Session 1. Roles and Responsibilities of the HIPAA Privacy Officer
While the basic provisions of privacy for protected health information are well known, their application in today’s health care world is complex – so much so the HIPAA laws require a Privacy Officer for your health care organization as a covered entity.
HIPAA’s many security rules regarding protected health information first involve the person designated as a Privacy Officer. These federal requirements extend not only to covered entities but to business associates of covered entities.
What is the difference between a HIPAA Compliance Officer, a Privacy Officer, and a Security Officer? Can the health care entity combine functions and job duties? Are these three separate jobs, or are they three jobs in one?
The current trend requires the covered entity to stay on top of continuing changes to HIPAA and a growing responsibility, expanded job duties, and a greater time and resource demands focused on patient confidentiality and digital security by the Privacy Officer.
This webinar covers the job responsibilities of the Privacy Officer, the intended qualifications, and tips and techniques for carrying out these increasing privacy functions.
Erase the fear, uncertainty, and doubt about exactly how a health care entity may designate, identify, and use the Privacy Officer to ensure compliance with on-going HIPAA privacy requirements in a complex, ever-changing health care world. Find out how the HIPAA Privacy Officer can succeed.
Webinar Agenda
This informative webinar begins with the most basic of questions: Does HIPAA mandate a Compliance Officer, Privacy Officer, and Security Officer? Find out the answer and examine how the privacy rules of HIPAA require covered entities and health care providers, including business associates, to identify and to designate a person whose title is Privacy Officer to lead the organization with regard to patient confidentiality.This is mandated by federal administrative regulation.
Specifically, this webinar includes a detailed look at examples of the duties and qualifications of the Privacy Officer.
Further, this webinar reviews a comprehensive list of job duties applicable to the Privacy Officer.
Uncertainty exists when faced with strict laws covering required HIPAA compliance. Erase the fear, uncertainty, and doubt by reviewing how the health care organization must comply with HIPAA as to privacy via its Privacy Officer.
This webinar is thus an advanced overview of some of the most important aspects of the organization’s Privacy Officer.
Webinar Highlights
Problems and solutions:
- Identifying the basics of HIPAA compliance as to the designated Compliance Officer, Privacy Officer, and Security Officer
- Analyzing the required identification of the Privacy Officer
- Citing examples of duties and responsibilities of the Privacy Officer
- Reviewing desired qualifications found in the Privacy Officer, and
- Discussing a comprehensive list of job duties for the successful Privacy Officer.
Session 2. E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy myths vs reality
While the basic provisions of privacy for protected health information are well known, their application in today’s world of electronic and personal communication devices is complex – such as texting, e-mailing, and using personal devices such as smart phones and tablet computers. In addition to HIPAA rules, various state licensure laws exist to require confidential information be kept confidential.
This is more important than ever in our new work-from-home and mobile society.
Many security rules regarding protected health information involve how and when protected health information is to be kept confidential and not accessible to others outside of direct patient care. But what is protected health information? Can communications not involving such protected health information be transmitted by non-confidential and non-secure methods? Is even a patient name protected health information?
The ability to text or e-mail health care practitioners and other staff and patients has become a priority for many health care entities and practitioners, especially solo health care practitioners with limited support staff. Maintaining patient privacy and confidentiality is necessary to make sure covered entities meet compliance standards of HIPAA and state licensure laws.
Although e-mailing and texting are convenient for the health care practitioner and patient, these communication methods have security risks and inherent pitfalls. Implementing e-mail and text solutions in the health care setting is a complex issue and several factors must be addressed.
Join this informative webinar by our expert speaker Mark R. Brengelman who will erase the fear, uncertainty, and doubt about exactly how a health care practitioner may use modern texting and e-mailing, both within their own health care organization or facility and to the outside world of patients. Find out how these communications may or may not be required to be retained by the health care practitioner.
Problems and solutions:
- Identifying the basics of HIPAA privacy as to electronic communication devices in the mobile world
- Analyzing the basics of HIPAA and the use of electronic communications to permit their compliant use
- Citing examples of state licensure laws governing protected health information and solving how to apply them to the health care practitioner
- Reviewing elements of privacy notices and communications practices with patients to solve compliance issues
Bonus: Examining website confidentiality and privacy disclaimers for the health care practitioner with their own website about how communications are handled.
Webinar Objectives
- The basics of HIPAA privacy
- The basics of HIPAA and the use of electronic communications
- Examples of state licensure laws governing protected health information
- Elements of privacy notices and communications practices with patients
- Bonus: website confidentiality and privacy disclaimers for the health care practitioner with their own website.
Webinar Agenda
This informative webinar begins with the most basic of questions: Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients?
Find out the answer and examine how the privacy rules of HIPAA allow covered entities and health care providers to communicate electronically, such as through e-mail or texting, with their patients and with other health care practitioners, but only provided those health care practitioners apply reasonable safeguards when doing so. This is mandated by federal administrative regulation.
Specifically, certain precautions need to be taken when using e-mail to avoid unintentional disclosures, such as checking the e-mail address for accuracy before sending or sending an e-mail alert to the patient for address confirmation prior to sending the message.
Further, while the HIPAA privacy rules do not prohibit the use of unencrypted e-mail for treatment-related communications between health care providers and patients, other safeguards should be applied reasonably to protect privacy, such as limiting the amount or type of information disclosed through the unencrypted e-mail. The health care practitioner may include the least amount of protected health information in an unencrypted e-mail.
In addition, covered entities must make sure any transmission electronically of protected health information follows the HIPAA Security Rule requirements of federal law.
Patients have the right under the HIPAA privacy rules to request and have a covered health care provider communicate with them by alternative means or at alternative locations, if reasonable. For example, a health care provider should accommodate an individual’s request to receive appointment reminders via e-mail, rather than on a postcard, if e-mail is a reasonable, alternative means for that health care practitioner or provider to communicate with the patient.
However, if the use of unencrypted e-mail is unacceptable to a patient who requests confidential communications, other means of communicating with the patient, such as by more secure electronic methods, or by mail or telephone, should be offered and accommodated. The patient may also designate a particular e-mail address to use, such as the patient’s personal e-mail and not their work e-mail.
Patients may even initiate communications with a health care practitioner or other provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual. This is implied consent and implied usage.
If the health care practitioner or other provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications.
Uncertainty exists when faced with strict laws. Erase the fear, uncertainty, and doubt by reviewing how patient consent and communication practices can be updated to allow for specific means of electronic communication.
Further erase the uncertainty, fear, and doubt about what other laws, such as state licensure laws, apply to the confidentiality of patient protected health information. Review further some examples of specific state licensures laws that apply to electronic communications that may be stricter than even HIPAA itself.
This webinar is thus an advanced overview of the many rules, both by HIPAA at the federal level and in state licensure laws, that govern e-mailing and texting with patient and with other health care practitioners.
Session 3. How and when may a health care facility be liable for HIPAA violations of its own employees?
This advanced webinar examines the role of social media violations by employees of health care facilities, here a hospital. More importantly, how and when may a health care facility be liable for HIPAA violations of its own employees? This webinar applies to hospitals and other health care facilities.
Erase the fear, uncertainty, and doubt about how a hospital may – or may not – be liable for HIPAA violations by its own employees and whether that misconduct is or is not within the scope of employment for which the hospital will be financially liable.
Find out how two similar legal cases in state court involving hospital employees’ HIPAA violations can have quite different outcomes. Employment remedies are easy against hospital workers who violate HIPAA privacy – they simply get fired. But what about the liability attached to the hospital itself?
This webinar gives the basics of HIPAA privacy as applied to hospitals and employees, with a review of standard social media rules and glaring examples of HIPAA violations for blatant social media abuses. Next, this webinar examines two landmarks -- but divergent – recent state court cases on hospital liability for employee HIPAA violations and social media.
Take a deep dive into how one hospital escaped liability, and another did not. In order to limit liability, this webinar covers employment best practices for social media rules. Finally, the attendees will learn tips and techniques to avoid hospital liability for its employee’s social media violations.
Webinar Objectives
- What is HIPAA privacy applied to health care workers? Learn the basics of HIPAA privacy as applied to hospitals and employees;
- How do health care workers violate HIPAA with social media? Look at examples of social media violations by health care workers;
- What have the courts said about these legal situations? Review detailed analysis of court cases involving hospital liability for employee HIPAA social media violations;
- What can the hospital do to protect itself? List employment best practices for social media rules;
- Are there other consequences for HIPAA social media violations? Look at state employment cases and state licensure board decisions, and;
- Where are the guidelines to help: Understand basic tips and techniques to defend yourself from liability
Webinar Agenda
Employees who violate HIPAA in social media misuse simply get fired. But what happens when the employer, the hospital or other health care entity, is sued for money damages along with the fired employee? Learn how employee social media violations of HIPAA can cause financial ruin for their employing hospital.
Webinar Highlights
- Basics of HIPAA privacy as applied to hospitals and employees;
- Examples of social media violations by health care workers;
- A detailed analysis of court cases involving hospital liability for employee HIPAA social media violations;
- Employment best practices for social media rules;
- Consequences for HIPAA social media violations, and;
- Basic tips and techniques to defend yourself from liability.
Session 4. How HIPAA Privacy Applies To Their Medical Records Of Abortion?
In the post Roe vs. Wade health care world, heath care practitioners must understand how HIPAA privacy applies to their medical records of abortion, as well as the law enforcement exceptions which may swallow the rule. Join this critical webinar by health care attorney, Mark R. Brengelman as it starts with some basic HIPAA privacy requirements then diverts to a review of the law enforcement exceptions that allow state civil investigative agencies and criminal prosecutors to exploit HIPAA rules for various law enforcement purposes to obtain medical records of abortion.
Mark will also focus on a particular section on the unique aspects of mental health records and how therapists are vulnerable to court orders or search warrants for their records where patients may have discussed unplanned pregnancies and their plans for an abortion in a state where it is lawful.
Webinar Agenda
- The basics of HIPAA privacy requirements;
- Exceptions to HIPAA privacy for law enforcement purposes for civil and criminal matters;
- State authority of licensure boards and agencies to exploit HIPAA exceptions against health care practitioners under investigation regarding abortion;
- How exceptions to HIPAA privacy are applied by law enforcement agencies, with an emphasis on medical records of abortion;
- Examples of the many other kinds of records and electronic data that are not protected by HIPAA that may be obtained by law enforcement;
- How prosecutors may investigate and prosecute women who seek abortion care, people who assist them, and the doctors, nurses, and other health care professionals who counsel or provide medical care regarding a woman’s right to choose;
- State open records and investigative laws that apply to protect you when the state licensure board or agency has your patients’ Protected Health Information and medical records of abortion and how those laws have their own exceptions that swallow the confidentiality rule.
Webinar Highlights
- Law enforcement exceptions to confidentiality
- How abortions will be criminally investigated
- When therapists are liable to turn over their patient’s most intimate thoughts as found in their mental health records
- Records and data where HIPAA does not apply that make potential abortion patients vulnerable
- Tips and techniques to defend unwarranted law enforcement intrusion
Session 5. When is a Healthcare Practitioner subject to Subpoena Administratively - How HIPAA can be used for you or against you?
This webinar starts with some basic HIPAA requirements then diverts to a review of state licensure laws that allow state investigative agencies to exploit HIPAA exceptions for various law enforcement purposes. Attendees should have a basic understanding of HIPAA and how state agencies investigate for alleged violations of law.
This webinar reviews core privacy requirements of HIPAA then covers in detail the ways state licensure boards and agencies use the authority of state law to cover HIPAA exceptions and gain access to your patient records. This webinar shows how state agencies use state law in concert with HIPAA exceptions to conduct government-lead investigations.
These exceptions can also be used by federal agencies in the same way.
What authority exists in state law to do so? How does that mesh with the federal law requirements and privacy mandates of HIPAA? What do you do when the government comes calling for protected health information on your patient? Or on all your patients? And because you are in trouble? What do you do when you are under investigation.
Gain a firm understanding of how state law authorizes state licensure boards and agencies to use HIPAA exceptions to gain access to your patients’ protected health information when you are under investigation. Know the state authority under its police powers to protect the health, welfare, moral, and safety of the public in various health care context.
The basic provisions of privacy and security for protected health information are well known. They serve to protect health information of the patient from prying eyes. Yet many exceptions exist that allow state licensure boards and other government agencies to exploit federal HIPAA exceptions to gain access to your patients’ protected health information in the course of an investigation by a state or federal agency.
Why would this happen? Because you are in trouble, and your very license to practice your chosen profession is under investigation and is on the line.
Examine the law enforcement purposes of a civil nature as applied to both the federal and state government and its law enforcement activities where civil investigations are underway that can result in both criminal and civil consequences.
Erase the uncertainty and doubt that exists when the health care practitioner is confronted with a state agency demand for information because you are in trouble and under investigation.
Continue an in-depth focus and find out in this informative webinar that arms you with a more complete knowledge of the HIPAA privacy exceptions for law enforcement purposes of a civil nature as applied to state licensure boards and agencies with jurisdiction over your license to practice your chosen profession.
Webinar Agenda
- The basics of HIPAA privacy requirements
- The basics of HIPAA privacy exceptions with patient consent
- Exceptions to HIPAA privacy for law enforcement purposes for civil matters
- State authority of licensure boards and agencies to exploit HIPAA exceptions
- How exceptions to HIPAA privacy are applied by law enforcement agencies, with an emphasis on state licensure boards and agencies
- State licensure boards and agencies which request Protected Health Information about the patient when you are trouble
- State licensure boards and agencies which request Protected Health Information on multiple patients when you are in trouble
- State open records and investigative laws that apply to protect you when the state licensure board or agency has your patients' Protected Health Information.
Webinar Highlights
- How state licensure agencies investigate
- How state law fits with the HIPAA privacy exceptions
- When is a health care practitioner subject to subpoena administratively
- Where do state open records laws apply to these sought-after records?
- Civil and criminal matters that may result in investigation and inquiry to secure your records
Who Should Attend
- Health care attorneys
- Risk management officers
- Corporate compliance officers in health care
- Medical records staff of medical offices and health care entities
- Hospital attorneys; health care practitioners who are covered entities
- Law enforcement officers in health care compliance
- State boards and agencies with jurisdiction over state licenses to practice a health care profession
What Do You Think About This Webinar?