Conference Session B
11:30 AM - 12:30 PM
Concurrent Session I
Ask the Experts-Free Advice from the Professionals that Know Best
In the 60 minutes, the three member panel will provide guidance and answers to the most challenging HR and legislative questions affecting Human Resources professionals today. Participants will have the opportunity to submit a question related to the expertise of one of the three panel members and the Session Host will anonymously ask the questions for the panel to respond to.
Speaker Bio
Concurrent Session II
HIPAA Compliance for Business Associates in the Post-Omnibus Final Rule World
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has presented operational challenges and created administrative burdens for Healthcare Providers, Insurance Plans, and Clearinghouses (collectively known as Covered Entities) since the Privacy Rule was enacted in 2003.
As part of the American Recovery and Reinvestment Act, the Health Information and Technology for Economic and Clinical Health Act (HITECH) was first enacted on an interim basis in 2009. The Omnibus Final Rule enacted in early 2013, and effective as of last September, made significant changes to the HIPAA Privacy and Security Rules as well as the Breach Notification Rule first introduced under HITECH.
Chief among these changes are how Business Associates of Covered Entities are affected. The definition of a Business Associate has been expanded to include one who “creates, receives, maintains, or transmits” Protected Health Information (PHI) on behalf of a Covered Entity for a function or activity that is regulated under HIPAA.
As the Human Resources Manager for your organization, it is vitally important to know if your organization is considered to be a “Business Associate” under HIPAA. Attendees will learn specifically what the new requirements for Business Associates (BAs) are including:
- Implementation of Administrative, Physical, and Technical Safeguards required by the Security Rule
- Changes required for Existing and New BA Agreements
- Performance and Documentation of a compliant Security Risk Analysis
- Limitation on the Use, Disclosure and Request of PHI to the “minimum necessary”
- Prohibition of the Sale of PHI in exchange for remuneration without an Individual’s authorization
- Contract Requirements with Subcontractors to include assurance of compliance with HIPAA
- Support of Covered Entities’ compliance with their obligations to report Breaches of Unsecured PHI
- Provision of Access and Copies of PHI you maintain to Individuals upon request
- Making of Certain Amendments to PHI
- Provision of an Accounting of Disclosures when requested or required
- Delivery of Privacy and Security Awareness and Training Programs
- Creation of a Process for the Return or Destruction of PHI upon termination of the BA Agreement
- Encryption Considerations for “Data at Rest”… new for 2014
Beginning Spring 2014, Business Associates are subject to direct audit for compliance with HIPAA by the Department of Health and Human Services, Office for Civil Rights. They are also subject to steep civil penalties for non-compliance. Four hundred BAs will receive audit surveys this year under the new permanent Audit Program. Attendees will learn that a comprehensive program of HIPAA compliance is not only the best defense against a potential audit but also an effective way to minimize contractual liabilities with your existing Covered Entity clients.
Speaker Bio
|
