Upcoming Changes with HIPAA 2019

The entire HIPAA Security Rule and uncover simple methods to comply and create policy.

The entire HIPAA Security Rule and uncover simple methods to comply and create policy.
The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information all over regarding the do’s and don’ts with HIPAA – I want to add clarity for compliance officers.

It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

Do you know all of the requirements of this enigmatic law? Are you abiding by them?

My goal is to make this extremely complex enigma known as “HIPAA” very easy to understand with a painless step by step approach to an otherwise harrowing task Times have changed and new laws are now in place concerning protected health information.

The best way to protect your practice or business and save yourself future headaches and possible litigation or Federal fines is to be proactive instead of reactive This once rarely enforced law has changed and you need to know what’s going on! Protect your practice or business!

These day’s trial attorney’s pose an even higher risk than the Federal government!

State laws are now in place increasing liability for patient remedies!

What factors might spurn a lawsuit or a HIPAA audit? are you doing these things?

We will be discussing 2019 changes taking place in Washington with the Health and Human Services regarding the enforcement of the HIPAA laws already on the books as well as some detailed discussions on the audit process and some current events regarding HIPAA cases (both in courtrooms and from live audits)

Instructor cover all these areas:

  • Study all 18 Standards and 44 Implementation Specifications of the regulations
  • Updates for 2019
  • Requirements of Compliance Officers
  • New definition of what constitutes protected health information
  • Real life litigated cases
  • BYOD
  • Portable devices
  • Business associates and the increased burden
  • Emailing of PHI
  • Texting of PHI
  • Federal Audit Process
  • HIPAA and suing – how this works
  • Risk Assessment
  • Best resources

Virtual Seminar on HIPAA Training for Compliance Officer

This 6-hour seminar will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT.

The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information regarding the do’s and don’ts with HIPAA -I want to add clarity for compliance officers and what you guys need to do and how to best implement your HIPAA program based on over 18 years of personal experience working with Federal auditors, state auditors, and corporate auditors.

We will go through multiple scenarios that are commonly faced by compliance officers and how to manage these situations

I will also speak to real life litigated cases I have worked where HIPAA is being used to justify state cases of negligence -THIS IS BECOMING A HUGE RISK!

In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).

Why you should attend

Join me in this in depth 6-hour seminar where we will get into the nitty-gritty about the roles and responsibilities of a HIPAA Compliance Officer.

Do you have an affective HIPAA compliance program? Do you know what needs to be done to satisfy the requirements?

New laws, funding, and enforcement mean increased risk for both business associates and covered entities – 2017 was a record year for enforcement and fines – 2018 will be no different.

HIPAA Omnibus – Do you know what’s involved and what you need to do?

What does Omnibus mean for covered entities and business associates?

Why should you be concerned?

Court cases that are changing the landscape of HIPAA and patient’s ability to sue!

TRIAL ATTORNEYS ARE MORE DANGEROUS THAN THE FEDERAL GOVERNMENT!!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates. You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.

Who Will Benefit

  • Practice Managers
  • Any Business Associates who work with medical practices or hospitals (i.e. billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc)
  • MD’s and other medical Professionals

Agenda

  • Updates for 2019
  • Requirements of Compliance Officers
  • New definition of what constitutes protected health information
  • Real life litigated cases
  • BYOD
  • Portable Devices
  • Business associates and the increased burden
  • Emailing of PHI
  • Texting of PHI
  • Federal Audit Process
  • HIPAA and suing – how this works
  • Risk Assessment
  • Ransomware and how to avoid
  • What to do when a breach occurs
  • Best Resources

Speaker Profile

Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years’ experience in Health IT and Compliance Consulting. Mr. Tuttle has worked all of those 15 years with MAG Mutual Healthcare Solutions and is now Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions (previously named MAG Mutual Healthcare Solutions). Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States .

Click Here to Continue Reading

Hurricane Harvey HIPAA Reminder

Disasters, which can ultimately lead to a data breach, come in various forms – natural, man-made and technical. HIPAA, the HITECH Act, the Federal Trade Commission and the Securities and Exchange Commission are just a handful of entities requiring that the confidentiality, integrity and availability of the sensitive information (e.g., protected health information (PHI) and personally identifiable information (PII)) remain intact. Although federal HIPAA has distinct categories (e.g., covered entity, business associate, and subcontractor), other state or federal government entities use “covered entity” to mean any person that creates, receives, maintains or transmits PHI or PII.

HIPAA sets forth three main categories of safeguards: administrative, physical, and technical safeguards. Often times, these categories overlap. For example, the administrative requirement of a sanction policy compliments the physical requirement of two-factor identification for building access.

Below are a couple of select sections from the Code of Federal Regulations (CFR), which organizations should be particularly vigilant about in relation to disasters.

•45 CFR §164.310 (Physical) – requires that policies and procedures for facility access in order to restore lost data under the disaster recovery and emergency access plan.

•45 CFR §164.308 (Administrative Safeguards) – multiple requirements are set forth under this particular section of the CFR. For example:

•Security management process

•Annual risk analysis

•Information activity review

•Workforce clearance procedure

•Security awareness training

•Contingency plan

 

Read More: http://snip.ly/duepz#http://www.diagnosticimaging.com/blog/hurricane-harvey-hipaa-reminder

Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research.

The Value and Importance of Health Information Privacy

Ethical health research and privacy protections both provide valuable benefits to society. Health research is vital to improving human health and health care. Protecting patients involved in research from harm and preserving their rights is essential to ethical research. The primary justification for protecting personal privacy is to protect the interests of individuals. In contrast, the primary justification for collecting personally identifiable health information for health research is to benefit society. But it is important to stress that privacy also has value at the societal level, because it permits complex activities, including research and public health activities to be carried out in ways that protect individuals’ dignity. At the same time, health research can benefit individuals, for example, when it facilitates access to new therapies, improved diagnostics, and more effective ways to prevent illness and deliver care.

The intent of this chapter1 is to define privacy and to delineate its importance to individuals and society as a whole. The value and importance of health research will be addressed in Chapter 3.

CONCEPTS AND VALUE OF PRIVACY

Definitions

Privacy has deep historical roots (reviewed by Pritts, 2008Westin, 1967), but because of its complexity, privacy has proven difficult to define and has been the subject of extensive, and often heated, debate by philosophers, sociologists, and legal scholars. The term “privacy” is used frequently, yet there is no universally accepted definition of the term, and confusion persists over the meaning, value, and scope of the concept of privacy. At its core, privacy is experienced on a personal level and often means different things to different people (reviewed by Lowrance, 1997Pritts, 2008). In modern society, the term is used to denote different, but overlapping, concepts such as the right to bodily integrity or to be free from intrusive searches or surveillance. The concept of privacy is also context specific, and acquires a different meaning depending on the stated reasons for the information being gathered, the intentions of the parties involved, as well as the politics, convention and cultural expectations (Nissenbaum, 2004NRC, 2007b).

Our report, and the Privacy Rule itself, are concerned with health informational privacy. In the context of personal information, concepts of privacy are closely intertwined with those of confidentiality and security. However, although privacy is often used interchangeably with the terms “confidentiality” and “security,” they have distinct meanings.Privacy addresses the question of who has access to personal information and under what conditions. Privacy is concerned with the collection, storage, and use of personal information, and examines whether data can be collected in the first place, as well as the justifications, if any, under which data collected for one purpose can be used for another (secondary)2 purpose. An important issue in privacy analysis is whether the individual has authorized particular uses of his or her personal information (Westin, 1967).

Confidentiality safeguards information that is gathered in the context of an intimate relationship. It addresses the issue of how to keep information exchanged in that relationship from being disclosed to third parties (Westin, 1976). Confidentiality, for example, prevents physicians from disclosing information shared with them by a patient in the course of a physician–patient relationship. Unauthorized or inadvertent disclosures of data gained as part of an intimate relationship are breaches of confidentiality (Gostin and Hodge, 2002NBAC, 2001).

 

Read More: http://snip.ly/tlhw0#https://www.ncbi.nlm.nih.gov/books/NBK9579/

 

Knowing what to expect in a HIPAA audit is the key to passing it

This lesson will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2017

Knowing what to expect in a HIPAA audit is the key to passing itHealthcare professionals have to mandatorily carry out HIPAA audits in a way that satisfies the regulatory authorities. This needs a thorough understanding of the exact meaning and import of words contained in HIPAA. They also need to get a grasp of the purpose and intent conveyed in HIPAA’s language. This is absolutely essential for both the Covered Entity and the Business Associate to ensure HIPAA survival.

Other challenges

wordpress-2017-SEO

A new challenge has come up. For 2017, the federal government is set to increase the Office of Civil Rights (OCR)’s budget by 10 percent with the intention of increasing the OCR’s resources for carrying out HIPAA audits and to also reinforce the OCR’s efforts towards HIPAA audits.

Also, the OCR now requires Business Associates and Covered Entities to show compliance with around 180 areas as part of Phase 2 of HIPAA with a response window of just 10 days. The OCR has also clearly stated that its audit protocol is no longer going to be satisfied with general and vague references to policy documents from Covered Entities and Business Associates when they are required to furnish documents to corroborate their work. They have to furnish the specific and exact documents that the OCR asks for during a HIPAA audit.

So, to ensure HIPAA survival, Covered Entities and Business Associates need to put a process in place and make sure they control and implement it with the maximum assiduousness and thoroughness. This is to be ensured all the time, every time.

Learning on what it takes for HIPAA survival

Learning on what it takes for HIPAA survival

A proper grasp of the art of HIPAA survival will be the expert guidance a two-day seminar from GlobalCompliancePanel, a highly popular provider of professional trainings for the areas of regulatory compliance, will be offering. Want to benefit from it? Then, please enroll for it by visiting Knowing what to expect in a HIPAA audit is the key to passing it

The Director of this two-day seminar is Brian L Tuttle, a senior Compliance Consultant & IT Manager at InGauge Healthcare Solutions. The aim of this seminar is to arm regulatory compliance professionals with total guidance on how practice managers need to prepare for HIPAA audits. Since many changes have been suggested for 2017 for HIPAA; Brian will throw light on what changes can be expected under the Omnibus Rule and any other applicable updates for 2017.

The Director will bust the various misconceptions and myths about HIPAA, which are a major obstacle to ensuring HIPAA survival. He will explain real life audits conducted by the Federal government to explain HIPAA survival from his experience of having been in over a thousand risk assessments during his career.  He will also illustrate which the highest risk factors for being sued for wrongful disclosures of PHI are, and the manner in which patients are now using state laws to sue for wrongful disclosures.

During the course of this seminar, Brian will cover the following areas:

History of HIPAA

HITECH

HIPAA Omnibus Rule

How to perform a HIPAA Security Risk Assessment

What is involved in a Federal audit and how is it conducted

Risk factors for a federal audit

EHR and HIPAA

Business Continuity/Disaster Recovery Planning

Business Associates and HIPAA

In depth discussions on IT down to the nuts and bolts

BYOD

Risk factors that can cause an audit (low hanging fruit)

New rules which grant states ability to sue citing HIPAA on behalf of a patient

New funding measures