Overview: In this session we will demystify the language of HIPAA. As we work through the language of HIPAA, we will not discuss the terminology and concepts from a high level view, but rather with the goal of providing sufficient detail so the attendee will leave with actionable items. The objective of this presentation is not to make you an expert on the language of HIPAA, but rather give you the information you need to ask the right questions of your Chief Privacy and/or Security Officer(s), or consultant.
At the end of this session the attendee will understand how conflicting information come together to determin what constitutes HIPAA compliance, and how to understand what is really meant by the terminology commonly encountered, and misunderstood, when discussing HIPAA.
We will cover the concepts and terms encountered when discussing the fundamentals of HIPAA; what HIPAA is, actually, and what your obligations are under HIPAA. We will discuss the misconceptions around terms such as the Security and Privacy Regulations, and discuss what Technical, Administrative and Physical Safeguards really mean. We will relate the ramifications of not complying with HIPAA when you have a reported breach, and discuss why a breach under HIPAA is only the beginning of the process, not the end.
We will teach you about HIPAA regulations, also explaining how and why HIPAA contains many ambiguities and conflicting information. We will discuss specific ambiguities in the regulations giving participants examples of these situations. We will explain and demonstrate how to work through the ambiguities, and draw a conclusion that allows you to take defensible action as you develop your compliance plan. Together we will work through at least one example of an ambiguity in the regulations to increase understanding. You will learn through this information, examples, and instruction how to reach defensible solutions, and why this is important. We will inform you what reference materials are available, including OCR whitepapers and published guidance, and OCR Resolution Agreements.
Lastly, the presentation will focus on specific concepts and terms that are common to breaches that have been reported over the last few years. We will work through some of the myths encountered when discussing HIPAA, explain why they exist, and demystify them to give the attendee the "truth" behind these myths.
Why should you attend: Compliance with HIPAA can be challenging as there are 54 different Administrative, Physical, and Technical Safeguards Standards and Specifications! One recent study of privacy and security professionals from larger providers found that more than 89% respondents found HIPAA/HITECH regulations to be complex, difficult to understand, vague or confusing. Only 11% found them easy to understand. So what chance do you have in understanding your obligations under HIPAA?
As with any area of knowledge, understanding comes only when you understand the language used in the discipline; HIPAA in no different. The best analogy to the complexity of the language of HIPAA is the Internal Revenue Service and the tax code. For most individuals and businesses, it is difficult to comprehend and apply tax code without significant expertise. Yet the penalties surrounding HIPAA violations are much more onerous than errors in the taxes you file.
While some HIPAA regulations are very precise and spelled out, many are left to interpretation. So a providers and business associate must understand not only the language of the regulations but also their intent. Intent in many cases is buried inside of published guidance and within other publications from the Department of Human and Health Services, and its Office of Civil Rights. Complicating the situation are parallel regulations promulgated under the HITECH Act, which may provide conflicting guidance. HITECH brought addition breach requirements, stricture disclosure requirements, and expanded notification requirements in some areas. Business Associate requirements were also increased.
Examples of misunderstanding abound. For example; what are your requirements for staff training under HIPAA? What are the ramifications of not understanding Willful Neglect? Not knowing what these terms really mean can cost you up to an additional $300,000 in fines and penalties, PER INCIDENT. And that's just at the federal level. Add in state level fines and penalties, tort actions, business disruption costs, and the numbers really add up. Average penalties and fines are in the $2,500,000 range. Can your organization afford not understanding the language of HIPAA?
Areas Covered in the Session:
What are the Security and Privacy Regulations
What is meant by Technical, Administrative and Physical Safeguards
What is an OCR Resolution Agreement and why should I care
What constitutes an adequate risk assessment
What is meant by a "Required" and "Addressable" implementation specification
Where do HIPAA and HITECH intersect
What is a Breach vs a Reportable Breach
What is a Business Associate and what are my responsibilities
What actually changed under the final Omnibus Rule
What is an OCR audit
What is an OCR investigation
What is Willful Neglect and what does it mean to me
Who Will Benefit:
CEO
COO
CFO
Human Resources
Chief Nursing Officer
Chief Clinical Officer
Practice Managers
Roger Shindell has more than 30 years of multidisipline experience in the areas of health care, elearning, marketing, finance, operations and information technology. Roger has worked in start-up, rapid growth and turnaround environments. Over his career, Roger has been both an advisor to and principal in a number of health care, technology and service companies.
MentorHealth
webinars@mentorhealth.com
Phone No: 800-385-1607
FaX: 302-288-6884
Event Link: http://bit.ly/1dWvvCA
http://www.mentorhealth.com/