HIPAA Back to the Beginning

MentorHealth
Duration: 90 Minutes
Instructor: Roger Shindell
Webinar Id: 800481

Recorded

$179.
One Attendee

Overview:

In this session we will demystify HIPAA. Starting with an explanation of how and why HIPAA contains many ambiguities and conflicting information and moving through what the attendee needs to know about HIPAA's regulations, OCR whitepapers and published guidance, and OCR Resolution Agreements.

At the end of this session the attendee will understand how each fills a role in determining what constitutes HIPAA compliance, and how to understand what is really meant by the terminology commonly encountered, and misunderstood, when discussing HIPAA.

We will cover a couple of specific ambiguities and discuss some examples. We will explain and demonstrate how to work through the ambiguities, and draw a conclusion that allows you to take defensible action as you develop your compliance plan. In this section we will show you what reference materials are available, and work through at least one example of an ambiguity, and show you how to reach defensible solution. We will also explain what constituted a defensible solution and why it is important.

We will cover the concepts and terms encountered when discussion the fundamentals of HIPAA; what is HIPAA, actually, and what are you obligations under HIPAA. We will discuss the misconceptions around terms such as the Security and Privacy Regulations, what do Technical, Administrative and Physical Safeguards really mean. We will cover the ramifications of not complying with HIPAA when you have a reported breach, and discuss why a breach under HIPAA is only the beginning of the process, not the end.

After covering the generalities, the presentation will then focus on specific concepts and terms that are common to breaches that have been reported over the last few years. We will work through some of the myths encounter when discussing HIPAA, explain why they exist and demystify them to give the attendee the "truth" behind these myths.

As we work through the language of HIPAA, we will not discuss the terminology and concepts from a high level view, but rather with the goal of providing sufficient detail so the attendee will leave with actionable items. Finally, the objective of this presentation is not to make you an expert on the language of HIPAA, but rather give you the information you need to ask the right questions of your Chief Privacy and/or Security Officer(s), or consultant.

Why should you attend: One recent study of privacy and security professionals from larger providers found that more than 89% respondents found HIPAA/HITECH regulations to be complex, difficult to understand, vague or confusing. Only 11% found them easy to understand. So what chance do you have in understanding your obligations under HIPAA?

As with any area of knowledge, understanding comes only when you understand the language used in the discipline. HIPAA in no different. In many ways it is a bit more important because HIPAA is a series of regulations that are left to interpretation. So a provider or business associate must understand not only the language of the regulations but also their intent. Intent in many cases is buried inside of published guidance and within other publications from the Department of Human and Health Services, and it's Office of Civil Rights. Complicating the situation are parallel regulations promulgated under the HITECH Act, which may provide conflicting guidance.

The best analogy to the complexity of the language of HIPAA is the Internal Revenue Service and the tax code. Though the penalties surrounding HIPAA violations are much more onerous than errors in the taxes you file.

Examples of misunderstanding abound. For example; what are your requirements for staff training under HIPAA, it's not what you think. What are the ramifications of not understanding Willful Neglect? Not knowing what these terms really mean can cost you up to an additional $300,000 in fines and penalties, PER INCIDENT. And that's just at the federal level. Add in state level fines and penalties, tort actions, business disruption costs, and the numbers really add up.

Financial impact of Breached Protected Health Information. 2012 American National Standards Institute (ANSI) / The Santa Fe Group /Internet Security Alliance

Areas Covered in the Session:

  • What are the Security and Privacy Regulations
  • What is meant by Technical, Administrative and Physical Safeguards
  • What is an OCR Resolution Agreement and why should I care
  • What constitutes an adequate risk assessment
  • What is meant by a "Required" and "Addressable" implementation specification
  • What are my training requirements
  • What is a Breach v/s a Reportable Breach
  • What is a Business Associate and what are my responsibilities
  • What actually changed under the final Omnibus Rule
  • What is an OCR audit
  • What is an OCR investigation
  • What is Wilful Neglect and what does it mean to me

Who Will Benefit:
  • CEO
  • COO
  • CFO
  • Human Resources
  • Chief Nursing Officer
  • Chief Clinical Officer
  • Practice Managers

Speaker Profile
Roger Shindell has more than 30 years of multidisipline experience in the areas of health care, elearning, marketing, finance, operations and information technology. He has worked in start-up, rapid growth and turnaround environments. Over his career,He has been both an advisor to and principal in a number of health care, technology and service companies.

Roger has a demonstrated ability to design and implement health care marketing and sales campaigns. He has also designed and implemented financial controls as well as managed inventory. A revered business strategist, Roger has been tapped to restructure and manage capital structures for several corporations.

Roger currently sits on the HIMSS Risk Assessment Work Group which is tasked "to explore, define and discuss risk assessment and develop useful white papers, guides, case studies, tools and other resources that individual healthcare organizations and security practitioners can use to assist them in developing their own implementations, guide their third party vendor selection processes (if desired), and/or inform their policy decisions."

He has also been inducted into the International Who's Who of Information Technology, Who's Who Among American Executives, and the Millennium edition of Who's Who in Executives and Business. Roger is a member of the Technology Executives Club, and a former member of The Colorado Software and Internet Association (CTEK), and The Colorado Internet Keiretsu. Roger attended Washington State University for his BS in Biology and the University of Idaho, where he earned an M.S. in Economics.


You Recently Viewed