HIPAA Privacy and Security Summit 2018 HIPAA

Transcript:HIPAA Privacy and Security Summit 2018 HIPAA:
HIPAA Privacy and Security Summit 2018 HIPAA Privacy Rule: Compliance Plans, Training, Internal Audits and Patient Rights Widener University Delaware Law School 1st Healthcare Compliance Wilmington, Delaware November 8, 2018 Catherine E. Walters, Esquire Ann Waldo, JD, CIPP Bybel Rutledge LLP Waldo Law Offices, PLLC Lemoyne, PA Washington, D.C. George W. Bodenger, Esquire Law Offices of George W. Bodenger LLC Radnor, PA Today’s Agenda More on the HIPAA Privacy Rule and compliance Compliance strategies Compliance programs Employee training and education Self audits Patient and provider rights Panel discussion and questions 2 Compliance Strategies Goals Comply with HIPAA privacy standards Protect patient privacy Minimize costs of protecting privacy and compliance Considerations Organization size Treatment relationship Organizational structure 3 Compliance Strategy? ©HarrisBiomedical 4 Compliance Programs The 7 elements of a compliance program: Standards and procedures Oversight by appropriate official Education and training Auditing and monitoring Open lines of communication Enforcement and discipline Response and prevention 5 Compliance Programs HIPAA privacy standards and protocols require coverage of broad territory, for example: Privacy policies and procedures Notice and authorization forms “Minimum Necessary” standard Business associate contracts Access to and amendment of PHI Complaint procedures Documentation procedures and systems Privacy training Privacy auditing and monitoring 6 Policies and Procedures Privacy and Security policies and procedures HIPAA handbooks for office staff and for clinical staff that explain: The privacy and security standards How to protect privacy, confidentiality and security of PHI, including working with patients, patient information, use of health information, safeguarding PHI and following protocols How to report suspected privacy and security incidents Consequences of noncompliance 7 Privacy Policies & Procedures Privacy official designation Staff responsibilities Training and education Reporting of suspected violations Investigation of potential staff violations Sanctions and penalties Business associates Development and maintenance of policies and procedures Documentation and record keeping 8 Privacy Policies & Procedures PHI use and disclosure for numerous different purposes Communications and media relations Notice of privacy practices Authorization of use or disclosure Patient requests to restrict uses/disclosures Personal representatives Parental access to PHI of children Disclosure of PHI to family members 9 Privacy Policies & Procedures Patient access to PHI Amendment of health information Accounting to patients for disclosures Complaints Complaint resolution procedures Mitigation Nonretaliation and protection for whistleblowers 10 Security Policies & Procedures Assigning security responsibility Security management process Risk analysis Risk management Sanction policy Information system activity review Workforce security: Authorization/supervision Workforce clearance Termination procedures