HIPAA and EHRs: How to Comply with the New Regulations and What to Ask of your Vendor

This 90-minute webinar will review the new and proposed HIPAA Privacy and Security regulations and discuss their effects on the use of Electronic Health Records (EHRs).

Why Should You Attend:

Many of the new changes to HIPAA focus directly on a number of aspects of the use of electronic records, such as the accounting of disclosures and tracking of accesses of records of all kinds, even for treatment, payment, and healthcare operations, and the provision of records in electronic formats when requested. These proposed rules have a tremendous impact on not only EHRs, but also any electronic systems that hold protected health information in the designated record set.

In this 90-minute webinar we will review the new and expected regulations and discuss their effects on the use of EHRs. We will show what policies need to be changed and how, discuss how disclosures must be tracked in an EHR, review the various ways patient records can be supplied electronically, discuss the requirements for meeting the mandatory Privacy and Security Objective in the Meaningful Use regulations (including requirements for a HIPAA Security Risk Analysis), and show what policies and evidence you need to produce if you are audited by the HHS Office of Civil Rights. The new enforcement penalty structure and the new program for random audits by HHS OCR will also be described.

Agenda:

What is an EHR under the regulations?

• New proposed rules for access of electronic records and EHRs
• New proposed rules for accounting of disclosures and EHRs
• Proposed new restrictions on disclosures and their impacts
• Meaningful Use, HIPAA, and EHRs: Risk Analysis Required
• Expanded HIPAA Enforcement and Penalties and the new HIPAA Audit Program
• Q&A session

Areas Covered in the Seminar:

• The new regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.
• Individuals can request an accounting of disclosures of their health information including those made for purposes of treatment, payment, or healthcare operations, from an electronic health record, going back three years.
• Individuals will be able to request an access report of all uses and disclosures of PHI from any records in the Designated Record Set - clearly defining that set is now a priority.
• Individuals have the right to obtain electronic copies of their health information that is stored electronically, from any electronic system in the HIPAA designated record set.
• Individuals can now request certain restrictions on disclosures that you must honor, and that may be difficult to implement.
• Meaningful Use requirements for EHR funding call for a HIPAA Information Security Risk Analysis and implementation of risk mitigation measures.
• New audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.
• The new penalty structure and plans for audits mean that you are more likely to be audited for HIPAA compliance, and you may be facing significantly higher penalties for non-compliance than ever before.

Who Will Benefit:

• Information Security Officers
• Risk Managers
• Compliance Officers
• Privacy Officers
• Health Information Managers
• Information Technology Managers
• Medical Office Managers
• Chief Financial Officers
• Systems Managers
• Legal Counsel
• Operations Directors
• Medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.)