Recently the head of the US DHHS indicated that patient access of information is a key priority for the current administration, in order to improve the health of the nation. Patient rights under HIPAA have been expanded to include several new rights of access, and guidance has recently been issued on access of records, and been expanded more than once since its publication. The emphasis on and changes to rules having to do with patient access of records will need to be reflected in every health care-related organization’s policies and procedures. The guidance provides clear and detailed information on how to provide access, what can be charged for in fees, and what the individual’s rights are when it comes to access of information.
When it comes to how the information is to be communicated, HIPAA rules must be considered, and while professional communications containing any Protected Health Information should be encrypted when traveling over the Internet, patients have rights to choose their method of communication, including the right to use insecure methods such as plain e-mail and plain texting. How patient communication is handled, and how patient rights are honored within the abilities of your organization is key to patient satisfaction and avoidance of complaints and investigations that can lead to penalties.
HIPAA now provides for individual rights to receive electronic copies of records held electronically. Patients also now have new rights under HIPAA and the Clinical Laboratory Improvement Amendments (CLIA) to directly access test results from the laboratories creating the data. Many labs that did not deal directly with patients before will now have to create patient-facing operations, and how they communicate sensitive results to patients will need to be considered. These changes must be respected by entities subject to the HIPAA rules through modifications to policies and notices, and training of staff to reflect the new requirements.
In addition, there are new explanations from HHS about how to treat access to mental health information and information pertaining to minors, including giving due consideration to patient requests and safety issues of the patient and others. Perhaps most importantly, the HIPAA Audits of 2016 focused on the proper patient access to information as a significant compliance problem, and it is expected that HHS will be focusing on current .
- Current topics of interest to be discussed include:The place of Information Security and incident management under the HIPAA Security and Breach Notification Rules will be explained.
- Using texting and e-mail for patient engagement and reminders
- Current enforcement and audit activity
- Changes to Substance Use Disorder records confidentiality under 42 CFR Part 2,
- Dealing with the European Union’s General Data Protection Regulation (GDPR)
- Ensuring individuals have adequate access of their information under the rules
- Processes to be used in managing security, mitigating risks, and handling incidents will be explained.
- Proper methods of documentation and training to ensure compliance and help avoid penalties will be explained, including the use of internal audits and drills to develop and hone the ability to:
- improve compliance continuously and
- be prepared for incidents and enforcement investigations.
Who will Benefit
• Compliance director
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information ManagerHealthcare Counsel/lawyer
• Office Manager
• Contracts Manager
Industries who can attend
This 90-minute online course is intended for professionals in the Healthcare Industry.
Faculty Jim Sheldon-Dean
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than 20 years of experience specializing in HIPAA compliance, more than 38 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician.