Session 1 - E-mailing, texting, and the use of personal devices by health care professionals – HIPAA and privacy Myths vs Reality
Pre-recorded Webinar (Get Instantly)
60 minutes
Webinar Description
While the basic provisions of privacy for protected health information are well known, their application in today’s world of electronic and personal communication devices is complex – such as texting, e-mailing, and using personal devices such as smart phones and tablet computers. In addition to HIPAA rules, various state licensure laws exist to require confidential information be kept confidential.
This is more important than ever in our new work-from-home and mobile society.
Many security rules regarding protected health information involve how and when protected health information is to be kept confidential and not accessible to others outside of direct patient care. But what is protected health information? Can communications not involving such protected health information be transmitted by non-confidential and non-secure methods? Is even a patient name protected health information?
The ability to text or e-mail health care practitioners and other staff and patients has become a priority for many health care entities and practitioners, especially solo health care practitioners with limited support staff. Maintaining patient privacy and confidentiality is necessary to make sure covered entities meet compliance standards of HIPAA and state licensure laws.
Although e-mailing and texting are convenient for the health care practitioner and patient, these communication methods have security risks and inherent pitfalls. Implementing e-mail and text solutions in the health care setting is a complex issue and several factors must be addressed.
Erase the fear, uncertainty, and doubt about exactly how a health care practitioner may use modern texting and e-mailing, both within their own health care organization or facility and to the outside world of patients. Find out how these communications may or may not be required to be retained by the health care practitioner.
Webinar Objectives
- Identifying the basics of HIPAA privacy as to electronic communication devices in the mobile world;
- Analyzing the basics of HIPAA and the use of electronic communications to permit their compliant use;
- Citing examples of state licensure laws governing protected health information and solving how to apply them to the health care practitioner;
- Reviewing elements of privacy notices and communications practices with patients to solve compliance issues;
- Bonus: examining website confidentiality and privacy disclaimers for the health care practitioner with their own website about how communications are handled.
Webinar Agenda
This informative webinar begins with the most basic of questions: Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients?
Find out the answer and examine how the privacy rules of HIPAA allow covered entities and health care providers to communicate electronically, such as through e-mail or texting, with their patients and with other health care practitioners, but only provided those health care practitioners apply reasonable safeguards when doing so. This is mandated by federal administrative regulation.
Specifically, certain precautions need to be taken when using e-mail to avoid unintentional disclosures, such as checking the e-mail address for accuracy before sending, or sending an e-mail alert to the patient for address confirmation prior to sending the message.
Further, while the HIPAA privacy rules do not prohibit the use of unencrypted e-mail for treatment-related communications between health care providers and patients, other safeguards should be applied reasonably to protect privacy, such as limiting the amount or type of information disclosed through the unencrypted e-mail. The health care practitioner may include the least amount of protected health information in an unencrypted e-mail.
In addition, covered entities must make sure any transmission electronically of protected health information follows the HIPAA Security Rule requirements of federal law.
Patients have the right under the HIPAA privacy rules to request and have a covered health care provider communicate with them by alternative means or at alternative locations, if reasonable. For example, a health care provider should accommodate an individual’s request to receive appointment reminders via e-mail, rather than on a postcard, if e-mail is a reasonable, alternative means for that health care practitioner or provider to communicate with the patient. B
However, if the use of unencrypted e-mail is unacceptable to a patient who requests confidential communications, other means of communicating with the patient, such as by more secure electronic methods, or by mail or telephone, should be offered and accommodated. The patient may also designate a particular e-mail address to use, such as the patient’s personal e-mail and not their work e-mail.
Patients may even initiate communications with a health care practitioner or other provider using e-mail. If this situation occurs, the health care provider can assume (unless the patient has explicitly stated otherwise) that e-mail communications are acceptable to the individual. This is implied consent and implied usage.
If the health care practitioner or other provider feels the patient may not be aware of the possible risks of using unencrypted e-mail, or has concerns about potential liability, the provider can alert the patient of those risks, and let the patient decide whether to continue e-mail communications.
Uncertainty exists when faced with strict laws. Erase the fear, uncertainty, and doubt by reviewing how patient consent and communication practices can be updated to allow for specific means of electronic communication.
Further erase the uncertainty, fear, and doubt about what other laws, such as state licensure laws, apply to the confidentiality of patient protected health information. Review further some examples of specific state licensures laws that apply to electronic communications that may be stricter than even HIPAA itself.
This webinar is thus an advanced overview of the many rules, both by HIPAA at the federal level and in state licensure laws, that govern e-mailing and texting with patient and with other health care practitioners.
Session 2 - Understand The Tier Wise Sanctions & Penalties Under HIPAA & Learn How To Perform A Proper Risk Assessment To Uncover Vulnerabilities?
Live Webinar - August 28, 2024
Time - 01:00 PM ET | 12:00 PM CT
60 minutes
Webinar Description
The basic provisions of privacy for protected health information are well known, but their application in today’s world of electronic and personal communication devices is complex. On-going training and education of the health care workforce is a necessary requirement to comply with HIPAA. That on-going training and education involves the performance and completion of a Risk Assessment under HIPAA rules in order to gauge and evaluate the vulnerability to HIPAA violations of any given health care covered entity. Performing a proper Risk Assessment will hopefully uncover vulnerabilities that the covered entity will correct. But what if there is a breach, nonetheless? What can be done or shown to demonstrate one’s good-faith efforts to comply?
Erase the fear, uncertainty, and doubt about exactly how a health care practitioner as a covered entity can mitigates fines and sanctions applicable to a HIPAA violation and breach of protected health information. Learn the basic structure of penalties for HIPAA violations including the complicated, subjective HIPAA violation penalty tiers, Tiers 1 to 4. Review a summary of criminal penalties that can arise out of a HIPAA violation, too. Analyze common HIPAA violations and see how intent and preparation either help or harm your case.
Find out how the failure to do just that one thing may cost a covered entity dearly in a $650,000 administrative fine case where the lack of one component was a specific factor in assessing such harsh sanctions.
In addition, discover how best to avoid HIPAA violations in the first place with a Top Five Takeaways that will mitigate the sanctions applied in the event a violation occurs.
Webinar Objectives
This webinar will address the problem areas of HIPAA sanctions and financial penalties a covered entity can avoid or mitigate.
Webinar Agenda
This webinar will serve as an introduction to HIPAA and the importance of on-going training and education. The pain areas of the significance of a proper HIPAA Risk Assessment and elements of a HIPAA Risk Assessment will help the covered entity.
The basics of Tiers 1 to 4 for HIPAA violations and monetary sanctions are important to know in advance. Once that is covered, the webinar will examine the unusual case of the $650,000 penalty.
In addition, the webinar will conclude with the top five takeaways for compliance
Webinar Highlights
- Introduction to HIPAA
- Importance of on-going training and education
- Significance of a proper HIPAA Risk Assessment
- Elements of a HIPAA Risk Assessment
- Basics of Tiers 1 to 4 for HIPAA violations and monetary sanctions
- Examination of the case of the $650,000 penalty
- Top five takeaways for compliance
Who Should Attend
Health care attorneys; corporate compliance officers in health care; medical records staff of medical offices and health care entities; hospital attorneys; health care practitioners who are covered entities; law enforcement officers in health care compliance; state boards and agencies with jurisdiction over state licenses to practice a health care profession
What Do You Think About This Webinar?