Over many years, the heads of the US DHHS have indicated that patient access of information is a key priority in order to improve the health of the nation. Patient rights under HIPAA have been expanded to include several rights of access, and detailed guidance has been issued on access of records. And two of the most recent HIPAA enforcement actions were against entities that did not provide patient access to records properly. HHS is now using HIPAA Individual Access Rights to effectively implement new rules on prohibitions to Data Blocking.
The rules having to do with patient access of records need to be reflected in every health care-related organization’s policies and procedures. The guidance provides clear and detailed information on how to provide access, what can be charged for in fees, and what the individual’s rights are when it comes to access of information. The rallying cry for easy patient access and transfer of information increases daily and is no longer escapable.
HIPAA now provides for individual rights to receive electronic copies of records held electronically, and patients have rights under HIPAA and the Clinical Laboratory Improvement Amendments (CLIA) to directly access test results from the laboratories creating the data. Electronic record systems must be designed and implemented to securely provide access for patients to their information. These changes must be respected by entities subject to the HIPAA rules through modifications to policies and notices, and training of staff to reflect the new requirements.
The leadership of HHS has indicated that it takes patient access of information very seriously and will make that a regulatory priority.
All HIPAA-covered entities need to review their HIPAA compliance, policies, and procedures to see if they are prepared to be in full compliance and meet the requirements of the rules. Compliance is required and penalties for violations for willful neglect of the rules now begin at more than $11,000.
- Learn about the access rights under HIPAA and CLIA regulations.
- Learn about the extensive guidance from the HHS Office of Civil Rights on access of PHI.
- Find out what the regulations call for and what processes you must have in place for the proper approval and denial of access as appropriate.
- Learn about the required process for the review of certain denials of access.
- Learn how e-mail and texting should be handled, what can go wrong, and what can result when it does.
- Find out about HIPAA requirements for access and patient preferences, as well as the requirements to protect PHI.
- Learn about the training and education that must take place to ensure your staff handles access requests properly.
- Learn about how the HIPAA audit and enforcement activities are now being increased and what you need to do to survive a HIPAA audit.
- Current topics of interest to be discussed include:
- Using texting and e-mail for patient engagement and reminders
- Current enforcement and audit activity
- Ensuring individuals have adequate access of their information under the rules
- The place of Information Security and incident management under the HIPAA Security and Breach Notification Rules will be explained.
- Processes to be used in managing security, mitigating risks, and handling incidents will be explained.
Who Will Benefit
Attendees should include Compliance Officers, Privacy and Security Officers, and leadership and staff in health information management, information security, and patient relations, as well as staff in patient intake and front-line patient relations and any others that are involved in, interested in, or responsible for, patient communications, information management, and privacy and security of Protected Health Information under HIPAA, including:
- Compliance director
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
Industries who can attend
This 90 -minute online course is intended for professionals in the Healthcare.
Faculty Jim Sheldon-Dean
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than 20 years of experience specializing in HIPAA compliance, more than 38 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician.