brings together a few of the best recognized names in the field of regulatory compliance on its panel of experts. The result: Learning that is effective, valuable and helpful.

GlobalCompliancePanel’s experts help you unravel all the knowledge you need in all the areas of regulatory compliance. At these seminars which are held all over the globe, you get to interact with them in person, so that any doubt or clarification you have is sorted out by none other than the honcho. They help professionals like you implement the regulations and stay updated, so that regulatory compliance causes no stress for you.

GlobalCompliancePanel’s experts offer their insightful analysis into the issues that are of consequence to regulatory professionals in their daily work. Their thoughts help you implement the best practices of the industry into your work. They also offer updates on the latest regulatory requirements arising out of a host of the laws and issues related to regulatory compliance, including, but not limited to medical devices, food and beverages, pharmaceuticals, life sciences, biotechnology and pharmaceutical water systems.

Take a look at our upcoming webinars from GlobalCompliancePanel, which will put you on the road to learning about any area that is of importance to your profession. You can plan your learning from GlobalCompliancePanel by looking at our seminars in the next few weeks at locations of convenience to you. You can choose from a whole range of topics. See which among these trainings suit you: Design of Experiments (DOE) for Process Development and Validation, Writing and implementing effective SOP’s, new FSMA rules, risk management and device regulations, data integrity, combination products, and what have you!

Contact us today!
NetZealous LLC DBA GlobalCompliancePanel
john.robinson@globalcompliancepanel.com
Toll free: +1-800-447-9407
FAX : 302 288 6884
Website: http://bit.ly/Courses-June-to-July-2017

HIPAA’s compliance expectations from Business Associate

 

The Health Information Portability and Accountability Act (HIPAA) regards the Business Associate as a major player. HIPAA defines the Business Associate (BA) as either an organization or a person who works with or provides service to a Covered Entity, who in turn is defined as one who handles or discloses Protected Health Information (PHI).

So, a Business Associate is any person or entity that is involved in creating, receiving, maintaining or transmitting PHI to a Covered Entity for a purpose or activity or function as mandated and regulated by the HIPAA Privacy Rule.

Getting compliance right is complicated

While there is no ambiguity about the definition of a Business Associate; what is vague and confusing is the set of roles, responsibilities and requirements expected from a BA. HIPAA has a lot of expectations from the Business Associate. It expects total and complete compliance with the requirements it has set out for Business Associates.

The HITECH Act has recently made changes and updates, raising the bar of expectations from Business Associates. The reasoning for these changes is that the role of the Business Associate is critical, and its functions need to keep changing from time to time to accommodate the changes in technology, best practices, etc. As a result, it has extremely stringent mandates regarding the way a Business Associate handles and uses health information, which is confidential and highly valuable.

Compliance is not negotiable

A Business Associate has to show compliance with a wide range of regulatory requirements. The core areas of HIPAA compliance, such as privacy obligations, security standards, and breach notification requirements, are all where the Business Associate’s work is heavily regulated. A small deviation is viewed very seriously by the OCR. Punitive actions from the OCR are damaging to the Business Associate. The only way of avoiding these penal actions is to be completely compliant with the HIPAA expectations.

All these do not mean that Business Associates should dread HIPAA compliance implementation. They can become successful at their business if they get a complete grasp of HIPAA’s compliance requirements. They need clarity on a number of areas. Once their problem areas are addressed, they are sure to become successful in their business.

Come and get complete understanding of HIPAA compliance for Business Associates

It is with the aim of imparting this understanding that GlobalCompliancePanel, a leading provider of professional trainings for all the areas of regulatory compliance, will be organizing a two-day seminar. Jay Hodes, who is a leading expert in HIPAA compliance and President of Colington Consulting, which provides HIPAA consulting services for healthcare providers and Business Associates, will be the Director of this seminar.

In order to get a complete grasp of the compliance requirements that HIPAA has for Business Associates, please register for this highly valuable seminar by logging on to HIPAA’s compliance expectations from Business Associate.

Total understanding of the requirements for Business Associates

The main aim of this course is to clear the confusions about the roles, requirements and responsibilities of the Business Associate, a role that is often shrouded in haziness. it is only when this is done that Business Associates will have the confidence to enter into contracts for providing services as a vendor or subcontractor. Jay will equip participants with complete understanding of what they must put in place to meet these requirements. In other words, he will help them get complete clarity on HIPAA compliance regulations for Business Associates.

The seminar will be very in-depth, as Jay will start with an understanding of the basics, such as why HIPAA was created, which will help participants get to the deeper aspects of HIPAA compliance requirements. Over the course of these two days, Jay Hodes will cover the following areas at this seminar:

  • Why was HIPAA created?
  • Who Must Comply with HIPAA Requirements?
  • What are the HIPAA Security and Privacy Rules?
  • What are the Consequences of being a Business Associate
  • What is a HIPAA Compliance Program for a Business Associate?
  • What is a HIPAA Risk Management Plan?
  • What is a HIPAA Risk Assessment?
  • What is the Role of the HIPAA Security Official?
  • What are HIPAA training requirements?
  • What is a HIPAA data breach and what happens if it occurs?
  • What are the penalties and fines for non-compliance and how to avoid them
  • Case Examples of HIPAA Data Breaches
  • Creating a Culture of Compliance
  • Q&A.

HIPAA survival is not difficult. It just requires good comprehension.

how-to-improve-patient-education-denteractive

You can take this bet: Try finding out from any healthcare industry professional what she considers the biggest professional challenge of hers, and HIPAA survival would surely not miss out from any healthcare professional’s list. Why? Simply because HIPAA audits are complex.  Period.

So, is the toughness and complexity of HIPAA audits such that one should run away from it? Healthcare professionals are not given this option. They have to mandatorily carry out HIPAA audits in such a way that it satisfies the regulatory authorities. This needs a thorough understanding of the exact meaning and import of words contained in HIPAA. In addition, carrying out successful HIPAA audits, which is what HIPAA survival essentially is all about, requires the healthcare professional in the organization in which HIPAA audits take place, to get a grasp of the purpose and intent conveyed in HIPAA’s language.

This thorough understanding of the meaning and intent of what is contained in HIPAA is absolutely essential for both the Covered Entity and the Business Associate to ensure HIPAA survival.

One challenge upon another

And, in addition to the already existing complexity in HIPAA, which many healthcare professionals consider as an obstacle to HIPAA survival; an additional step has been hemmed into HIPAA audits. It is this: For 2017, the federal government is set to increase the Office of Civil Rights (OCR)’s budget by a good 10 percent. This is being done with one simple intention: To increase the OCR’s resources for carrying out HIPAA audits and to also reinforce the OCR’s efforts towards HIPAA audits.

This is not all. HIPAA survival has been made even more difficult, as the OCR now requires Business Associates and Covered Entities to show compliance with around 180 areas as part of Phase 2 of HIPAA. The time given for response: A mere 10 days.

Any Business Associate or Covered Entity which thinks that these are all to the additional aspects of HIPAA survival are mistaken. Yet another issue compounds the misery of the whole task of HIPAA survival: The OCR’s audit protocol is no longer going to be satisfied with general and vague references to policy documents when they are required to furnish documents to corroborate their work. They have to furnish the specific and exact documents that the OCR asks for during a HIPAA audit. Isn’t HIPAA survival a really tough ask for Covered Entity or a Business Associate?

No room for relaxation

The OCR expects complete and total adherence to its requirements, no matter how tough they may seem. Just a little slackening of effort anywhere down the line can severely impede the preparation for Phase 2 HIPAA audits. This is bound to result in serious issues for the Covered Entity and Business Associate, who simply cannot drop guard even for a second.

If there was any feeling that anyone who is subject to a HIPAA audit can relax a trice, all that has been destroyed by the OCR’s decisions on HIPAA audits for 2017. Its additional measures mean that HIPAA survival is real and serious. To ensure HIPAA survival, Covered Entities and Business Associates need to put a process in place and make sure they control and implement it with the maximum assiduousness and thoroughness. This is to be ensured all the time, every time.

An opportunity to learn what it takes for HIPAA survival

Given the severity of HIPAA survival, it is necessary for those who are subject to HIPAA audits, especially Covered Entities and Business Associates, at whom the new regulations are primarily aimed, to understand the art of HIPAA survival.

This expert guidance is what a two-day seminar from GlobalCompliancePanel, a highly popular provider of professional trainings for the areas of regulatory compliance, will be offering. Please visit HIPAA survival is not difficult. It just requires good comprehension to register for this seminar.

The Director of this two-day seminar is Brian L Tuttle, a senior Compliance Consultant & IT Manager at InGauge Healthcare Solutions. The aim of this seminar is to arm regulatory compliance professionals with total guidance to about how practice managers need to prepare for HIPAA audits. Since many changes have been suggested for 2017 for HIPAA; Brian will throw light on what changes can be expected under the Omnibus Rule and any other applicable updates for 2017.

The Director will explode the various misconceptions and myths about HIPAA, which are a major obstacle to ensuring HIPAA survival. He will explain real life audits conducted by the Federal government to explain HIPAA survival.  He will also illustrate which the highest risk factors for being sued for wrongful disclosures of PHI are, and the manner in which patients are now using state laws to sue for wrongful disclosures.

During the course of this seminar, Brian will cover the following areas:

  • History of HIPAA
  • HITECH
  • HIPAA Omnibus Rule
  • How to perform a HIPAA Security Risk Assessment
  • What is involved in a Federal audit and how is it conducted
  • Risk factors for a federal audit
  • EHR and HIPAA
  • Business Continuity/Disaster Recovery Planning
  • Business Associates and HIPAA
  • In depth discussions on IT down to the nuts and bolts
  • BYOD
  • Risk factors that can cause an audit (low hanging fruit)
  • New rules which grant states ability to sue citing HIPAA on behalf of a patient
  • New funding measures

 

GlobalCompliancePanel announces Seasonal offers for Professionals with Flat 50% OFF on all Seminars

9ad816e7329ad74d53132accd3156c40

Do celebrations need a cause and a reason? Yes, and GlobalCompliancePanel, a leading provider of professional trainings for the regulatory compliance areas, is having a solid cause and reason for doing so. It is celebrating the many years of its relationship with its customers spread all over the world by offering its trainings at a massive 50% discount!

Yes, that is right. GlobalCompliancePanel’s seminars will be available for a huge 50% discount till April 30. Regulatory professionals who want to augment their knowledge of regulatory compliance can now do so by paying just half the price of these trainings from GlobalCompliancePanel. All that is needed to do walk away with a rare offer such as this is to visit https://www.globalcompliancepanel.com/seminar?wordpress_SEO and use MGCP50 Promo Code.

This offer is valid till April 30, 2017. Regulatory professionals who want to take any of GlobalCompliancePanel’s trainings can book their trainings for an area of their interest by this date. From April 1 onwards, this offer will cease, meaning that the original price will apply from then.

So, why is GlobalCompliancePanel offering this discount? It is for a simple, but profound reason: It wants to thank its huge customer base for the support they have been extending to this company over the many years for which it has been in business. During the course of the 10 years for which GlobalCompliancePanel has been in business, it has trained thousands of regulatory compliance professionals from around the world.

These professionals, belonging to such varied geographies as the US and Japan and India and Canada, have been able to meet their regulatory compliance challenges on account of these trainings. These trainings are relevant, focused and valuable, and are from some of the best known regulatory compliance Experts found anywhere on this planet.

It is these trainings that have been hoping these professionals in the regulatory compliance arena gain more insights into regulations from the FDA, the EMA and other such bodies around the world. These trainings have been consistently helping them to meet these challenges, as they give them a better and sharper understanding of the implementing these requirements.

These regulatory requirements can pose hurdles to the most experienced and brightest of regulatory compliance professionals in the medical devices, pharmaceutical, life sciences and food and biologicals areas, but not to those who undertake professional trainings from GlobalCompliancePanel. GlobalCompliancePanel’s panel of experts is here to help them overcome these challenges and hurdles.

This trend has been being witnessed from the time GlobalCompliancePanel entered the line of professional trainings. Any wonder then, that no fewer than 50,000 professionals have benefited from these trainings? What could be a better way of thanking such a huge base of customers than with this offer? GlobalCompliancePanel believes that a celebration should also be useful, and this is that this offer is!

Hurry up and enroll today. Happy learning!