- This event has passed.
HIPAA and Patient Access of Protected Health Information
August 18, 2020 @ 11:30 am - 1:00 pm MDT$160
Due to COVID-19, the registration is per hospital and not per connection for this webinar. Please only select a qty. of “1” under Registration and indicate the number of connections requested when completing the Attendee information.
Not sure if you will be able to make the live session? Everyone who registers will receive a link to the recording of the webinar that you will have 120 days to view at your convenience at no additional charge.
Over many years, the heads of the U.S. Department of Health & Human Services (HHS) have indicated that patient access of information is a key priority in order to improve the health of the nation. Patient rights under the Health Insurance Portability and Accountability Act (HIPAA) have been expanded to include several rights of access, and detailed guidance has been issued on access of records. And two of the most recent HIPAA enforcement actions were against entities that did not provide patient access to records properly. HHS is now using HIPAA Individual Access Rights to effectively implement new rules on prohibitions to Data Blocking.
At the same time, a recent Federal court decision has changed some of the aspects of the individual access rules pertaining to transmitting records to third parties at the request of the individual. Additionally, HHS has issued guidance when HIPAA Business Associates are involved, regarding the responsibility for the timing, and form and format of replies to requests for access, and the responsibilities for compliance with the fee requirements.
HIPAA now provides for individual rights to receive electronic copies of records held electronically, and patients have rights under HIPAA and the Clinical Laboratory Improvement Amendment (CLIA) to directly access test results from the laboratories creating the data. Electronic record systems must be designed and implemented to securely provide access for patients to their information. These changes must be respected by entities subject to the HIPAA rules through modifications to policies and notices, and training of staff to reflect the new requirements.
This webinar will review how the rules having to do with patient access of records need to be reflected in every health care-related organization’s policies and procedures. Our speaker will provide clear and detailed information on how to provide access, what can be charged for in fees, and what the individual’s rights are when it comes to access of information.
At the conclusion of this session, participants will be able to:
- Understand the guidance and apply the HIPAA rules on providing information under the regulations for individual requests for PHI.
- Know the extent of the limitations on the fees charged to individuals for access of their records.
- Understand how individual requests to direct their information to a third party are treated differently, and differences when paper vs. electronic records are requested.
- Know what parties are responsible for compliance with the timeliness, form, and format requirements for individual requests, and what parties are responsible for the fee requirements for individual requests of PHI.
- See how entities that have not managed individual access properly have been sanctioned by the US Department of Health and Human Services.
- Understand how the new rules on data sharing work with the HIPAA individual access rules.
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than 20 years of experience specializing in HIPAA compliance, more than 38 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eights years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his mater’s degree from the Massachusetts Institute of Technology.
The speaker has no real or perceived conflicts of interest that relate to this presentation.
Tuesday, August 11; 5:00 p.m. MDT
Access instructions and materials will be emailed to the person completing the order prior to the program date. If you do not receive the instructions at least 24 hours in advance, please contact IHA.