Conference Description:

While the HIPAA rules have been in place for years now, the focus of their application has recently changed as technologies and practices have changed, and changes to the rules are also on the horizon. In addition, there are changes in other regulations that interact with HIPAA requirements, and that require consideration in your planning. This session will focus on understanding what are the challenges that a HIPAA Privacy Officer faces today, and what are the areas of HIPAA that are changing. The session will discuss the latest topics of interest in detail and describe how they relate to the regulations and their enforcement today.

This session is designed to provide an intensive, one and a half-day training in HIPAA Privacy Rule compliance designed for both the seasoned HIPAA professional as well as the individual newly appointed to the position of HIPAA Privacy Officer, covering:

The foundations of HIPAA and how they relate to the issues of today
Privacy, Security, and Breach Notification under HIPAA
Changes in Rules, Technologies, and Practices that Impact HIPAA Compliance
Patient Rights and Controls on Uses and Disclosures
New Guidance, and Other Regulations Related to Personal Information
Challenges with issues today that didn’t even exist a few years ago, such as insecure communications, Ransomware, and the E.U.’s GDPR
Interactions with the SAMHSA 42 CFR Part 2 regulations on information relating to substance use disorders

Seminar Fee Includes:
Lunch
AM-PM Tea/Coffee
Seminar Material
USB with seminar presentation
Hard copy of presentation
Attendance Certificate
$100 Gift Cert for next seminar
This seminar will also explain audits and enforcement, and how privacy regulations relate to security and breach regulations, as well as responding to privacy and security breaches and ways to prevent them. Numerous references and sample documents will be provided.
Learning Objectives:

This Seminar is designed for the HIPAA expert and HIPAA newbie alike who wishes to stay up with changes to HIPAA and related regulations in personal information privacy and security, as well as understand the regulatory issues most frequently encountered in day-to-day operation of health care entities. Objectives include learning related to a variety of topics, including:

Understanding the variety of forms entities can take under HIPAA and how they relate to one another
Learning about patient rights, such as access and amendment of information, and how such rights are protected and enforced under HIPAA
How uses and disclosures may take place in a wide variety of circumstances, including such hot topics as sharing information with the family and friends of a patient
Current enforcement and audit activity
Changes to Substance Use Disorder records confidentiality under 42 CFR Part 2
The European Union’s General Data Protection Regulation (GDPR)
Ensuring individuals have adequate access of their information under the rules.
The place of Information Security and incident management under the HIPAA Security and Breach Notification Rules
Processes to be used in managing security, mitigating risks, and handling incidents
Proper methods of documentation and training to ensure compliance and help avoid penalties, including the use of internal audits
and drills to improve compliance continuously and be prepared for incidents and enforcement investigations

Who will Benefit

This seminar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:

Compliance director

CEO
COO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Contracts Manager

AGENDA

Day 01(8:30 AM - 4:30 PM)

08.30 AM - 09.00 AM: Registration
09.00 AM: Session Start

Day one sets the stage with an overview of the HIPAA regulations and then continues with presentation of the specifics of the Privacy Rule and recent and expected changes to HIPAA and other rules such as 42 CFR Part 2 regarding Substance Use Disorder information, and the European Union’s General Data Protection Regulation (GDPR), including the impacts of required changes in your practices to meet the rules.
Overview of HIPAA Privacy, Security, and Breach Notification Regulations
Types of Entities
Entity Relationships
Business Associates
Current Issues in HIPAA
HIPAA Privacy Rule and Patient Rights
The Designated Record Set
Access
Amendment
Restrictions
Communications
HIPAA Privacy Rule and Uses and Disclosures of PHI
Using Protected Health Information
Disclosures to family and friends
Disclosures to providers, care coordinators, etc.
Disclosures to attorneys, the Attorney General’s office, etc., minors and guardian issues
Day-to-day disclosures
Training and Documentation Requirements
Current Hot Topics in HIPAA and Privacy
Enforcement and Audits
Coordination with 42 CFR Part 2 and Substance Use Disorder information
GDPR Compliance – Here comes the E.U.!
Access of Information



Day 02(8:30 AM - 12:30 PM)

Day two begins with a detailed examination of HIPAA Security Rule and Breach Notification requirements, including what you need to do to protect information and what you have to do if you don’t, and the day concludes with a session on the essential activities of documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits, all as part of a 10-step plan for reviewing and maintaining HIPAA compliance.
HIPAA Security and Breach Notification Rule Principles
How the Privacy, Security, and Breach Rules Work Together
Security Safeguards and The Role of Risk Analysis
Determining What Is a Breach and What Must Be Reported
Incident Management and Breach Reporting
Documentation, Training, Drills and Self-Audits
The 10-Day HIPAA Compliance Plan
How to Organize and Use Documentation to Your Advantage
Training Methods and Compliance Improvement
Conducting Drills in Incident Response
Using the HIPAA Audit Protocol for Documentation

SPEAKER

Jim Sheldon-Dean,
Principal and Director of Compliance Services, Lewis Creek Systems, LLC

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Mr. Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
He has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Please contact the event manager Marilyn ([email protected] ) below for:
- Multiple participant discounts
- Price quotations or visa invitation letters
- Payment by alternate channels (PayPal, check, Western Union, wire transfers etc)
- Event sponsorships