Patients and plan participants whose data has been breached must be notified, HHS must be notified and in certain instances large media outlets must be notified. The regulations under the HITECH Act require all covered entities to amend their business associate agreements, privacy notices, policies and procedures. The HITECH Act also extended many HIPAA requirements to business associates. The HITECH Act also increased penalties for HIPAA violations. HHS has recently released guidance on protecting ePHI on mobile devices.
Objectives of the Presentation
Why Should you Attend
- To understand which entities are subject to HIPAA
- To understand the basics of the HIPAA privacy rule
- To understand the basics of the HIPAA security rule
- To understand the changes made by the HITECH Act
- To understand the guidance by HHS regarding mobile devices
- To be able to create an action plan for compliance
Whether you represent a covered entity or a business associate of a covered entity, there are new rules related to HIPAA and a new emphasis on enforcement that combine to mean you should review your policies and procedures before you get hit with a large fine, or even prison. Health plans are not just the giant insurers. Health plans are also every employer-sponsored plan, with no minimum size. Business associates include any individual or company that uses or discloses protected health information on behalf of a covered entity. While the emphasis, to date, has been on complaint investigation, this is likely to change, given the enactment of tougher enforcement standards under HITECH Act (including the requirement that HHS conduct periodic audits of covered entities and business associates). The HITECH Act strengthens HHS’s enforcement authority. HITECH’s penalty structure represents a significant increase in the liability of covered entities for civil monetary penalties. Under this new rule, HHS can impose up to a $50,000 penalty per violation. Additionally the HITECH Act increases the maximum penalty for all similar violations of the same HIPAA provision in a calendar year to $1,500,000. There was a recent settlement involving two covered entities for a total of almost $5 million.
Who can Benefit
- What are covered entities?
- What covered entities must do
- Who are business associates?
- Definition of Protected Health Information (PHI)
- Prohibited Uses and Disclosures of PHI
- The Minimum Necessary Rule
- General Security Requirements
- HITECH Act
- HITECH Regulations
- Mobile Devices
- A Model Plan for Compliance
- Vice President of Human Resources
- Director of Compensation and benefits
- Benefit Manager
- Benefit Specialist
- Insurance Agent
- Insurance Broker
- Employee Benefits Consultant
- Group Insurance Representative
- Any provider of health care and any employer that sponsors a health plan and any vendor that uses protected health information on behalf of health plans.
The Health Insurance Portability and Accountability Act (HIPAA) required the Department of Health and Human Services (HHS) to develop standards for protecting the privacy of protected health information (PHI) and the security of electronic Personal Health Records (ePHI).