subject: Hipaa Security For Human Resource Professionals - Webinar By Trainhr [print this page] Overview : This webinar will begin with an introduction to HIPAA and a review of the basics of privacy and security, including:
Who are covered entities?
Who are business associates?
What is protected health information?
What do the privacy regulations require?
What do the security regulations require?
This webinar will address both privacy and security because security and privacy are inextricably linked. The protection of the privacy of information depends in large part on the existence of security measures to protect that information. Accordingly, a consistent, seamless approach to HIPAA privacy and security compliance is most effective.
The major focus of the webinar will be on the more recent developments under HIPAA resulting from amendments to HIPAA by the Genetic Information Nondiscrimination Act (GINA) and the HITECH Act.
Some of the highlights of HITECH's impact on HIPAA are as follows:
Added new definitions for key privacy and security terms, including breach, electronic health record, and personal health record. HITECH also made a technical amendment to the HIPAA definition of health plan so that the term now includes Medicare Part D coverage.
Made some of the privacy and security standards directly applicable to business associates, and business associates may now be liable for civil and criminal penalties for violations of those standards.
Added new notification requirements that are triggered by a breach of unsecured PHI. Business associates must notify covered entities of any such breach, and covered entities that discover such a breach must notify the affected individuals as soon as is reasonably possible, but in any event no longer than 60 days after the breach is discovered. Covered entities must also give notice of such a breach to HHS and, in certain circumstances, to certain media outlets. Other organizations that are not covered entities under HIPAA, such as vendors of personal health records, are also required to notify affected individuals and the Federal Trade Commission (FTC) of such breaches.
Added new accounting standards for disclosures of PHI by a covered entity from an electronic health record (EHR).
Will also require HHS to issue guidance as to what is the minimum necessary with respect to the use, disclosure or request for PHI. Until such guidance is issued covered entities and business associates must limit their use, disclosure, or request for PHI to a limited data set or to the minimum information necessary to accomplish the intended purpose of the use, disclosure or request.
Significantly increased the civil monetary penalties that can be assessed for violations of the privacy and security standards to as much as $50,000 per violation per standard. Criminal penalties may also apply to employees of a covered entity who obtain or disclose a covered entity's PHI, and not just to the covered entity itself. And state attorneys general are authorized to file civil actions in a federal district court against individuals who violate HIPAA's privacy and security standards.
Protected health information (PHI) is individually identifiable health information held or transmitted by a covered entity or its business associate in any form or media. GINA amended the definition of health information applicable under HIPAAs privacy provisions to explicitly include genetic information.
Why should you attend : Whether you represent a covered entity or a business associate of a covered entity, there are new rules related to HIPAA and a new emphasis on enforcement that combine to mean you should review your policies and procedures before you get hit with a large fine, or even prison. Covered entities include virtually all health care providers (doctors, pharmacists, hospitals, etc.) Health plans are also covered entities. Health plans are not just the giant insurers. Health plans are also every employer-sponsored plan, with no minimum size. Joes Barber Shop with just 2 employees is a health plan and the health plan needs appropriate documentation. Business associates include any individual or company that uses or discloses protected health information on behalf of a covered entity. Examples of business associate functions are almost endless and include claims processing, data analysis, utilization review, quality assurance, billing, benefit management, practice management, repricing, legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, financial services and placing insurance. Under the latest rules, each of these organizations must have HIPAA policies and procedures for both privacy and security, must appoint a privacy officer and a security officer and much more (a limited exception is available, but even that requires proper documentation). While the emphasis, to date, has been on complaint investigation, this is likely to change, given the enactment of tougher enforcement standards under the Health Information Technology for Economic and Clinical Health (HITECH) Act (including the requirement that HHS conduct periodic audits of covered entities and business associates). The HITECH Act strengthens HHSs enforcement authority. HITECHs penalty structure represents a significant increase in the liability of covered entities for civil monetary penalties. Under this new rule, HHS can impose up to a $50,000 penalty per violation. Additionally the HITECH Act increases the maximum penalty for all similar violations of the same HIPAA provision in a calendar year to $1,500,000.
Areas Covered in the Session
Review of Privacy & Security Basics
Who are Covered Entities?
Who are Business Associates?
What is Protected Health Information?
What do the Privacy Regulations Require?
What do the Security Regulations Require?
Recent Developments
GINA
HITECH
Who Will Benefit:
Vice Presidents of Human Resources
Human Resource Managers
Directors of Compensation and Benefits
Benefit Managers
Benefit Specialists
Employee Benefits Consultants
Group Insurance Brokers
Employees of Insurance Companies and Third-Party Administrators
John Garner is the founding Principal of Garner Consulting, an employee benefit consulting firm in Pasadena. Under Garners leadership, this nationally recognized consultancy has built a broad base of services including benefits consulting, claim audits and compliance for insurance companies, employers, health care organizations and providers, and managed care companies. Garner Consulting recently merged its insurance brokerage division with two other brokerage firms to create Valence Benefits, where Garner also serves as a Principal.
Garner has expertise in the area of cost containment and is an acknowledged expert in the field of compliance-particularly the Health Insurance Portability and Accountability Act (HIPAA), the Consolidated Omnibus Budget Reconciliation Act (COBRA), and the Employee Retirement Income Security Act (ERISA).
Prior to founding Garner Consulting in 1987, he was a Principal in the Los Angeles office of Towers Perrin, where he worked for over 10 years. His professional experience also includes managing a group claim office for Lincoln National Life and supervising a claim office for Prudential, where he also served as an underwriter.
He has spoken to many industry organizations, including the International Society of Certified Employee Benefit Specialists, the International Foundation of Employee Benefit Plans and the Employers Health Care Coalition of Los Angeles. Garner is author of the Health Insurance Answer Book and co author of the three-volume Medical/Disability Claims Handbook, and has written numerous published articles. He is active in several professional organizations and has held many distinguished positions on their boards.
Garner earned his BA from Occidental College and holds several designations, including Chartered Life Underwriter, Certified Employee Benefits Specialist, and is a Certified Flexible Compensation Instructor.
