Webinar Duration: 60 minutes
RECORDED: Access recorded version only for one participant; unlimited viewing for 6 months (Access information will be emailed 24 hours after the completion of payment)
SPEAKER: Chris Apgar
HIPAA myths date back to the first of several administrative simplification rules. Now HITECH myths also abound. It is true the Office for Civil Rights (OCR) is not enforcing a number of the privacy and security provisions of HITECH but that does not mean it is to be ignored or wait to comply after all HITECH rules have been finalized.
Most of the changes to the HIPAA Privacy, Security and Enforcement Rule are in effect now and have been since February 2010. The rules may not be final but the statute is. Also, while OCR is not enforcing all of the provisions of HITECH, state attorneys general are. Several covered entities and business associates have found themselves called to court because related to the filing of cases in federal court by several different states.
The breach notification interim final rule was enforceable September 2009 and the enforcement interim final rule was enforceable February 2010. These are rules OCR is now enforcing. This means the breach of unsecure PHI, electronic and non-electronic, may need to be reported to individuals and OCR. If the breach involves 500 or more individuals, you can expect a call from OCR not too long after you report the breach to OCR and your organization’s name will be added to the list of covered entities who have reported breaches of 500 individuals or more on the OCR public web site.
OCR has been active enforcing compliance with the HIPAA Privacy, Security and Breach Notification Rules. This has led to the levying of large civil penalties or agreed to monetary settlements, the requirement for external monitoring of compliance or both. Also, enforcement may follow complaint investigation and the new OCR HIPAA audit program has not replaced other mechanisms of enforcement.
The purpose of this webinar is to provide an overview of the HITECH privacy, security, and enforcement requirements. The webinar will cover how HITECH and HIPAA match up and provide resources related to what requirements mean and how they apply to covered entities and business associates.
Participants will walk away with the compliance tools and guidance needed to comply with existing statutory requirements and the already in effect interim final rules. This includes a compliance check list and a list of templates that need to be updated from the business associate contract to the notice of privacy practices.
Enforcement provisions and how that impacts covered entities and business associates will be reviewed. This includes enforcement related to breach notification, enforcement related to complaints filed with OCR, and the OCR HIPAA audit program which launched November 2011. Now that enforcement activity has picked up and may involve small to very large entities, it is important to understand steps to take to avoid civil penalties, monetary settlements and formal corrective action plans. OCR or state attorneys general may knock on your door and it’s wise to be prepared.
In summary, this webinar assists you in sorting through the HITECH myths and understand what you are required to comply with today and not when the rules are final. It will also arm you with the tools you need to identify areas where action is needed to reasonably ensure compliance with both HIPAA and HITECH. Being prepared helps save time and money, especially if the regulators show up on your front steps.
Areas Covered in the Session:
– HIPAA/HITECH Requirements Overview
– OCR Audit Program
– OCR Enforcement Activity
– Impact of OCR Investigations
– State Attorneys General Enforcement Rights
– Business Associates – What’s changed and what covered entities and business associates need to pay attention
– Privacy & Security Incident Response & Breach Notification
– Policies, Procedures & Other Required Documentation
– Patient Rights – Changes to the Notice of Privacy Practices
– Challenges & Risks
– How to Build a Sound Privacy & Security Program – HITECH Compliance
Who Will Benefit:
– Physicians, Dentists & Health Care Professionals
– Practice Management
– HIM Directors & Managers
– Privacy Officers
– Security Officers
– Risk Managers
– Compliance Officers
– Legal Counsel
Chris Apgar , CISSP, CEO and President of Apgar & Associates, LLC and former HIPAA Compliance officer for Providence Health Plans, is a nationally recognized information security, privacy, national identifier, HIPAA & electronic health information exchange expert. He has over 13 years of experience assisting health care organizations comply with HIPAA, HITECH and other privacy and security regulations. Mr. Apgar also has assisted health care, utilities and financial organizations implement privacy and security safeguards to protect against organizational harm and harm to consumers.
Mr. Apgar is a member of the Workgroup for Electronic Data Interchange (WEDI) Board of Directors member and has served on the Board for more than six years. Mr. Apgar continues to Chair the Oregon & SW Washington Healthcare, Privacy and Security Forum for the 12th year. Mr. Apgar recently joined the State of California Office of Privacy Protection project team charged with developing educational material for health care providers, health plans and consumers regarding medical identity theft and prevention. He is also a member of the Oregon Prescription Drug Monitoring Program Advisory Commission.
Apgar & Associate, LLC clients range from small to large health plans, providers, healthcare clearinghouses, vendors, non-profits, government agencies and health care associations. He has been endorsed by the Oregon Medical Association to assist members with privacy, security and regulatory compliance. Mr. Apgar is also a nationally known speaker and author. More information about Mr. Apgar and Apgar & Associates, LLC can be found at http://www.apgarandassoc.com.