HIPAA Regulations and the New OCR Guidance Memos: Cracking the Code
Overview:
The Office of Civil Rights (OCR) released the long awaited final regulations that affect four things; the privacy law, the security law, the HITECH rules and Genetic Information Nondiscrimination Act (GINA). These become effective September 23, 2013. These mean big changes to hospitals. This document was 563 pages long and is referred to as the mega rule. Hospitals will need to rewrite some of their policies and procedures. Staff will need to be educated.
Hospitals will need to revise their Notice of Privacy Practice which is provided to patients. Hospitals will need to revise their Business Associate (BA) agreements. Additional resources will be provided on this issue. The penalties have been increased. The kid gloves have come off and now it is more important than ever that every hospital ensure compliance with the new HIPAA regulations.
The Office for Civil Rights has issued a number of guidance notices in addition to the some model notices of privacy practices. This includes a new guidance on the following: marketing and refill reminders, decedents, and immunizations. OCR also issues a HIPAA Law Enforcement Guide and a sample business associate contract.
There are many changes to the HITECH law including the new standard that will replace the "harm standard." Changes have been made for the use and disclosure of medical record information, commonly referred to as protected health information (PHI). Changes have been made to fundraising research authorization and expanded protection for the medical records or PHI of a patient who is deceased
Why should you attend:All hospitals and other healthcare providers and entities must be compliant with the HIPAA regulations. This includes compliance with recent changes in privacy, security, HITECH (breach notification law) and the Genetic Information Nondiscrimination Act (GINA). The government has taken the kid gloves off when it comes to HIPAA. There are new penalties and OCR now has staff that go out and audit to ensure compliance.
Areas Covered in the Session:
- Introduction
- OCR Model NPP (Notice of Privacy Practices)
- OCR Business Associate Sample Contract
- Office for Civil Rights and HIPAA
- Topics discussed in Final Rules
- Topics not addressed in the Final Rules
- History
- How to locate a copy of the final rule
- Revised Notice of Privacy Practices
- New penalties and enforcement
- Patient rights to receive an electronic copy of their medical records
- Exceptions, cost,
- Access to protected health records
- HIPAA compliant authorization form
- PHI of deceased patients
- Revision of hospital policies and procedures
- Staff education
- Changes to the Breach Notification Rule
- Definition of breach
- No longer to do a "harm analysis"
- Four objective factors to determine if PHI is compromised
- Document the risk assessment
- Exceptions
- Marketing, fundraising and the sale of PHI
- Definitions
- Exceptions
- Case managers, care coordination
- What costs are permitted
- OCR Guidance on Refill Reminders and Marketing
- Immunization records
- GINA Genetic Information Nondiscrimination Act
- Relationship to the CMS hospital CoP grievance standard
- CMS Hospital Memo on Privacy and Confidentiality
Who Will Benefit:
- HIPPA Privacy and Security Officers
- Compliance Officer
- Risk Management
- Chief Nursing Officer
- Nurses
- Physicians
- Director of Health Information Management (HIM)
- Medical Records Staff (HIM)
- Chief Financial Officer
- Operational Directors
- Chief Medical Officer