This one-day seminar will cover the HIPAA Privacy Standards, the HIPAA Security Standards and Nevada state laws governing medical information. Going beyond these basics, the seminar will also cover:
- OCR Guidance And Enforcement Activity
- HIPAA Compliance For 'Business Associates'
- HIPAA Compliance For 'Small Group Health Plans' (Employer And Union Plans)
- The Release Of Medical Information Pursuant To A Subpoena After HIPAA
9:00 a.m. - 10:20 a.m.
I. Regulatory Requirements: The HIPAA Privacy Standards
This session will provide a thorough treatment of the HIPAA Privacy Standards covering the use and disclosure of Protected Health Information. The speaker will discuss the impact these regulations will have on health care providers, health plans and other associated businesses, including mandated policies and procedures and staff training. The speaker will also discuss all relevant requirements of the law, including authorizations, the various categories of authorization required for certain uses and disclosures, procedures for obtaining and documenting authorizations, who can sign authorizations, privacy practices notices, complex entity rules, the access, amendment and disclosure accounting rights of patients and employees, dealing with personal representatives, the procedures required for compliance and civil and criminal penalties for noncompliance.
10:20 a.m. - 10:35 a.m.
10:35 a.m. - 11:40 a.m.
II. The HIPAA Privacy Standards And Nevada Confidentiality Law: Reconciling State Law And The Privacy
Under the HIPAA Privacy Standards, Nevada state laws concerning medical information confidentiality are not necessarily pre-empted. Instead, state laws which are more stringent continue to apply. The speaker's presentation will provide detailed coverage of current Nevada state medical information confidentiality laws, indicate those laws that may be regarded as more stringent under HIPAA, and outline what continue compliance will require under the mixed federal/state system now in effect. Particular attention will be paid to uses and disclosures for 'treatment, payment and operations' purposes, research, marketing, fund-raising and disclosures to law enforcement.
11:40 a.m. - 12:00 p.m.
III. Questions And Answers
12:00 p.m. - 1:00 p.m.
Lunch (On Your Own)
1:00 p.m. - 2:00 p.m.
IV. Regulatory Requirements: The HIPAA Security Standards
This presentation will provide a detailed discussion of the HIPAA Security Standards and their application to 'electronic protected health information' held by covered entities. Key definitions will be examined and each of the security standards will be explained, along with the corresponding required, addressable and intermediate implementation specifications. This session will also cover the criteria to be used for 'scalability' decision making.
2:00 p.m. - 2:45 p.m.
V. Office Of Civil Rights: Guidance And Enforcement Position
The Office of Civil Rights has issued substantial amounts of guidance material on the HIPAA Privacy Standards. In this presentation, the speaker will categorize that guidance into subject areas and present an overall summary of the guidance available, pointing out interpretive developments that he believes are particularly useful to covered entities. The speaker will also summarize enforcement actions taken to date by the OCR, and discuss expected enforcement trends.
2:45 p.m. - 3:00 p.m.
3:00 p.m. - 3:30 p.m.
VI. HIPAA Compliance For Business Associates
This session will discuss the requirements placed on 'business associates' and what will be required to establish compliance. Mr. Testolin will review key elements of 'business associate agreements' and provide negotiating tips to avoid potential problem areas. Last, the session will advise 'business associates' on providing 'protected health information' to subcontractors.
3:30 p.m. - 4:00 p.m.
VII. HIPAA Compliance For Small Group Health Plans
This session will cover the special HIPAA rules applicable to 'group health plans.' Topics for discussion will include plan-sponsor communications, 'organized health care arrangements' and 'hybrid entity' rules, required plan document amendments and their impact on operations and required policies, procedures and forms.
4:00 p.m. - 4:30 p.m.
VIII. The Release Of Medical Information Pursuant To A Subpoena After HIPAA
This session will discuss the requirements of the HIPAA Privacy Standards and Nevada state law that will dramatically impact drafting and responding to subpoenas for medical information, and will provide guidance for effective access. Accessing specific categories of information that are afforded special protections will be emphasized. This session should not be missed by anyone who subpoenas medical information or responds to such subpoenas.