Overview:
The rules having to do with patient access of records need to be reflected in every health care-related organization's policies and procedures.
The guidance provides clear and detailed information on how to provide
access, what can be charged for in fees, and what the individual's
rights are when it comes to access of information. The rallying cry for
easy patient access and transfer of information increases daily and is
no longer escapable.
At the same time, a recent Federal court decision has changed some of
the aspects of the individual access rules pertaining to transmitting
records to third parties at the request of the individual. Additionally,
HHS has issued guidance when HIPAA Business Associates are involved,
regarding the responsibility for the timing, and form and format of
replies to requests for access, and the responsibilities for compliance
with the fee requirements. To top it off, individual access rules may be
modified under the proposed HIPAA rule changes, reducing the time to
provide requested information, and making access easier for individuals.
The COVID-19 Emergency has created new demands on communications, and
has made clear the need to provide services remotely to the extent
possible. Providers need to communicate more, between themselves and
with their patients, and the time to implementation of new services to
meet these needs is almost zero, leaving no room for the usual processes
of approval and adoption that health care is used to. In order to
facilitate the delivery of services and necessary communications during
the emergency, the US Department of Health and Human Services has issued
guidance relaxing some HIPAA requirements pertaining to
teleconferencing tools and reiterating HIPAA allowances for
communication with family and friends of patients.
Social distancing to help prevent the spread of the novel coronavirus is
effective, but patient care has typically required a face-to-face
encounter, which can cause the spread of the virus as infected
individuals travel to and from appointments. It is essential to be able
to provide telemedicine services in order to reach the most individuals
without risking more harm.
HHS has announced the relaxation of enforcement pertaining to the use of
teleconferencing technologies to provide remote medical services,
allowing the use of such services to expand quickly, but limits on
"public-facing" conferencing technologies remain. Providers need to
adopt the necessary technologies without fear of HIPAA violation
enforcement actions during the COVID-19 Emergency and must understand
the limits of what is permitted in order to best serve patients and
their families.
HHS has also issued guidance to remind healthcare providers of the
allowances for communications with family and friends, with disaster
relief organizations, and to prevent a serious and imminent threat to
the health or safety of individuals or the public.
This session will discuss the issues surrounding the use of various
communication technologies under HIPAA controls, and the recent guidance
and declarations from HHS about HIPAA and the response to COVID-19,
including a discussion of Business Associate responsibilities for
compliance under new guidance from HHS.
Why you should Attend:
Over many years, the heads of the US DHHS have indicated that patient
access of information is a key priority in order to improve the health
of the nation.
Patient rights under HIPAA have been expanded to include several rights
of access, and detailed guidance has been issued on access of records.
And more than a dozen of the most recent HIPAA enforcement actions have
been against entities that did not provide patient access to records
properly.
HHS is now using HIPAA Individual Access Rights to effectively implement new rules on prohibitions to Data Blocking.
This session will look at the current state of HIPAA and identify recent
guidance and court decisions affecting HIPAA, as well as expected
changes in the rules in the coming year, and the focus and results of
various HIPAA enforcement actions.
Areas Covered in the Session:
- Learn about the new proposed changes to the HIPAA Privacy Rule and how they may affect your operations
- Understand the guidance and apply the HIPAA rules on providing
information under the regulations for individual requests for PHI, and
learn how the process may be changing under the proposed rules
- Know the extent of the limitations on the fees charged to
individuals for access of their records, and the new changes according
to a Federal Court ruling
- Understand how individual requests to direct their information to a
third party are treated differently, and differences when paper vs
electronic records are requested
- Know what parties are responsible for compliance with the
timeliness, form, and format requirements for individual requests, and
what parties are responsible for the fee requirements for individual
requests of PHI
- See how entities that have not managed individual access properly
have been sanctioned by the US Department of Health and Human Services
- Understand how the new rules on data sharing work with the HIPAA individual access rules
- Learn about communication needs during the Emergency
- Find out about the types of Telemedicine and Teleconferencing technology, and HIPAA requirements
- Learn about the Relaxation of Enforcement of some HIPAA rules to facilitate communication
- Find out about the rules for permitted communications with Family and Friends of patients
- See how HIPAA allows communications that are necessary in First Response circumstances, disclosures to Disaster Recovery agencies, and disclosures to Prevent a Serious and Imminent Threat
Who Will Benefit:
- CEO
- HIPAA Privacy Officers
- HIPAA Security Officers
- Information Security Officers
- Risk Managers
- Compliance Officers
- Privacy Officers
- Health Information Managers
- Information Technology Managers
- Information Systems Managers
- Medical Office Managers
- Chief Financial Officers
- Systems Managers
- Chief Information Officer
- Healthcare Counsel/lawyer
- Operations Directors