Communication in healthcare offices is more complex than ever. The use of texting and plain e-mail is an issue of current interest as staff adopt the technologies they are already used to, for use in the healthcare setting, whether you know it or like it or not. Proper evaluation and management of risks is on the hot list for audits and enforcement, and that includes considering communications appropriately for business purposes that may or may not contain Protected Health Information. Violations are subject to enforcement that can include multi-million dollar fines and years-long corrective action plans.
Meanwhile, patient rights under HIPAA have been expanded to include several new rights of access, and guidance has been issued on access of records, and expanded twice since its publication. The changes to rules having to do with patient access of records will need to be reflected in every health care-related organization’s policies and procedures. The guidance provides clear and detailed information on how to provide access, what can be charged for in fees, and what the individual’s rights are when it comes to access of information. And, of course, patients may wish to have access via new technologies like e-mail and texting.
With the advent of portable devices and increased uses of e-mail and texting, and with increases in audits and enforcement actions following breaches, now is the time to ensure your organization is in compliance with the regulations and meeting the e-mail and texting communication needs and desires of its providers, staff, and patients. You need the proper privacy protections for health information, including documented policies and procedures on which your staff has been trained, as well as documentation of any actions taken pursuant to those policies and procedures.
Perhaps most importantly, the HIPAA Audits of 2016-2017 focused on the proper patient access to information as a significant compliance problem, and the upcoming HIPAA Audit program by HHS is expected to include reviews of patient access polices and practices. It is expected that HHS will be focusing on current access issues, having to do with the costs to individuals for access of records and the proper handling of denials of access.
All HIPAA-covered providers need to review their HIPAA compliance, policies, and procedures to see if they are prepared to be in full compliance and meet the requirements of the changes in the rules. Compliance is required and violations for willful neglect of the rules begin at $10,000.
Key Focus Areas:
Covered entities, and particularly those that use electronic health records (EHRs), will need to meet the new access and disclosure rules and guidance. And if you are required to have a HIPAA Notice of Privacy Practices, you need to update that to show all the new rights that patients have.
The 2016 guidance from the HHS Office of Civil Rights will be explained, including the additional updates to the guidance, so that access can be provided according to the rules. Issues on provision and denial of access, as well as fees and other topics, will be discussed.
The regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be changed and how. We will show what policies and evidence you may need to produce if you are audited by the HHS Office of Civil Rights, which has already indicated that compliance with the rules on patient access of records is a significant problem that has been a focus of the 2016 HIPAA Audits and is likely to continue as a compliance focus, since HHS has stated that patient access of information is essential to improving the health of the nation. We will discuss what is necessary to avoid penalties and make sound compliance decisions.
In addition to HIPAA, there are impacts of the Telecommunications Protection Act (TCPA) that limit the use of cell phones for payment and healthcare purposes, and there have been recent actions by The Joint Commission to approve and then withdraw approval of using secure texting for physician orders.
The session will discuss the requirements, the risks, and the issues of the increasing use of e-mail and texting for healthcare communications and provide a road map for how to use them safely and effectively, to increase the quality of health care and patient satisfaction. The various solutions available for managing these complex issues will be discussed.
This Webinar will help health information professionals understand what they have to do, and when, and what to keep in mind as they move forward, in order to be in compliance with the new regulations and guidance. It will provide a comprehensive look at the changes in the rules and guidance on access and prepare attendees for the process of incorporating the changes and guidance into how they do business in their facilities.
At the conclusion of the session, participants will be able to:
- Find out the ways providers want to use e-mail and texting to enable better patient care.
- Learn what are the risks of using e-mail and texting, what can go wrong, and what can result when it does.
- Find out about HIPAA requirements for access and patient preferences, as well as the requirements to protect PHI.
- Learn about the extensive new guidance from the HHS Office of Civil Rights on access of PHI.
- Find out what the regulations call for and what processes you must have in place for the proper approval and denial of access as appropriate.
- Learn how e-mail and texting should be handled, what can go wrong, and what can result when it does.
- Learn about the training and education that must take place to ensure your staff handles access requests properly.
- Learn about how the HIPAA audit and enforcement activities are now being increased and what you need to do to survive a HIPAA audit.
- Understand the rules surrounding access controls and their management under HIPAA.
- Know what are ways that access management controls can be improved to ensure access for terminated staff is properly terminated.
- Learn how staff, managers, HR, and IT can work together to improve access controls and the privacy of patient information.
- Know how to establish an improved access control process that can help prevent privacy and security issues.
- Compliance Director
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
About Our Speaker:
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than 18 years of experience specializing in HIPAA compliance, more than 36 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Our Speaker’s Previous Webinar Snippet: