How to Insure Your Organization Complies With the Sweeping New Changes and More Stringent HIPAA and Privacy Rules Under the New HITECH Act

Healthcare compliance and HIPAA security officers and their senior management are starting to cope with another “under the radar” provision of the federal Stimulus Act that was passed in February.

The new law with sweeping changes impacts all health and managed care organizations that are covered under HIPAA, and puts new teeth into violations with monetary penalties.

This is the first guidance on what is officially known as the Health Information Technology for Economic and Clinical Health (HITECH) provisions of the American Recovery and Reinvestment Act. The HITECH Act amends the privacy and security provisions of the Health Insurance Portability and Accountability Act (HIPAA).

This new guidance provides key information to health care providers, health plans, health care clearinghouses and their business associates about the security of protected health information.

To help you comply with these new provisions and bring your organization into line with the HITECH Act requirements, this special audio webcast has been scheduled for Thursday, July 9, at 1:30 pm EDT.

Make plans now to attend with your compliance, information security and health information technology and operations team to insure everyone is up to speed with these new federal requirements. Your registration fee covers everyone on your team listening in from your conference room.

Gina M. Kastel, of the law firm of Faegre & Benson, Minneapolis, will be the expert presenter.

All healthcare providers need to be aware of the changes brought on by this new law. Among the changes, the HITECH Act requires covered entities and business associates to notify individuals about unauthorized disclosures of "unsecured" protected health information.

Previously, HIPAA applied only to the use and disclosure of individually identifiable health information (known as "protected health information") by health care providers, health plans, and health care clearinghouses (known collectively as "covered entities").

But under the HITECH Act, among the most far reaching provisions of ARRA are those that apply several of HIPAA's security and privacy requirements to business associates. In addition, business associates will be subject to civil and criminal penalties and enforcement proceedings for violations of HIPAA.

The HITECH Act addresses various aspects relating to the use of health information technology (H.I.T.), including providing for federal funding by way of grants and incentive payments in order to promote H.I.T. implementation.

Agenda:

Review of the important, new and far-reaching provisions concerning the privacy and security of health information that will materially and directly affect more entities, businesses and individuals in more diverse ways than ever before.
Review of the key provisions and changes contained in the HITECH Act
HITECH Act Breach Notification Provisions
Business Associate Changes
Stronger Rights for Individuals
Securing PHI
Best Practices
The what and why of the Expanded Civil Monetary Penalties and Enforcement
How to secure protected health information as defined in the new guidance
The methodologies to secure protected health information by making it unusable, unreadable or indecipherable to unauthorized persons: encryption and destruction.
Implications of the HITECH Act and its authorization of each state attorney general (AG) for the first time to begin pursuing civil actions for HIPAA privacy and security violations that have threatened or adversely affected a resident of the AG's respective state
Impact of the Expanded Applicability of The HITECH Act as it now directly obligates business associates to comply with the HIPAA Security Rule's administrative, physical and technical safeguard requirements, including developing and implementing comprehensive written security policies and procedures with respect to the protected health information (PHI) that they handle
New Privacy and Security Requirements including the Security Breach Notification Requirements
Complying with an Individual’s Requested Restrictions
Access Rights to Electronic Format under the HIPAA Privacy Rule changes
Best Practices
Live Question and Answer Session

Getting up to speed on the HITECH Act buried deep within the 1,000-plus pages of the American Recovery and Reinvestment Act of 2009 (ARRA) although a challenge for all covered organizations, must be done quickly.

Take advantage of this opportunity to have your team receive this briefing so that you will be ready when the final rules are adopted. But it’s important to know that the security changes will generally be effective 30 days after appropriate regulations are published. And, the changes to the enforcement provisions are effective for violations that occur after February 17, 2009.

Who Will Benefit From This Audio Webcast?

Representatives of all covered healthcare organizations, health care providers, health plans, health care clearinghouses and their business associates, CEOs, COOs, CIOs, hospital and managed care executives, data security and IT managers, privacy officers, compliance officers, HIPAA compliance officers, internal auditors, legal counsel, implementation consultants, medical directors, healthcare public relations executives, health plans and providers, pharmaceutical companies, healthcare technology companies, PBMs, compliance officers, operations executives, executive directors, team leaders, planners, product managers, knowledge managers, department heads, healthcare management, TPAs, network managers, physician practice management, medical management directors, PHO and IPA leadership.