Revising the HIPAA Notice of Privacy Practices - Changes Required by September 23, 2013

Duration: 90 Minutes
Instructor: Jim Sheldon Dean
Webinar Id: 800159


One Attendee


The final amendments to HIPAA resulting from the HITECH Act are now in effect and compliance is required by September 23, 2013. The amendments require changes in several areas of operation, including health information management, marketing, fundraising, and security, and many of the changes will require significant effort to implement.

Every HIPAA Covered Entity is required to have a Notice of Privacy Practices that accurately reflects patient rights and practices at the entity. Because there are new finalized changes to the HIPAA rules, the NPP for every organization having one must be updated. There are new requirements about fundraising activity, new controls on the sale of PHI, new rights of access and restrictions, and the right to be notified if there is a privacy breach. The new areas to be included will be discussed and explained, and areas that no longer need notice will also be discussed.

The new regulations will be reviewed and their effects on HIPAA Notices of Privacy Practices will be discussed. We will describe the new rights that must be added into your NPP and identify the places where current rights have been modified. In addition, we'll identify typical items that may be removed from your NPP, because it is always advisable to keep NPPs as short and readable as possible while covering all the requirements. We will examine a typical NPP and describe the places where changes might best be made, and discuss the information that needs to be added or removed to meet requirements most efficiently and economically.

Why should you attend: New updates to the HIPAA regulations now in effect contain numerous changes based, for the most part, on The HITECH Act passed in 2009. Some of the most significant changes have to do with changes to individual rights under HIPAA that must be listed in an entity's HIPAA Notice of Privacy Practices. All HIPAA Covered Entities that currently provide a Notice of Privacy Practices must update their NPPs to reflect the changes in individual rights no later than September 23, 2013. Violations are subject to enforcement that can include fines up to $50,000. Changes will be necessary in areas of patient access to records, restrictions of disclosures, marketing, fundraising, breach notification, and more.

Areas Covered in the Session:

  • All HIPAA Notices of Privacy Practices must be updated to meet the new rules by September 23, 2013. The schedule of implementation and scope of the changes will be described.
  • Notices will need to include mention of the right to be notified in the event of a breach of the privacy or security of their Protected Health Information.
  • Individuals have a new right to request electronic copies of information held electronically that must be reflected in the NPP.
  • Individuals have new rights to restrict disclosure of encounter information to an insurer if it is paid fully out of pocket by the individual. The NPP must identify this right.
  • Fundraising activity must be described in the NPP, with an opportunity to opt-out.
  • You do NOT have to include information about reimbursed marketing activity in NPPs anymore, but you do always need to get an authorization.
  • Health Plans must include in their NPPs new changes pertaining to GINA, restricting the use of genetic information in enrolment.
  • How you should update your NPP - how do you document it, to whom does it go, and how?

Who Will Benefit:
  • Compliance director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager

Educational Objectives(S)
Upon completion of this activity, participants will be able to:
  • Discuss the final amendments to HIPAA and how to ensure compliance.

CME Credit Statement
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of Colorado Foundation for Medical Care (CFMC) and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.

Colorado Foundation for Medical Care designates this educational activity for a maximum of 1.5 AMA PRA Category 1 Credits™. Physicians should only claim credit commensurate with the extent of their participation in the activity.

Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 1.5 hours.

Disclosure Statement
It is the policy of Colorado Foundation for Medical Care (CFMC) and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity. All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations.

Obtaining Certificate of Credit

Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

You Recently Viewed