SlideShare a Scribd company logo

HIPAA Changes 2024 Conference

Conference Panel
Conference Panel

The document summarizes key points from a presentation on anticipated changes to HIPAA privacy and security regulations for 2024 and beyond. It discusses proposed 2023 rule changes enhancing protections for reproductive health information. These changes are being extended into 2024 through ongoing rulemaking. The presentation covers differences between privacy and security, employee training requirements, best practices for cybersecurity and incident response, and conclusions on avoiding liability when new regulations take effect.

Healthcare
1 of 18
Download to read offline
HIPAA Changes for 2024 and Beyond Conference Panel Wednesday, December 6, 2023 by Mark R. Brengelman, JD, MA Attorney at Law Frankfort, Kentucky 1
About Mark R. Brengelman • Holds Bachelor's and Master's Degrees in Philosophy from Emory University, Atlanta, Georgia • Earned a Juris Doctorate from the University of Kentucky College of Law, Lexington, Kentucky • Served out a successful twenty-year career with state government in Kentucky, including…. now in private practice since 2012 • Was a former Assistant Attorney General assigned to multiple state licensure boards in health care and other professions – General Counsel and Prosecuting Attorney • Has presented Continuing Education for over 50 national and state organizations and private companies, including the Kentucky Office of the Attorney General, the Kentucky Bar Association, the National Attorneys General Training and Research Institute, the Federation of Associations of Regulatory Boards, and eight of its member associations in psychology, physical therapy, dentistry, nursing, veterinary medicine, emergency medical services, state licensed contractors, and athletic trainers • Has represented all three branches of state government and now a local municipality in governmental ethics and now a state licensure board Represents: • licensees before state boards and in other professional matters • two state licensure boards • parents and kids in confidential child abuse and neglect cases, termination of parental rights, and adoption proceedings I help health care practitioners, kids/parents, and government agencies navigate the law and ethics and make the rules understandable as applied to them.
Based upon the content of this program, you will be able effectively to identify: • Introduction to federal regulatory process-notice and comment rulemaking • Overview of proposed HIPAA Privacy Rule changes for 2023 • Why these 2023 changes are extended into 2024 • HIPAA security and privacy-what’s the difference anymore • Training your employees-what’s really required • Cybersecurity-why it’s more important now • Self-audits, remediation, and implementation of improvements • Best practices for responding to a security incident • Lessons learned from the most recent cyberattack investigation • Cybersecurity sanctions policies to support HIPAA compliance • Conclusion: avoiding risk and liability with best practices to anticipate HIPAA changes for 2024 but not yet in effect HIPAA changes for 2024 and beyond 3
Disclaimer! Goals of the content of this program – what this does and does not cover: • Does provide a broad overview of anticipated proposed HIPAA changes for 2024 in the federal notice and comment rulemaking system • Does not cover everything about anticipated proposed HIPAA changes for 2024 – current proposed rule changes in 2023 consisted of 48 pages in the Federal Register! • Does educate the person attending to ask the right questions in their own profession/health care entity about changes in compliance with federal law under HIPAA to look for in 2024 • Additional disclaimer – I do not work in the area of federal administrative rulemaking (state rulemaking, yes), and I do not work daily in the area of HIPAA compliance; I work in professional licensure and regulation of health care professionals – all aspects touch in some part on HIPAA as to confidentiality HIPAA changes for 2024 and beyond 4
Introduction to HIPAA changes for 2024 and beyond – we start with 2023 rule changes: • Why start in 2023? • The Department of Health and Human Services published proposed amendments to HIPAA to further safeguard the privacy of reproductive health care information in 2023 – April 17, 2023 • This was the biggest change in the proposed rules in…..how long? • Comments were due sixty days later by June 16, 2023; nearly 26,000 comments were filed; some publicly released and searchable (more to come? all to come?) – preliminary conclusions from the comments • This is somewhat old data • Why were these proposed rule changes significant? • Incorporated guidance documents into the law • Responded to the U.S. Supreme Court’s Dobbs v. Jackson Women's Health Organization decision on abortion recognizing state-by-state differences – even more so now in 2023/2024; • Example: Ohio constitutional amendment • The proposed amended HIPAA rule prohibits the use and disclosure of this information for certain criminal, civil, and administrative investigations and proceedings where reproductive health care is legal in the state that it was provided or under federal law • This HIPAA update would preempt contrary state law in these narrow situations -- for 2023, there are also proposed corresponding changes, such as to the requirements for notices of privacy practices and requiring attestations for certain requests for information potentially related to reproductive health care HIPAA changes for 2024 and beyond 5
Existing guidance and why that is not enough: • After the Supreme Court officially published the Dobbs v. Jackson Women's Health Organization decision on June 24, 2022, the federal Department for Health and Human Services published two guidance documents related to the privacy of reproductive health care information • What is a guidance document? Does it have the force of law? Yes and no…. • Guidance documents are suggestions to individuals regarding how to comply with the law - while helpful, the Department for Health and Human Services could only provide increased HIPAA protections through notice-and-comment rulemaking – it had to change the black and white law (you can’t be found guilty of not following guidance) • Guidance documents – a “pet peeve” of mine in the law for state agencies • Example: “use a secure digital platform” – guidance document says that 16-bit, double-ended encryption is “secure” • But only “the law” can mandate 16-bit, double-ended encryption as being required under the law • While the guidance document can give a safe-harbor provision basically saying “if you use 16-bit, double-ended encryption,” then you won’t get in trouble with us;” after all, it may be the case that 8-bit, double encryption is sufficient • The first guidance document identified how HIPAA currently applies to the privacy of reproductive health care information, emphasizing that it permits but does not require disclosures of this information – state law may apply here both for or against release – HIPAA allows for state law to apply (i.e., mandatory reporting of child abuse/neglect) HIPAA changes for 2024 and beyond 6
Existing guidance and why that is not enough: • The second guidance document clarified that HIPAA does not apply to health information on consumer devices or stored with most consumer apps, which is otherwise the existing HIPAA laws – we should know this • Why is this important? Lots of information on these apps – not private! Subject to subpoena without any HIPAA privacy protections at all • In conclusion for our introduction, these proposed changes for 2023 and extending in to 2024 will involve next steps for covered entities and business associates alike • This is still on-going! No time limit to publish the final rule – covered entities will have 180 days to comply fully with any changes (hint: employee training is important!) • See webinar dated October 3, 2023: “HIPAA and Proposed Changes for 2023” HIPAA changes for 2024 and beyond 7
HIPAA security and privacy – what’s the difference? • Security and privacy concepts are merging – result of evolution of Electronic Health Records and direct patient access on secured health care applications (apps) on your smartphone; • Privacy and security were two distinct concepts – now, the two rules seem to be alike in many ways • Patients more clearly have a right in 2024 to have direct access to their own medical records • In the absence of direct access, covered entities have to respond to individual and specific requests, to verify the identity of the person requesting the medical record, and to handle correctly medical records data with third parties • Note: this has always been true with Business Associates, and smartphone apps raise this liability HIPAA changes for 2024 and beyond 8
Training your employees – what’s really required? • Initial training vs. training as needed – is annual training the solution to the latter? • Needs to address cyber-awareness and especially phishing; • Focus on phishing: even law firms are vulnerable; Example: pulling the plug (literally) • Examples: spoofing an e-mail from a valid sender (who’s been hacked) with general instructions; • Examples: spoofing an e-mail from a valid sender (who’s been hacked) with specific instructions, like a bank transfer notice; • Health care is the most vulnerable to cyber hackers; two-factor identification is the easiest, most efficient way to protect sensitive information • Employee and worker education are critical – must include all employees and volunteers • Differentiate between workers who have direct access to medical records/PHI vs. others • Why is this important? Facility liability for all workers! • Cyberattacks are growing and are more sophisticated – even my own PCP office! • Minimal standards: identify signs of attack or phishing; correctly report the incident, and; take steps to safeguard against threats HIPAA changes for 2024 and beyond 9
Cybersecurity best practices – why’s it more important now? • New changes and updated standards are now grounds for government enforcement; • Data protection – designed to prevent data breaches and data theft; • Why health care data is so valuable; • Must conduct a Security Risk Assessment; • See webinar “How to Conduct a HIPAA Risk Assessment and the Surprising Danger of Not Doing One;” June 15, 2023 • Spoiler alert: the surprising danger of not doing one was that the government held it against you in a HIPAA investigation – as a practical matter, a risk assessment may have caught the problem first HIPAA changes for 2024 and beyond 10
Best practices for responding to a security incident: • Health and Human Services lists all breaches reported to HHS within the last 24 months that are under some kind of investigation; • Note: investigations either exonerate or implicate – “innocent until proven guilty;” • Monitor this list to gauge the current state of cyberattacks and data breaches; • Prevention: review all Information Technology and computer assets and compile a list • Example: new technology – cast made of the foot using a computer tablet and high-resolution camera; • Analyze once detected: watch for attack and breach indicators; if a possible breach is detected, then review all IT devices and re-secure them • Example: your main Personal Computer is hacked; spreads to a smartphone when someone uses their smartphone to check business e-mail . . . because the main computers are down • Contain, eradicate, and recover • Stop the attack (IT containment plan); • Eradicate the breach (removing malware, resetting passwords, completing all necessary software updates) • Restore your systems using most-recent back-up if necessary, and resume business as usual; • Post-incident review: very little time spent on this; review the incident and use it for future instruction; improve your response plan – update your current procedures; HIPAA changes for 2024 and beyond 11
Lessons learned from the most recent cyberattack investigation: • Barely 30 days ago, HHS settled a ransomware cyberattack investigation involving a Business Associate; • Entity was “Doctor’s Management Services,” a Massachusetts medical management company that provided medical billing and payor credentialing services; • Large breach report affecting the electronic medical records of 206K persons - $100K settlement; • Ransomware – type of malware (malicious, unauthorized software) that denies access to the user’s own data (usually encrypting it with a computer key used by the hacker) until a ransom is paid; • First ever ransomware settlement agreement that HHS has reached (October was cybersecurity awareness month); • Investigation showed: • Evidence of potential failures to determine risks/vulnerabilities; • Insufficient monitoring of health information systems’ activity to protect against cyberattack; • Lack of policies and procedures in place to implement the HIPAA Security Rule to protect confidentiality, integrity, and availability of electronic Protected Health Information; • Outcome: $100K fine; government monitoring for three years; implementation of a corrective action plan including Risk Analysis to identify problems; Risk Management Plan to fix them; update written policies and procedures; provide workforce training on HIPAA policies and procedures HIPAA changes for 2024 and beyond 12
Cybersecurity sanctions policies to support HIPAA compliance: • From HSS directly – part of its Threat Brief detailing types of social engineering that hackers use to gain control and access to healthcare information systems and data; • Recommended protective measures: “hold every department accountable” – sanction policies; • Apply to your own Human Resources and employees/workers/volunteers; • Prediction: lack of a sanctions policy will be used against you in a future investigation involving a breach that is traceable to a single person or persons • The Privacy Rule requires covered entities to “have and apply appropriate sanctions against members of its workforce who fail to comply with the privacy policies and procedures of the covered entity or the requirements of [the Privacy Rule] or [the Breach Notification Rule] of this part.” • The Security Rule requires covered entities and business associates to: “[a]pply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity or business associate.” • Elements include the functions of a sanctions policy, the content of what a sanction policy would look like, and the execution of sanctioning consistently within an organization • This is beyond the scope of today’s presentation – could be another entire webinar • Applicability to a single health care practitioner as a covered entity? HIPAA changes for 2024 and beyond 13
Conclusion: Summary and tips for avoiding liability and risk with coming HIPAA changes for 2024: For individual health care practitioners: • As to state law: read and understand your profession’s practice act and know what current practice standards are and current confidentiality in general under state law – usually the standards are very broad in professional licensure, but more detailed in mental health professions • Use a nationally recognized and “HIPAA compliant” software and medical records system – it may allow you to flag and to separate PHI related to reproductive health care • Train all your staff and re-train them when HIPAA changes • Note: what I do drills down only to a single health care practitioner as a covered entity HIPAA changes for 2024 and beyond 14
Conclusion: Summary and tips for avoiding liability and risk with coming HIPAA changes: For health care facilities: • Know your HIPAA confidentiality and coming changes or hire someone who does – your facility is liable • Have regular training on HIPAA rules for everyone (employees/volunteers) – recommended annual training for anyone who has access to PHI – especially for facilities that provide reproductive health care • Document your facility’s Risk Assessments accurately to include these changes – that is your best defense to a federal HIPAA investigation that will mitigate damages if there is a security breach or improper disclosure of PHI on reproductive health care • Large entities will have their own IT and HIPAA compliance offices, so just do that! HIPAA changes for 2024 and beyond 15
Did we get to cover all the following? • Introduction to federal regulatory process-notice and comment rulemaking • Overview of proposed HIPAA Privacy Rule changes for 2023 • Why these 2023 changes are extended into 2024 • HIPAA security and privacy-what’s the difference anymore • Training your employees-what’s really required • Cybersecurity-why it’s more important now • Self-audits, remediation, and implementation of improvements • Best practices for responding to a security incident • Lessons learned from the most recent cyberattack investigation • Cybersecurity sanctions policies to support HIPAA compliance • Conclusion: avoiding risk and liability with best practices to anticipate HIPAA changes for 2024 but not yet in effect HIPAA changes for 2024 and beyond 16
Thank You! Questions? Register Now 17
18 Visit Now

Recommended

2023 Proposed HIPAA Amendments: What You Need to Know
2023 Proposed HIPAA Amendments: What You Need to Know2023 Proposed HIPAA Amendments: What You Need to Know
2023 Proposed HIPAA Amendments: What You Need to KnowConference Panel
 
HIPAA Boot Camp: A Step-by-Step Guide to Achieving Compliance
HIPAA Boot Camp: A Step-by-Step Guide to Achieving ComplianceHIPAA Boot Camp: A Step-by-Step Guide to Achieving Compliance
HIPAA Boot Camp: A Step-by-Step Guide to Achieving ComplianceConference Panel
 
Use of E-mailing, Texting, and Personal Devices by Health Care Professionals ...
Use of E-mailing, Texting, and Personal Devices by Health Care Professionals ...Use of E-mailing, Texting, and Personal Devices by Health Care Professionals ...
Use of E-mailing, Texting, and Personal Devices by Health Care Professionals ...Conference Panel
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
What is HIPAA Landscape for 2022?
What is HIPAA Landscape for 2022?What is HIPAA Landscape for 2022?
What is HIPAA Landscape for 2022?Conference Panel
 
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...Conference Panel
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019Jose Ivan Delgado, Ph.D.
 

Recommended

2023 Proposed HIPAA Amendments: What You Need to Know
2023 Proposed HIPAA Amendments: What You Need to Know2023 Proposed HIPAA Amendments: What You Need to Know
2023 Proposed HIPAA Amendments: What You Need to KnowConference Panel
 
HIPAA Boot Camp: A Step-by-Step Guide to Achieving Compliance
HIPAA Boot Camp: A Step-by-Step Guide to Achieving ComplianceHIPAA Boot Camp: A Step-by-Step Guide to Achieving Compliance
HIPAA Boot Camp: A Step-by-Step Guide to Achieving ComplianceConference Panel
 
Use of E-mailing, Texting, and Personal Devices by Health Care Professionals ...
Use of E-mailing, Texting, and Personal Devices by Health Care Professionals ...Use of E-mailing, Texting, and Personal Devices by Health Care Professionals ...
Use of E-mailing, Texting, and Personal Devices by Health Care Professionals ...Conference Panel
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
What is HIPAA Landscape for 2022?
What is HIPAA Landscape for 2022?What is HIPAA Landscape for 2022?
What is HIPAA Landscape for 2022?Conference Panel
 
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...Conference Panel
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rssupportc2go
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019Jose Ivan Delgado, Ph.D.
 
The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...CureMD
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersJason Karn
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...Michigan Primary Care Association
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Xiaoming Zeng
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...Skoda Minotti
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilituescomplianceexpert
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleMichigan Primary Care Association
 
HIPAA
HIPAAHIPAA
HIPAAAlanoud Alqoufi
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxCHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxchristinemaritza
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibuswardell henley
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simpleJose Ivan Delgado, Ph.D.
 
HIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk AssessmentHIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk AssessmentConference Panel
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
Chapter 10 Privacy and Security of Health RecordsLearnin.docx
Chapter 10 Privacy and Security of Health RecordsLearnin.docxChapter 10 Privacy and Security of Health RecordsLearnin.docx
Chapter 10 Privacy and Security of Health RecordsLearnin.docxcravennichole326
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...Conference Panel
 
The 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical ProvidersThe 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical ProvidersConference Panel
 

More Related Content

Similar to HIPAA Changes 2024 Conference

The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...CureMD
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...M2SYS Technology
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersJason Karn
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...Michigan Primary Care Association
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Xiaoming Zeng
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...Skoda Minotti
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilituescomplianceexpert
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleMichigan Primary Care Association
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxCHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxchristinemaritza
 
HIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk AssessmentHIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk AssessmentConference Panel
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
Chapter 10 Privacy and Security of Health RecordsLearnin.docx
Chapter 10 Privacy and Security of Health RecordsLearnin.docxChapter 10 Privacy and Security of Health RecordsLearnin.docx
Chapter 10 Privacy and Security of Health RecordsLearnin.docxcravennichole326
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHarshit Trivedi
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 

Similar to HIPAA Changes 2024 Conference (20)

The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for Researchers
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS Community
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilitues
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
 
HIPAA
HIPAAHIPAA
HIPAA
 
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docxCHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
CHAPTER3 Maintaining ComplianceMANY LAWS AND REGULATIONS.docx
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibus
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
HIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk AssessmentHIPAA Compliance Made Easy: Conducting a Risk Assessment
HIPAA Compliance Made Easy: Conducting a Risk Assessment
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 
Chapter 10 Privacy and Security of Health RecordsLearnin.docx
Chapter 10 Privacy and Security of Health RecordsLearnin.docxChapter 10 Privacy and Security of Health RecordsLearnin.docx
Chapter 10 Privacy and Security of Health RecordsLearnin.docx
 
HIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability ActHIPPA-Health Insurance Portability and Accountability Act
HIPPA-Health Insurance Portability and Accountability Act
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
 

More from Conference Panel

Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...Conference Panel
 
The 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical ProvidersThe 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical ProvidersConference Panel
 
Protecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital LandscapesProtecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital LandscapesConference Panel
 
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024Nursing Standards in Hospital Accreditation: CMS Guidelines 2024
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024Conference Panel
 
Implementing CMS Hospital QAPI Guidelines for 2024
Implementing CMS Hospital QAPI Guidelines for 2024Implementing CMS Hospital QAPI Guidelines for 2024
Implementing CMS Hospital QAPI Guidelines for 2024Conference Panel
 
Exploring the Revised Medicare 855 Enrollment Form for 2024
Exploring the Revised Medicare 855 Enrollment Form for 2024Exploring the Revised Medicare 855 Enrollment Form for 2024
Exploring the Revised Medicare 855 Enrollment Form for 2024Conference Panel
 
Demystifying Shared Care and "Incident To" Billing: 2024 Updates
Demystifying Shared Care and "Incident To" Billing: 2024 UpdatesDemystifying Shared Care and "Incident To" Billing: 2024 Updates
Demystifying Shared Care and "Incident To" Billing: 2024 UpdatesConference Panel
 
Understanding CPT Code Revisions in 2024
Understanding CPT Code Revisions in 2024Understanding CPT Code Revisions in 2024
Understanding CPT Code Revisions in 2024Conference Panel
 
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...Conference Panel
 
Provider Enrollment Excellence: A Strategic Program Guide
Provider Enrollment Excellence: A Strategic Program GuideProvider Enrollment Excellence: A Strategic Program Guide
Provider Enrollment Excellence: A Strategic Program GuideConference Panel
 
What Physicians Need to Know: CMS Final Rules 2024
What Physicians Need to Know: CMS Final Rules 2024What Physicians Need to Know: CMS Final Rules 2024
What Physicians Need to Know: CMS Final Rules 2024Conference Panel
 
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...Conference Panel
 
Demystifying the 2024 OIG Audit Selection Criteria
Demystifying the 2024 OIG Audit Selection CriteriaDemystifying the 2024 OIG Audit Selection Criteria
Demystifying the 2024 OIG Audit Selection CriteriaConference Panel
 
Medicare Preventive Care: A CMS Perspective
Medicare Preventive Care: A CMS PerspectiveMedicare Preventive Care: A CMS Perspective
Medicare Preventive Care: A CMS PerspectiveConference Panel
 
Part B Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part B Unpacking the 2023 CMS Hospital Infection Prevention MandatesPart B Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part B Unpacking the 2023 CMS Hospital Infection Prevention MandatesConference Panel
 
Part A Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part A Unpacking the 2023 CMS Hospital Infection Prevention MandatesPart A Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part A Unpacking the 2023 CMS Hospital Infection Prevention MandatesConference Panel
 
Key Elements of CMS Emergency Preparedness Regulations
Key Elements of CMS Emergency Preparedness RegulationsKey Elements of CMS Emergency Preparedness Regulations
Key Elements of CMS Emergency Preparedness RegulationsConference Panel
 
Prepare for October 2023: ICD-10 Coding Changes Ahead
Prepare for October 2023: ICD-10 Coding Changes AheadPrepare for October 2023: ICD-10 Coding Changes Ahead
Prepare for October 2023: ICD-10 Coding Changes AheadConference Panel
 
Navigating the CMS Physician Proposed Rule 2024: What You Need to Know
Navigating the CMS Physician Proposed Rule 2024: What You Need to KnowNavigating the CMS Physician Proposed Rule 2024: What You Need to Know
Navigating the CMS Physician Proposed Rule 2024: What You Need to KnowConference Panel
 
2023 CMS Swing Bed Requirements and Updates
2023 CMS Swing Bed Requirements and Updates2023 CMS Swing Bed Requirements and Updates
2023 CMS Swing Bed Requirements and UpdatesConference Panel
 

More from Conference Panel (20)

Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
 
The 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical ProvidersThe 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical Providers
 
Protecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital LandscapesProtecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital Landscapes
 
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024Nursing Standards in Hospital Accreditation: CMS Guidelines 2024
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024
 
Implementing CMS Hospital QAPI Guidelines for 2024
Implementing CMS Hospital QAPI Guidelines for 2024Implementing CMS Hospital QAPI Guidelines for 2024
Implementing CMS Hospital QAPI Guidelines for 2024
 
Exploring the Revised Medicare 855 Enrollment Form for 2024
Exploring the Revised Medicare 855 Enrollment Form for 2024Exploring the Revised Medicare 855 Enrollment Form for 2024
Exploring the Revised Medicare 855 Enrollment Form for 2024
 
Demystifying Shared Care and "Incident To" Billing: 2024 Updates
Demystifying Shared Care and "Incident To" Billing: 2024 UpdatesDemystifying Shared Care and "Incident To" Billing: 2024 Updates
Demystifying Shared Care and "Incident To" Billing: 2024 Updates
 
Understanding CPT Code Revisions in 2024
Understanding CPT Code Revisions in 2024Understanding CPT Code Revisions in 2024
Understanding CPT Code Revisions in 2024
 
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...
 
Provider Enrollment Excellence: A Strategic Program Guide
Provider Enrollment Excellence: A Strategic Program GuideProvider Enrollment Excellence: A Strategic Program Guide
Provider Enrollment Excellence: A Strategic Program Guide
 
What Physicians Need to Know: CMS Final Rules 2024
What Physicians Need to Know: CMS Final Rules 2024What Physicians Need to Know: CMS Final Rules 2024
What Physicians Need to Know: CMS Final Rules 2024
 
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...
 
Demystifying the 2024 OIG Audit Selection Criteria
Demystifying the 2024 OIG Audit Selection CriteriaDemystifying the 2024 OIG Audit Selection Criteria
Demystifying the 2024 OIG Audit Selection Criteria
 
Medicare Preventive Care: A CMS Perspective
Medicare Preventive Care: A CMS PerspectiveMedicare Preventive Care: A CMS Perspective
Medicare Preventive Care: A CMS Perspective
 
Part B Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part B Unpacking the 2023 CMS Hospital Infection Prevention MandatesPart B Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part B Unpacking the 2023 CMS Hospital Infection Prevention Mandates
 
Part A Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part A Unpacking the 2023 CMS Hospital Infection Prevention MandatesPart A Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part A Unpacking the 2023 CMS Hospital Infection Prevention Mandates
 
Key Elements of CMS Emergency Preparedness Regulations
Key Elements of CMS Emergency Preparedness RegulationsKey Elements of CMS Emergency Preparedness Regulations
Key Elements of CMS Emergency Preparedness Regulations
 
Prepare for October 2023: ICD-10 Coding Changes Ahead
Prepare for October 2023: ICD-10 Coding Changes AheadPrepare for October 2023: ICD-10 Coding Changes Ahead
Prepare for October 2023: ICD-10 Coding Changes Ahead
 
Navigating the CMS Physician Proposed Rule 2024: What You Need to Know
Navigating the CMS Physician Proposed Rule 2024: What You Need to KnowNavigating the CMS Physician Proposed Rule 2024: What You Need to Know
Navigating the CMS Physician Proposed Rule 2024: What You Need to Know
 
2023 CMS Swing Bed Requirements and Updates
2023 CMS Swing Bed Requirements and Updates2023 CMS Swing Bed Requirements and Updates
2023 CMS Swing Bed Requirements and Updates
 

Recently uploaded

Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In Chandigarh
Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In ChandigarhHot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In Chandigarh
Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In ChandigarhVip call girls In Chandigarh
 
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In Ludhiana
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In LudhianaHot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In Ludhiana
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In LudhianaRussian Call Girls in Ludhiana
 
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...delhimodelshub1
 
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...Vip call girls In Chandigarh
 
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...delhimodelshub1
 
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...High Profile Call Girls Chandigarh Aarushi
 
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking ModelsDehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Modelsindiancallgirl4rent
 
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabad
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service HyderabadCall Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabad
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...High Profile Call Girls Chandigarh Aarushi
 
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591adityaroy0215
 
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service HyderabadCall Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabaddelhimodelshub1
 
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012Call Girls Service Gurgaon
 
Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...
Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...
Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...delhimodelshub1
 
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girls Service Gurgaon
 
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...delhimodelshub1
 

Recently uploaded (20)

Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In Chandigarh
Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In ChandigarhHot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In Chandigarh
Hot Call Girl In Chandigarh 👅🥵 9053'900678 Call Girls Service In Chandigarh
 
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In Ludhiana
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In LudhianaHot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In Ludhiana
Hot Call Girl In Ludhiana 👅🥵 9053'900678 Call Girls Service In Ludhiana
 
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Saloni 9907093804 Independent Escort Service Hyd...
 
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
 
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
Russian Call Girls Hyderabad Indira 9907093804 Independent Escort Service Hyd...
 
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service LucknowVIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
 
Call Girl Dehradun Aashi 🔝 7001305949 🔝 💃 Independent Escort Service Dehradun
Call Girl Dehradun Aashi 🔝 7001305949 🔝 💃 Independent Escort Service DehradunCall Girl Dehradun Aashi 🔝 7001305949 🔝 💃 Independent Escort Service Dehradun
Call Girl Dehradun Aashi 🔝 7001305949 🔝 💃 Independent Escort Service Dehradun
 
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...
Call Girls Service Chandigarh Grishma ❤️🍑 9907093804 👄🫦 Independent Escort Se...
 
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking ModelsDehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
Dehradun Call Girls Service 7017441440 Real Russian Girls Looking Models
 
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
 
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabad
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service HyderabadCall Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabad
Call Girl Hyderabad Madhuri 9907093804 Independent Escort Service Hyderabad
 
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
 
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
 
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service HyderabadCall Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
Call Girls in Hyderabad Lavanya 9907093804 Independent Escort Service Hyderabad
 
Call Girl Lucknow Gauri 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
Call Girl Lucknow Gauri 🔝 8923113531 🔝 🎶 Independent Escort Service LucknowCall Girl Lucknow Gauri 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
Call Girl Lucknow Gauri 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
 
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
VIP Call Girls Sector 67 Gurgaon Just Call Me 9711199012
 
Model Call Girl in Subhash Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Subhash Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Subhash Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Subhash Nagar Delhi reach out to us at 🔝9953056974🔝
 
Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...
Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...
Russian Call Girls in Hyderabad Ishita 9907093804 Independent Escort Service ...
 
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service GurgaonCall Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
Call Girl Gurgaon Saloni 9711199012 Independent Escort Service Gurgaon
 
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
hyderabad call girl.pdfRussian Call Girls in Hyderabad Amrita 9907093804 Inde...
 

HIPAA Changes 2024 Conference

  • 1. HIPAA Changes for 2024 and Beyond Conference Panel Wednesday, December 6, 2023 by Mark R. Brengelman, JD, MA Attorney at Law Frankfort, Kentucky 1
  • 2. About Mark R. Brengelman • Holds Bachelor's and Master's Degrees in Philosophy from Emory University, Atlanta, Georgia • Earned a Juris Doctorate from the University of Kentucky College of Law, Lexington, Kentucky • Served out a successful twenty-year career with state government in Kentucky, including…. now in private practice since 2012 • Was a former Assistant Attorney General assigned to multiple state licensure boards in health care and other professions – General Counsel and Prosecuting Attorney • Has presented Continuing Education for over 50 national and state organizations and private companies, including the Kentucky Office of the Attorney General, the Kentucky Bar Association, the National Attorneys General Training and Research Institute, the Federation of Associations of Regulatory Boards, and eight of its member associations in psychology, physical therapy, dentistry, nursing, veterinary medicine, emergency medical services, state licensed contractors, and athletic trainers • Has represented all three branches of state government and now a local municipality in governmental ethics and now a state licensure board Represents: • licensees before state boards and in other professional matters • two state licensure boards • parents and kids in confidential child abuse and neglect cases, termination of parental rights, and adoption proceedings I help health care practitioners, kids/parents, and government agencies navigate the law and ethics and make the rules understandable as applied to them.
  • 3. Based upon the content of this program, you will be able effectively to identify: • Introduction to federal regulatory process-notice and comment rulemaking • Overview of proposed HIPAA Privacy Rule changes for 2023 • Why these 2023 changes are extended into 2024 • HIPAA security and privacy-what’s the difference anymore • Training your employees-what’s really required • Cybersecurity-why it’s more important now • Self-audits, remediation, and implementation of improvements • Best practices for responding to a security incident • Lessons learned from the most recent cyberattack investigation • Cybersecurity sanctions policies to support HIPAA compliance • Conclusion: avoiding risk and liability with best practices to anticipate HIPAA changes for 2024 but not yet in effect HIPAA changes for 2024 and beyond 3
  • 4. Disclaimer! Goals of the content of this program – what this does and does not cover: • Does provide a broad overview of anticipated proposed HIPAA changes for 2024 in the federal notice and comment rulemaking system • Does not cover everything about anticipated proposed HIPAA changes for 2024 – current proposed rule changes in 2023 consisted of 48 pages in the Federal Register! • Does educate the person attending to ask the right questions in their own profession/health care entity about changes in compliance with federal law under HIPAA to look for in 2024 • Additional disclaimer – I do not work in the area of federal administrative rulemaking (state rulemaking, yes), and I do not work daily in the area of HIPAA compliance; I work in professional licensure and regulation of health care professionals – all aspects touch in some part on HIPAA as to confidentiality HIPAA changes for 2024 and beyond 4
  • 5. Introduction to HIPAA changes for 2024 and beyond – we start with 2023 rule changes: • Why start in 2023? • The Department of Health and Human Services published proposed amendments to HIPAA to further safeguard the privacy of reproductive health care information in 2023 – April 17, 2023 • This was the biggest change in the proposed rules in…..how long? • Comments were due sixty days later by June 16, 2023; nearly 26,000 comments were filed; some publicly released and searchable (more to come? all to come?) – preliminary conclusions from the comments • This is somewhat old data • Why were these proposed rule changes significant? • Incorporated guidance documents into the law • Responded to the U.S. Supreme Court’s Dobbs v. Jackson Women's Health Organization decision on abortion recognizing state-by-state differences – even more so now in 2023/2024; • Example: Ohio constitutional amendment • The proposed amended HIPAA rule prohibits the use and disclosure of this information for certain criminal, civil, and administrative investigations and proceedings where reproductive health care is legal in the state that it was provided or under federal law • This HIPAA update would preempt contrary state law in these narrow situations -- for 2023, there are also proposed corresponding changes, such as to the requirements for notices of privacy practices and requiring attestations for certain requests for information potentially related to reproductive health care HIPAA changes for 2024 and beyond 5
  • 6. Existing guidance and why that is not enough: • After the Supreme Court officially published the Dobbs v. Jackson Women's Health Organization decision on June 24, 2022, the federal Department for Health and Human Services published two guidance documents related to the privacy of reproductive health care information • What is a guidance document? Does it have the force of law? Yes and no…. • Guidance documents are suggestions to individuals regarding how to comply with the law - while helpful, the Department for Health and Human Services could only provide increased HIPAA protections through notice-and-comment rulemaking – it had to change the black and white law (you can’t be found guilty of not following guidance) • Guidance documents – a “pet peeve” of mine in the law for state agencies • Example: “use a secure digital platform” – guidance document says that 16-bit, double-ended encryption is “secure” • But only “the law” can mandate 16-bit, double-ended encryption as being required under the law • While the guidance document can give a safe-harbor provision basically saying “if you use 16-bit, double-ended encryption,” then you won’t get in trouble with us;” after all, it may be the case that 8-bit, double encryption is sufficient • The first guidance document identified how HIPAA currently applies to the privacy of reproductive health care information, emphasizing that it permits but does not require disclosures of this information – state law may apply here both for or against release – HIPAA allows for state law to apply (i.e., mandatory reporting of child abuse/neglect) HIPAA changes for 2024 and beyond 6
  • 7. Existing guidance and why that is not enough: • The second guidance document clarified that HIPAA does not apply to health information on consumer devices or stored with most consumer apps, which is otherwise the existing HIPAA laws – we should know this • Why is this important? Lots of information on these apps – not private! Subject to subpoena without any HIPAA privacy protections at all • In conclusion for our introduction, these proposed changes for 2023 and extending in to 2024 will involve next steps for covered entities and business associates alike • This is still on-going! No time limit to publish the final rule – covered entities will have 180 days to comply fully with any changes (hint: employee training is important!) • See webinar dated October 3, 2023: “HIPAA and Proposed Changes for 2023” HIPAA changes for 2024 and beyond 7
  • 8. HIPAA security and privacy – what’s the difference? • Security and privacy concepts are merging – result of evolution of Electronic Health Records and direct patient access on secured health care applications (apps) on your smartphone; • Privacy and security were two distinct concepts – now, the two rules seem to be alike in many ways • Patients more clearly have a right in 2024 to have direct access to their own medical records • In the absence of direct access, covered entities have to respond to individual and specific requests, to verify the identity of the person requesting the medical record, and to handle correctly medical records data with third parties • Note: this has always been true with Business Associates, and smartphone apps raise this liability HIPAA changes for 2024 and beyond 8
  • 9. Training your employees – what’s really required? • Initial training vs. training as needed – is annual training the solution to the latter? • Needs to address cyber-awareness and especially phishing; • Focus on phishing: even law firms are vulnerable; Example: pulling the plug (literally) • Examples: spoofing an e-mail from a valid sender (who’s been hacked) with general instructions; • Examples: spoofing an e-mail from a valid sender (who’s been hacked) with specific instructions, like a bank transfer notice; • Health care is the most vulnerable to cyber hackers; two-factor identification is the easiest, most efficient way to protect sensitive information • Employee and worker education are critical – must include all employees and volunteers • Differentiate between workers who have direct access to medical records/PHI vs. others • Why is this important? Facility liability for all workers! • Cyberattacks are growing and are more sophisticated – even my own PCP office! • Minimal standards: identify signs of attack or phishing; correctly report the incident, and; take steps to safeguard against threats HIPAA changes for 2024 and beyond 9
  • 10. Cybersecurity best practices – why’s it more important now? • New changes and updated standards are now grounds for government enforcement; • Data protection – designed to prevent data breaches and data theft; • Why health care data is so valuable; • Must conduct a Security Risk Assessment; • See webinar “How to Conduct a HIPAA Risk Assessment and the Surprising Danger of Not Doing One;” June 15, 2023 • Spoiler alert: the surprising danger of not doing one was that the government held it against you in a HIPAA investigation – as a practical matter, a risk assessment may have caught the problem first HIPAA changes for 2024 and beyond 10
  • 11. Best practices for responding to a security incident: • Health and Human Services lists all breaches reported to HHS within the last 24 months that are under some kind of investigation; • Note: investigations either exonerate or implicate – “innocent until proven guilty;” • Monitor this list to gauge the current state of cyberattacks and data breaches; • Prevention: review all Information Technology and computer assets and compile a list • Example: new technology – cast made of the foot using a computer tablet and high-resolution camera; • Analyze once detected: watch for attack and breach indicators; if a possible breach is detected, then review all IT devices and re-secure them • Example: your main Personal Computer is hacked; spreads to a smartphone when someone uses their smartphone to check business e-mail . . . because the main computers are down • Contain, eradicate, and recover • Stop the attack (IT containment plan); • Eradicate the breach (removing malware, resetting passwords, completing all necessary software updates) • Restore your systems using most-recent back-up if necessary, and resume business as usual; • Post-incident review: very little time spent on this; review the incident and use it for future instruction; improve your response plan – update your current procedures; HIPAA changes for 2024 and beyond 11
  • 12. Lessons learned from the most recent cyberattack investigation: • Barely 30 days ago, HHS settled a ransomware cyberattack investigation involving a Business Associate; • Entity was “Doctor’s Management Services,” a Massachusetts medical management company that provided medical billing and payor credentialing services; • Large breach report affecting the electronic medical records of 206K persons - $100K settlement; • Ransomware – type of malware (malicious, unauthorized software) that denies access to the user’s own data (usually encrypting it with a computer key used by the hacker) until a ransom is paid; • First ever ransomware settlement agreement that HHS has reached (October was cybersecurity awareness month); • Investigation showed: • Evidence of potential failures to determine risks/vulnerabilities; • Insufficient monitoring of health information systems’ activity to protect against cyberattack; • Lack of policies and procedures in place to implement the HIPAA Security Rule to protect confidentiality, integrity, and availability of electronic Protected Health Information; • Outcome: $100K fine; government monitoring for three years; implementation of a corrective action plan including Risk Analysis to identify problems; Risk Management Plan to fix them; update written policies and procedures; provide workforce training on HIPAA policies and procedures HIPAA changes for 2024 and beyond 12
  • 13. Cybersecurity sanctions policies to support HIPAA compliance: • From HSS directly – part of its Threat Brief detailing types of social engineering that hackers use to gain control and access to healthcare information systems and data; • Recommended protective measures: “hold every department accountable” – sanction policies; • Apply to your own Human Resources and employees/workers/volunteers; • Prediction: lack of a sanctions policy will be used against you in a future investigation involving a breach that is traceable to a single person or persons • The Privacy Rule requires covered entities to “have and apply appropriate sanctions against members of its workforce who fail to comply with the privacy policies and procedures of the covered entity or the requirements of [the Privacy Rule] or [the Breach Notification Rule] of this part.” • The Security Rule requires covered entities and business associates to: “[a]pply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity or business associate.” • Elements include the functions of a sanctions policy, the content of what a sanction policy would look like, and the execution of sanctioning consistently within an organization • This is beyond the scope of today’s presentation – could be another entire webinar • Applicability to a single health care practitioner as a covered entity? HIPAA changes for 2024 and beyond 13
  • 14. Conclusion: Summary and tips for avoiding liability and risk with coming HIPAA changes for 2024: For individual health care practitioners: • As to state law: read and understand your profession’s practice act and know what current practice standards are and current confidentiality in general under state law – usually the standards are very broad in professional licensure, but more detailed in mental health professions • Use a nationally recognized and “HIPAA compliant” software and medical records system – it may allow you to flag and to separate PHI related to reproductive health care • Train all your staff and re-train them when HIPAA changes • Note: what I do drills down only to a single health care practitioner as a covered entity HIPAA changes for 2024 and beyond 14
  • 15. Conclusion: Summary and tips for avoiding liability and risk with coming HIPAA changes: For health care facilities: • Know your HIPAA confidentiality and coming changes or hire someone who does – your facility is liable • Have regular training on HIPAA rules for everyone (employees/volunteers) – recommended annual training for anyone who has access to PHI – especially for facilities that provide reproductive health care • Document your facility’s Risk Assessments accurately to include these changes – that is your best defense to a federal HIPAA investigation that will mitigate damages if there is a security breach or improper disclosure of PHI on reproductive health care • Large entities will have their own IT and HIPAA compliance offices, so just do that! HIPAA changes for 2024 and beyond 15
  • 16. Did we get to cover all the following? • Introduction to federal regulatory process-notice and comment rulemaking • Overview of proposed HIPAA Privacy Rule changes for 2023 • Why these 2023 changes are extended into 2024 • HIPAA security and privacy-what’s the difference anymore • Training your employees-what’s really required • Cybersecurity-why it’s more important now • Self-audits, remediation, and implementation of improvements • Best practices for responding to a security incident • Lessons learned from the most recent cyberattack investigation • Cybersecurity sanctions policies to support HIPAA compliance • Conclusion: avoiding risk and liability with best practices to anticipate HIPAA changes for 2024 but not yet in effect HIPAA changes for 2024 and beyond 16