The Health Insurance Portability and Accountability Act (HIPAA) required the Department of Health and Human Services (HHS) to develop standards for protecting the privacy of protected health information (PHI) and the security of electronic personal health records (ePHI). The original regulations have been updated to reflect the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act. The Health Information Technology Act did many things, most notably imposing new notification requirements following a breach of unsecured personal health record. Patients and plan participants whose data has been breached must be notified, Department of Health and Human Services must be notified and in certain instances large media outlets must be notified. The regulations under the HITECH Act require all covered entities to amend their business associate agreements, privacy notices and policies and procedures. The HITECH Act also extended many HIPAA requirements to business associates.
The HITECH Act also increased penalties for HIPAA violations. HHS has recently released guidance on protecting ePHI on mobile devices.
Why Should You Attend
Whether you represent a covered entity or a business associate of a covered entity, there are new rules related to HIPAA compliance and a new emphasis on enforcement that combine to mean you should review your policies and procedures before you get hit with a large fine, or even prison. Health plans are not just the giant insurers. Health plans are also every employer-sponsored plan, with no minimum size. Business associates include any individual or company that uses or discloses protected health information on behalf of a covered entity. While the emphasis, to date, has been on complaint investigation, this is likely to change, given the enactment of tougher enforcement standards under HITECH Act (including the requirement that HHS conduct periodic audits of covered entities and business associates). The HITECH Act strengthens HHS’s enforcement authority. HITECH’s penalty structure represents a significant increase in the liability of covered entities for civil monetary penalties. Under this new rule, HHS can impose up to a $50,000 penalty per violation. Additionally the HITECH Act increases the maximum penalty for all similar violations of the same HIPAA provision in a calendar year to $1,500,000. There was a recent settlement involving two covered entities for a total of almost $5 million.
Areas Covered in this Webinar
The webinar will begin with an introduction to (or refresher on) the basics of HIPAA privacy and security. This will include HIPAA trainings by reviewing the definitions of Covered Entities, Group Health Plans, Medical Care, Business Associates, Protected Health Information and electronic Protected Health Information. The introduction will also review the major obligations of covered entities, the permitted uses and disclosures of PHI, the “minimum necessary rule”, the general security requirements and the key principles behind the security rules. The webinar will discuss the changes made by the HITECH Act and the regulations issued under the Act. This will include a discussion of how the HITECH Act extends some privacy and security obligations to business associates, imposes new notification requirements following a breach of unsecured PHI and increases penalties for violations, including how HHS determines which tier of penalty applies. The webinar will review the timelines for business associates to notify covered entities of breaches and the timelines for covered entities to provide notifications of breaches. The webinar will cover the new enforcement rules and penalties, including new audit requirements. The webinar will cover the new guidance in the regulations regarding what constitutes unsecured PHI. The webinar will discuss the presumption that a breach has occurred and how a business associate or covered entity can demonstrate that a breach of unsecured PHI has not taken place. There will be a discussion of the changes that all covered entities should have already made to their notices of privacy practices.
The webinar will conclude with a review of the guidance from HHS regarding protecting personal health record on mobile devices. During the course of the webinar there will be many examples discussed, including the largest HIPAA settlement to date, the first person to be sent to prison because of HIPAA privacy rule and some of the most frequent causes of HIPAA violations.
Who Will Benefit
Any provider of health care and any employer that sponsors a health plan and any vendor that uses protected health information on behalf of health plans. Some of these titles include:
Mr. Garner is Chief Compliance Officer at Bolton & Company. John Garner is literally "the guy who wrote the book". As the author of the Health Insurance Answer Book, he is one of the most respected benefit consultants in the country. Mr. Garner began his career in employee benefits in 1971. Before joining Bolton, he was the founding principal of Garner Consulting in Pasadena, California. Prior to founding Garner Consulting, he was a principal in the Los Angeles office of Towers Perrin, where he worked for over ten years. Prior to that he managed a group claim office for Lincoln National Life.
Previously he supervised a claim office for Prudential, where he also served as an underwriter. Mr. Garner serves as the national legislative and government affairs advisor for the Disability Management Employer Coalition. He is a past chair of the CEBS Committee for the International Foundation of Employee Benefit Plans (the committee with academic oversight on the Certified Employee Benefit Specialist program). He is a past member of the Governing Council of the International Society of Certified Employee Benefit Specialists and is a past president of the Los Angeles Chapter. Mr. Garner is also a past president of the Employee Benefit Planning Association of Southern California, the Los Angeles Life and Accident Claim Association and the Western Claim Conference. He is on the Board of Directors of the Western Claim Conference and the Los Angeles Chapter of the International Society of Certified Employee Benefit Specialists.
Mr. Garner is a past member of the Governing Council of the International Society of Certified Employee Benefit Specialists. He is the author of the Health Insurance Answer Book, co-author of the Medical/Disability Claims Handbook and articles that have appeared in numerous publications, including an award-winning article that appeared in the Journal of Financial Service Professionals. His articles have also appeared in Benefits Magazine, Benefits & Compensation Digest, Managed Care Quarterly and many others. He is a frequent speaker; among the groups he has addressed are the International Foundation of Employee Benefit Plans, the International Society of Certified Employee Benefit Specialists and various Bar Associations. Mr. Garner received his B.A. degree from Occidental College in 1971 (where he was a member of Omicron Delta Epsilon, the Honor Society in Economics).
He is a Chartered Life Underwriter, a Certified Employee Benefits Specialist, a Group Benefit Associate, Retirement Plans Associate, a Certified Management Consultant, and a Certified Flexible Compensation Instructor. He is a Fellow of the International Society of Certified Employee Benefit Specialists and a member of the Los Angeles Association of Health Underwriters, the California Association of Health Underwriters, the National Association of Health Underwriters, the Society of Financial Service Professionals and the Institute of Management Consultants. He is past chairman of the community health education committee for the Greater Los Angeles division of the March of Dimes. He is a past member of the Occidental College Alumni Association Board of Governors. He has been quoted in the Wall Street Journal, the New York Times and the Los Angeles Times and many other publications.View all trainings by this speaker