HIPAA Changes in 2020 - Court Decisions, Regulations, and Enforcement

Duration: 90 Minutes
Instructor: Jim Sheldon Dean
Webinar Id: 801984


One Attendee
Unlimited Attendees ?

This session will review the scope of what must be done to stay in compliance with the HIPAA regulations as individual access comes into focus both as a right that is vigorously enforced, yet now limited in some ways by a new Federal court order.


HIPAA Compliance has recently seen big changes in how the rules are enforced for individual access requests, long-overdue changes may be coming to regulations on Accounting of Disclosures of Protected Health Information (PHI), we can expect new rules regarding the HIPAA Notice of Privacy Practices and calling patients' cell phones, and a little-used HIPAA right may become a hot topic if the Affordable Care Act is threatened.

And there have been calls for HIPAA expansions to cover new technologies and new uses of PHI. There is no shortage of critical topics for medical offices to respond to, to meet requirements and avoid penalties.

This session will review the scope of what must be done to stay in compliance with the HIPAA regulations as individual access comes into focus both as a right that is vigorously enforced, yet now limited in some ways by a new Federal court order.

Keeping up with these complex changes is essential to compliance with HIPAA access requirements. The session will prepare orgainzations for the impacts of likely rule changes in areas such as Accounting of Disclosures, the Notice of Privacy Practices, cell phone communications, and new technologies. New rules expected for Accounting of Disclosures will be explored and their expected futures and impacts will be discussed, and impacts of changes to 42 CFR Part 2 and controls on information relating to substance use disorders will be explained.

One potential impact is not a HIPAA change, but an increase in the demand for requests to exert rights to keep treatment secret from health plans, which could result from changes to the ACA. This session will help practices prepare for the various changes and avoid the significant penalties (up to $1.7 million and beyond) for non-compliance.

Why should you Attend: The Health Insurance Portability and Accountability Act of 1996 has now been around for nearly a quarter century, and the regulations have evolved since the Privacy Rule first became enforceable in 2003.

There have been numerous enforcement settlements, there are new threats to the privacy and security of patient information, and still more changes in the rules are expected based on the HITECH Act and goals for greater patient access rights and integration of care services.

In addition, a recent Federal Court decision has changed the rules for providing access to patient information under the rules for indiudual access of PHI, and new guidance has been issued about the responsibilities of Business Associares for HIPAA compliance.

This session will look at the current state of HIPAA compliance and identify expected changes in the rules in the coming year, as well as examine the focus and results of various HIPAA enforcement actions to identify areas that deserve your HIPAA Officer's attention in the coming year to ensure HIPAA compliance.

This session will provide the HIPAA Officer a review of the current enforcement actions, audit focus, privacy, security, and breach issues, and expected regulatory changes in HIPAA, and help the compliance specialist prepare for a year of HIPAA work including responding to issues and planning for regular compliance activities.

Areas Covered in the Session:

  • There may be a change to requirement to Obtain an Acknowledgement of the Receipt of a Notice of Privacy Practices
  • There may be a change to rules under TCPA (regarding calling or messaging cell phones)
  • Changes to ACA may impact the use of HIPAA rights to limit disclosures
  • Guidance has recently been provided on the HIPAA compliance liability of Business Associates
  • 42 CFR Part 2 (regarding Substance Use Disorder information) may become better aligned with HIPAA
  • Inadequate coverage under HIPAA for new technologies and new kinds of patient information technologies

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

You Recently Viewed