HIPAA Regulations and the New OCR Guidance Memos: Cracking the Code
Overview:
The Office of Civil Rights (OCR) released the long awaited final regulations that affect four things; the privacy law, the security law, the HITECH rules and Genetic Information Nondiscrimination Act (GINA). These become effective September 23, 2013. These mean big changes to hospitals. This document was 563 pages long and is referred to as the mega rule. Hospitals will need to rewrite some of their policies and procedures. Staff will need to be educated.
Hospitals will need to revise their Notice of Privacy Practice which is provided to patients. Hospitals will need to revise their Business Associate (BA) agreements. Additional resources will be provided on this issue. The penalties have been increased. The kid gloves have come off and now it is more important than ever that every hospital ensure compliance with the new HIPAA regulations.
The Office for Civil Rights has issued a number of guidance notices in addition to the some model notices of privacy practices. This includes a new guidance on the following: marketing and refill reminders, decedents, and immunizations. OCR also issues a HIPAA Law Enforcement Guide and a sample business associate contract.
There are many changes to the HITECH law including the new standard that will replace the "harm standard." Changes have been made for the use and disclosure of medical record information, commonly referred to as protected health information (PHI). Changes have been made to fundraising research authorization and expanded protection for the medical records or PHI of a patient who is deceased
Why should you attend:All hospitals and other healthcare providers and entities must be compliant with the HIPAA regulations. This includes compliance with recent changes in privacy, security, HITECH (breach notification law) and the Genetic Information Nondiscrimination Act (GINA). The government has taken the kid gloves off when it comes to HIPAA. There are new penalties and OCR now has staff that go out and audit to ensure compliance.
Areas Covered in the Session:
- Introduction
- OCR Model NPP (Notice of Privacy Practices)
- OCR Business Associate Sample Contract
- Office for Civil Rights and HIPAA
- Topics discussed in Final Rules
- Topics not addressed in the Final Rules
- History
- How to locate a copy of the final rule
- Revised Notice of Privacy Practices
- New penalties and enforcement
- Patient rights to receive an electronic copy of their medical records
- Exceptions, cost,
- Access to protected health records
- HIPAA compliant authorization form
- PHI of deceased patients
- OCR Guidance
- Revision of hospital policies and procedures
- Staff education
- Changes to the Breach Notification Rule
- Definition of breach
- No longer to do a "harm analysis"
- Four objective factors to determine if PHI is compromised
- Document the risk assessment
- Exceptions
- Marketing, fundraising and the sale of PHI
- Definitions
- Exceptions
- Case managers, care coordination
- What costs are permitted
- OCR Guidance on Refill Reminders and Marketing
- Immunization records
- OCR Guidance
- GINA Genetic Information Nondiscrimination Act
- Relationship to the CMS hospital CoP grievance standard
- CMS Hospital Memo on Privacy and Confidentiality
Who Will Benefit:
- HIPPA Privacy and Security Officers
- Compliance Officer
- Risk Management
- Chief Nursing Officer
- Nurses
- Physicians
- Director of Health Information Management (HIM)
- Medical Records Staff (HIM)
- Chief Financial Officer
- Operational Directors
- Chief Medical Officer
Educational Objectives(S)
Upon completion of this activity, participants will be able to:
- Discuss how to be compliant with the recent changes in privacy, security, HITECH, and GINA and the penalties that can apply.
CME Credit Statement
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of CFMC and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.
CFMC designates this educational activity for a maximum of 2 AMA PRA Category 1 Credits™. Physicians should only claim credit commensurate with the extent of their participation in the activity.
CNE Credit Statement
CFMC is an approved provider of continuing nursing education by the California Board of Registered Nurses, an accredited approver by the American Nurses Credentialing Center's Commission on Accreditation. Provider approved by California Board of Registered Nursing, Provider # 16031 for 2 contact hours.
Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 2 hours.
Disclosure Statement
It is the policy of CFMC and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity. All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations
Obtaining Certificate of Credit
Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.
Speaker Profile
Sue has been a medico-legal consultant for over 30 years. She has done many educational programs for nurses, physicians, and other health care providers on topics such as nursing law, ethics and nursing, malpractice prevention, HIPAA medical record confidentiality, EMTALA anti-dumping law, Joint Commission issues, CMS issues, documentation, medication errors, medical errors, documentation, pain management, federal laws for nursing, sentinel events, MRI Safety, Legal Issues in Surgery, patient safety and other similar topics. She also does a monthly series on the sections of the Conditions for Coverage for Ambulatory Surgery Centers along with other ASC programs such as Safe Injection Practices. She also writes articles on ambulatory surgery and present educational programs on ambulatory surgery issues. She was affiliated with Mount Carmel College of Nursing as an adjunct nursing professor for over fifteen years. She was also a trial attorney for eight years defending nurses, physicians and healthcare facilities.
She has been employed in the nursing profession for more than 30 years. Ms. Calloway has legal experience in medical malpractice defense for physicians, nurses and other health professionals. She is also certified in healthcare risk management by the American Society of Healthcare Risk Managers. Ms. Calloway received her AD in nursing from Central Ohio Technical College, her BA, BSN, MSN (summa cum laude) and JD (with honors) degrees are from Capital University in Columbus. She is a member of many professional organizations. She has a certificate in insurance from the American Insurance Institute.