HIPAA Privacy Myths - Perceived versus Real Barriers to Health Information Exchange

Duration: 90 Minutes
Instructor: Chris Apgar
Webinar Id: 800066


One Attendee


The HIPAA Privacy, now modified by the Health Information Technology for Economic and Clinical Health (HITECH) Act, spells out how patients and health plan members’ medical and claims information can be used and disclosed with and without authorization. It addresses what covered entities and business associates are required to do to comply with federal privacy requirements and it spells out individuals’ privacy rights. The question remains do covered entities and business associates really know what is mandated and are workforce members actually trained.

Many HIPAA myths abound because of the lack of knowledge about the rule, misunderstandings that have grown into those myths and fear of legal risk. That lack of knowledge and spread of mis-information occurs at the compliance management level and, though lack of policies, procedures and training, uninformed workforce members. When it comes to protecting an individual’s privacy or sharing health information about that individual, lack of knowledge or missing facts can be damaging to the individual and to the covered entity or business associate.

The purpose of this webinar is to assist covered entities and business associates dispel myths that hamper quality patient care, lead to confusion and frustration in the workforce and those such as family involved in an individual’s care, and other adverse events. It's sometimes a good idea to go all the way back to the basics and build on a sound foundation of knowledge to enhance understanding that results in positive events. The audience will be taken back to the beginning for a refresher before moving on to new HITEH Act requirements and some of the more common privacy myths that can hamper the needed exchange of health information and the quality of care.

Participants will walk away with updated privacy templates and related checklists that will assist with training at the compliance planning level and assist in providing up-to-date information to pass along to workforce members.  Some of the more common privacy policies that go beyond the HIPAA Privacy Rule will also be covered as well as state privacy law and how it fits with HIPAA. 

This webinar will also cover changes to the HIPAA Privacy Rule made following the passage of the HITECH Act.  Even though OCR has yet to publish the final privacy and security rule, it does not mean these new requirements are not in effect now. OCR announced it would not enforce provisions of the HITECH Act absent rule. That really amounts to someone else is enforcing those provisions versus the provisions are not in effect. The HITECH Act did grant state attorneys general the power to enforce the Act through federal court and a number of state attorneys general have done just that. To avoid potential legal problems with states, it is important to understand what is required now by statute and update privacy practices if they haven’t been updated already that shows covered entities and business associates are compliant.

The audience will have an opportunity to raise questions about myths that may not be covered during this webinar but are still out there.  The end goal is to identify as many myths as can be addressed in 90 minutes and replacing those myths with facts that can improve privacy practices and reduce headaches.

Areas Covered in the Session:

  • Review of the HIPAA Privacy Rule (Parts 160 and 164)
  • Review of HITECH Act Privacy Requirements
  • Common HIPAA Myths & What are the Facts
    • Use and disclosure of PHI
    • Administrative and organizational requirements
    • Patient privacy rights
  • Privacy Program – What is Required & What to Look For
  • Template Review
    • Compliance checklist
    • Notice of Privacy Practices
    • Consent vs. authorization
    • Business Associate contract
    • Sample privacy policy and procedure
  • Q&A
Who Will Benefit:
  • Physicians, Dentists & Health Care Professionals
  • Practice Management
  • CIOs
  • CFOs
  • HIM directors & Managers
  • Privacy Officers
  • Security Officers
  • Risk Managers
  • Compliance Officers
  • Legal Counsel

Speaker Profile
Chris Apgar , CISSP, CEO and President of Apgar & Associates, LLC and former HIPAA Compliance officer for Providence Health Plans, is a nationally recognized information security, privacy, national identifier, HIPAA & electronic health information exchange expert. He has over 13 years of experience assisting health care organizations comply with HIPAA, HITECH and other privacy and security regulations. Mr. Apgar also has assisted health care, utilities and financial organizations implement privacy and security safeguards to protect against organizational harm and harm to consumers.

Mr. Apgar is a member of the Workgroup for Electronic Data Interchange (WEDI) Board of Directors member and has served on the Board for more than six years. Mr. Apgar continues to Chair the Oregon & SW Washington Healthcare, Privacy and Security Forum for the 12th year. Mr. Apgar recently joined the State of California Office of Privacy Protection project team charged with developing educational material for health care providers, health plans and consumers regarding medical identity theft and prevention. He is also a member of the Oregon Prescription Drug Monitoring Program Advisory Commission.

Apgar & Associate, LLC clients range from small to large health plans, providers, healthcare clearinghouses, vendors, non-profits, government agencies and health care associations. He has been endorsed by the Oregon Medical Association to assist members with privacy, security and regulatory compliance. Mr. Apgar is also a nationally known speaker and author. More information about Mr. Apgar and Apgar & Associates, LLC can be found at http://www.apgarandassoc.com.

You Recently Viewed