2013-12-16 08:18:14 - The final amendments to HIPAA resulting from the HITECH Act are now in effect and fully enforceable. The amendments require changes in several areas of operation, including health information management, marketing, fundraising, breach notification, and security, and many of the changes will require significant effort to implement.
The new regulations will be reviewed and their effects on HIPAA policies will be discussed. We will describe the new rights that must be added into your policies and NPP, and identify the places where current rights need to be modified. We will discuss typical policy content and describe the places where changes might best be made, and discuss the information that needs to be added or removed to meet requirements most efficiently and economically. Sample policies will be examined.
Every HIPAA Covered Entity is required to have a Notice of Privacy Practices that accurately reflects patient rights and practices at the entity. Because there are new finalized changes to the HIPAA rules, the NPP for every organization having one must
be updated. There are new requirements about fundraising activity, new controls on the sale of PHI, new rights of access and restrictions, and the right to be notified if there is a privacy breach. The new areas to be included will be discussed and explained, and areas that no longer need notice will also be discussed. We will examine a typical NPP and describe the places where changes might best be made, and discuss the information that needs to be added or removed to meet requirements most efficiently and economically.
The work that must be done for updating HIPAA compliance for medical offices will outlined, with a to-do list of activities that must be undertaken to ensure compliance, and identification of additional resources and templates.
Why should you attend :
"The new Omnibus Update to the HIPAA regulations now in effect contains numerous changes based, for the most part, on The HITECH Act passed in 2009. Some of the most significant changes for medical offices have to do with changes to individual rights under HIPAA that require changes in policies and procedures and must be listed in an entity’s HIPAA Notice of Privacy Practices. All HIPAA-covered healthcare providers must update the way they deal with certain patient requests, or face stiff penalties. All HIPAA Covered Entities that currently provide a Notice of Privacy Practices must update their NPPs to reflect the changes in individual rights. Violations are subject to enforcement that can include fines up to $50,000. Changes to policies and notices will be necessary in areas of patient access to records, restrictions of disclosures, marketing, fundraising, breach notification, and more.
Included are new requirements for the NPP to include notice of fundraising activity and an opportunity to opt out, new requirements for individuals to provide authorization for the sale of PHI, new rights of access to electronic records, new rights to restrict certain disclosures, and rights of notice in the event of a breach. Health Plans also have changes related to the Genetic Information Nondiscrimination Act (GINA) that must be reflected in their NPPs.
Reimbursed marketing activity that may have been permissible without authorization from the individual under the old rules used to require notice in the NPP. Now all such marketing activity paid for, above costs, by a third party wishing to promote a product or service will require authorization.
The changes are numerous and many are subtle and require an in depth examination of your Notice of Privacy Practices."
Areas Covered in the Session:
• All HIPAA privacy policies and Notices of Privacy Practices must be updated to meet the new rules that became enforceable in September, 2013. The schedule of implementation and scope of the changes will be described.
• Breach notification policies must be updated to meet the new requirements, and privacy notices will need to include mention of the right to be notified in the event of a breach of the privacy or security of their Protected Health Information.
• Individuals have a new right to request electronic copies of information held electronically that must be reflected in policy and the NPP.
• Individuals have new rights to restrict disclosure of encounter information to an insurer if it is paid fully out of pocket by the individual. Policies and the NPP must identify this right.
• Fundraising policies may need to be updated, and fundraising activity must be described in the NPP, with an opportunity to opt-out.
• Healthcare Operations involving potential marketing activity must be re-evaluated in light of the new rules and policies and notices must be updated.
• How you should update your policies and your NPP – how do you document them, to whom does the new NPP go, and how?
Who will benefit: (Titles)
Compliance director, CEO, CFO, Privacy Officer, Security Officer, Information Systems Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Healthcare Counsel/lawyer, Office Manager, Contracts Manager.