HIPAA Compliance Though Policies

Duration: 90 Minutes
Instructor: Jonathan P. Tomes
Webinar Id: 800237


One Attendee


The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations (the "Privacy Rule" and the "Security Rule") protect the privacy of an individual's health information and govern the way that covered entities and now business associates collect, maintain, use, and disclose protected health information ("PHI"). Creation and implementation of policies and procedures are a requirement for HIPAA compliance.

For HIPAA, if it is not in writing, it is not. This maxim holds true for all covered entities and business associates when creating and implementing HIPAA compliance policies and procedures. To ensure compliance with HIPAA regulations, an organization must have written documentation as set forth by HIPAA's administrative requirements. Now that DHHS is considering breaches involving lack of a policy (even if HIPAA does not say that you must have a policy concerning that activity) as willful neglect, which carries the stiffest civil money penalties, you must consider what policies you need.

In this webinar, we will discuss what the required policies are, policies that you must have if they are reasonable and appropriate, and other policies that are not mentioned in HIPAA but that DHHS may nonetheless consider as being necessary. Learn what a policy should contain and how to draft a policy.

Areas Covered in the Session:

  • The HIPAA requirement to have policies and procedures
  • Required policies
  • Addressable policies
  • Other policies that may be necessary
  • Contents of HIPAA policies
  • How to write a policy
  • Training on policies
  • Retention of policies

Who Will Benefit:
  • HIPAA Compliance Officers
  • HIPAA Security Officers
  • HIPAA Privacy Officers, CFOs
  • CIOs
  • Medical Records Personnel
  • Health Information Management Professionals
  • Health Care Attorneys
  • Billing Services

Educational Objectives(S)
Upon completion of this activity, participants will be able to:
  • Discuss the required HIPAA policies, if they are reasonable and appropriate and how to draft a policy

CME Credit Statement
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of CFMC and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.

CFMC designates this educational activity for a maximum of 1.5 AMA PRA Category 1 Credits™. Physicians should only claim credit commensurate with the extent of their participation in the activity.

Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 1.5 hours.

Disclosure Statement
It is the policy of CFMC and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity. All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations

Obtaining Certificate of Credit

Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.

Speaker Profile
Jonathan P. Tomes , J.D., is a health care attorney and partner in the law firm of TOMES & DVORAK, CHARTERED. He has written more than 50 books, including The Compliance Guide to HIPAA and the DHHS Regulations, and dozens of articles in the area of HIPAA compliance.

He has been an expert witness in litigation involving health information compliance issues and is the President of EMR Legal, Inc., a national HIPAA consulting firm. His knowledge of the law and of the practical aspects of setting up a security system provides a rare opportunity for compliance officers and medical records veterans and novices alike. Mr. Tomes has presented seminars nationally for 20 years.

You Recently Viewed