HiPAA and EHRs

Document Sample
HiPAA and EHRs Powered By Docstoc
					Live Webinar on : HiPAA and EHRs – what your system need to do so you can be in
compliance with new rules


                                         More health care providers than ever are adopting
Get 15 % Discount as a early bird        electronic health records and new regulations on using
registrations. Use Promo Key             them and protecting the information on them are here,
: CGO15                                  with more on the way.

Who will benefit

         Compliance director            Why should you attend:
         CEO
         CFO
         Privacy Officer                • Recent and proposed changes to HIPAA that expand
         Security Officer               the regulation’s reach and increase enforcement, along
         Information Systems Manager    with incentives to adopt electronic health records, have
         HIPAA Officer                  created a perfect storm for the privacy and security of
         Chief Information Officer      protected health information (PHI).
         Health Information Manager
         Healthcare Counsel/lawyer      • Many of the new changes to HIPAA focus directly on
         Office Manager                 aspects of the use of electronic records, such as the
         Contracts Manager              accounting of disclosures of all kinds, even for treatment,
                                         payment, and healthcare operations, and the provision of
                                         records in electronic formats when requested. These
Pricing                                  proposed rules have a tremendous impact on not only
                                         EHRs, but any electronic systems that hold protected
Live ( Single registration ) : $189.00   health information in the designated record set.
Group ( Max 10 Attendee): $499.00
                                         • The proposed requiement to provide a list of all
                                         accesses of an individual records is based on an ability to
                                         track accesses that not all systems can provide
     More Trainings                      today. Using electronic records of any kind could mean
                                         big headaches for compliance with HIPAA accounting of
disclosures requirements.
• To qualify for incentive funding, providers must
perform HIPAA Security compliance activities that may
have been sidestepped in the past, but no longer can be
due to new, higher penalties, including mandatory
penalties in the tens of thousands of dollars for willful
neglect of compliance. Risk analysis is now clearly
required, both for HIPAA and for EHR funding, but
many organizations have not yet performed one and find
the task overwhelming.

• Providers will need to change how they do business to
meet the new requirements as they move to newer
electronic records systems, and qualifying for the funding
will require the kind of attention to privacy and security
that health information has always deserved, but not
always received.

Description of the topic

    The new and proposed HIPAA Privacy and Security
regulations will be reviewed and their effects on the use
of EHRs will be discussed. The proposed rules call for an
ability to make an electronic copy of an individual's
protected health information for any information held in
an entity's designated record set. In addition, any
accesses of electronic PHI in a designated record set must
be recorded so that they can be provided in an access list
if requested by the individual. Not only do these
requirements call for technical capabilities that may or
may not be present in a particular system, but they also
imply that an organization would be well-advised to
carefully define its designated record set in order to limit
its exposure under these requirements, giving the
definition of a designated record set new importance.

   We will discuss how disclosures and accesses must be
tracked in an EHR and review the various ways patient
records can be supplied electronically. The proposed
rules allow for a variety of methods to accomplish the
objectives, but all will require new policies, procedures,
and practices. We will show what policies need to be
changed and how.

   Adopting an EHR and securing funding for it through
the Federal program requires that certain objectives be
met according to defined measures, including a required
objective to protect the privacy and security of
information in an EHR. That measure calls for a HIPAA
Security risk analysis. We will discuss the scope and
methods of a risk analysis that can meet the requirements
and make it easier to prioritize your activities to reduce
risks and improve security most cost-effectively.

    Some of the new regulations require an ability to
restrict certain disclosures that may not be easy to
implement in EHRs, and may require modifications and
upgrades before you can be in compliance.

   To be prepared for compliance, you need to be
prepared for an audit by the HHS Office of Civil Rights.
This session will show you what policies and evidence
you need to produce if you are audited, and what you
can do ahead of time to show you have securely
implemented your EHR and continue to monitor and
maintain its security. We will show you how to find out
what has been asked of entities in reviews before and
what you need to prepare in advance so you can be ready
when they call.

    Finally, the new enforcement penalty structure and
the latest plans for audits by HHS OCR will be described,
so you can know what you're up against if you don't
make the effort to ensure compliance. Protecting your
EHR will require new practices and new routines to help
you avoid breaches and the significant penalties of
violations, and we will help you understand the
ramifications of not doing what's necessary to protect
your EHR and its data, so you can make intelligent
decisions about your security priorities.

Areas Covered in the Seminar:
• The new regulations change the way individuals have
access to their records, and how much they can find out
about who has accessed their records.

• Individuals can request an accounting of disclosures of
their health information including those made for
purposes of treatment, payment, or healthcare
operations, from an electronic health record, going back
three years.

• Individuals have the right to obtain electronic copies of
their health information that is stored electronically, from
any electronic system in the HIPAA designated record

• Individuals can now request certain restrictions on
disclosures that you must honor.

• Meaningful Use requirements for EHR funding call for
a HIPAA Information Security Risk Analysis and
implementation of risk mitigation measures.

• New audit and penalty requirements increase the need
to make sure you are in compliance before HHS OCR
knocks on the door.

• The new penalty structure and plans for audits mean
that you are more likely to be audited for HIPAA
compliance, and you may be facing significantly higher
penalties for non-compliance than ever before.

About Speaker:

Jim Sheldon-Dean is the founder and director of compliance
services at Lewis Creek Systems, LLC, a Vermont-based
consulting firm founded in 1982, providing information privacy
and security regulatory compliance services to a variety of
health care providers, businesses, universities, small and large
hospitals, urban and rural mental health and social service
agencies, health insurance plans, and health care business
associates. He serves on the HIMSS Information Systems
Security Workgroup, and has co-chaired the Workgroup for
Electronic Data Interchange Privacy and Security
Workgroup. He is a frequent speaker regarding HIPAA and
information privacy and security compliance issues at seminars
and conferences, including speaking engagements at AHIMA
national and regional conventions and WEDI national
conferences, and before the New York Metropolitan Chapter of
the Healthcare Financial Management Association, Health
Information Management Associations of Virginia, New York
City, New York State, and Vermont, the Connecticut Hospital
Association, and the Hospital and Health System Association
of Pennsylvania. Sheldon-Dean has nearly 30 years of
experience in policy analysis and implementation, business
process analysis, information systems and software
development. His experience includes leading the development
of health care related Web sites; award-winning, best-selling
commercial utility software; and mission-critical, fault-tolerant
communications satellite control systems. In addition, he has
eight years of experience doing hands-on medical work as a
Vermont certified volunteer emergency medical
technician. Sheldon-Dean received his B.S. degree, summa
cum laude, from the University of Vermont and his master’s
degree from the Massachusetts Institute of Technology.

                       Compliance2go |
                       Phone : 877.782.4696 | Fax : 281-971-0286
                         Email :

Shared By:
Description: Awareness and ideas can really change the way we work but nevertheless it is also very crucial that these are allowed to bloom and be nurtured keeping in mind the various rules and regulations and other such compliance issues....Compliance2go Thus Compliance2go staff makes a committed effort to bring the best and the ever changing and important laws available to those who need to be educated on this regard. We commit to bring you quality webinars from industry experts in a timely fashion. Ensuring your business strategy is on the right track to face the future bounties. The best part of this kind of learning involves that you don't have to spend money for going to any location Compliance2go as the name suggests that without having proper adherence to the ever changing compliance rules and regulations, of the government any company needs to halt. The undying need for operational transparency ensures that the professionals are well in advance educated and do execute and make their company compliant. This could only be possible with assistance from experts, regulators, compliance professionals, and other such stalwarts of the industry. Nevertheless assistance can be expensive and time consuming. This is done by hosting cost effective and informative webinars, web alerts and also holding discussion forums where you can discuss on the nature, existence and relevance of various laws. This will also help you to do networking with various professionals and give a new dimension to your business. We desire and thrive to impart effective trainings to give you the best to fulfil your objective requirement for various compliance issues. Every compliance training is structured, presented and deployed so that you can understand what it means to you and your company.