HIPAA and Business Associates - New Responsibilities and Obligations

Instructor: Jim Sheldon-Dean
Product ID: 702610
  • Duration: 90 Min

recorded version

1x Person - Unlimited viewing for 6 Months
(For multiple locations contact Customer Care)
Recorded Link and Ref. material will be available in My CO Section

Training CD

One CD is for usage in one location only.
(For multiple locations contact Customer Care)
CD and Ref. material will be shipped within 15 business days

Customer Care

Fax: +1-650-963-2556


Read Frequently Asked Questions

This webinar will discuss the significant changes to the HIPAA rules for business associates, the new challenges for HIPAA covered entities and business associates, and new risks for non-compliance and penalties.

Why Should You Attend:

Since the new regulations have expanded the obligations of HIPAA business associates, it is now more important than ever to carefully consider whether a BA designation is appropriate or not – business associate agreements are not to be entered into lightly. The new requirements have a direct impact on what needs to be put into the business associate agreements you establish.

In addition, other changes put into effect new rights of individuals to receive electronic copies of information held electronically, ask for certain restrictions on disclosures, and other capabilities that business associates may need to provide for their covered entity clients. All covered entities, and now, business associates of covered entities as well, need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the changes in the rules.

In addition, business associates have emerged as a leading source of health information breaches, and this course will discuss what covered entities should do to ensure good practices by their business associates in order to avoid the considerable expense of breaches.

Areas Covered in the Webinar:

  • The new regulations will be reviewed and their effects on usual practices for business associates and their relationships with covered entities will be discussed.
  • The course will describe the kinds of entities that now qualify as business associates and why it is important to carefully consider the designation before using it.
  • The webinar instructor will explain what a business associate needs to do differently under the new regulations, provide a policy framework for information security, show what policies need to be changed and how, and describe the required and recommended elements of a business associate agreement, including identifying the template language provided by the US Department of Health and Human Services and its role in the process.
  • The role of state attorneys general in enforcing HIPAA and how it relates to business associates will be discussed.
  • The new enforcement penalty structure and the latest plans for audits by HHS OCR will be described and a plan for being prepared for audits will be discussed.

Who Will Benefit:

This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The titles are:

  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/Lawyer
  • Office Manager
  • Contracts Manager

Instructor Profile:

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Electronic Data Interchange Privacy and Security Workgroup, currently serves on the WEDI Breach Notification sub-workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before regional HFMA chapter meetings and state hospital associations.

Mr. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related websites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Mr. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

Topic Background:

New updates to the HIPAA regulations now being enforced contain numerous changes based, for the most part, on the HITECH Act passed in 2009. Some of the most significant changes have to do with how business associates of HIPAA covered entities are treated under the regulations. HIPAA business associates are now covered directly under the Privacy Rule’s use and disclosure limitations, the Security Rule’s safeguard provisions, and the Breach Notification Rule’s notification requirements, and will be responsible for their own compliance with the regulations, and may be held directly liable for any violations of the regulations.

The latest regulations also change such things as who is a business associate: the definition now casts a much wider net of healthcare business activities, including any business that creates, receives, maintains, or transmits any protected health information on behalf of a HIPAA covered entity or business associate, and even sub-contractors of business associates are also treated as business associates, greatly expanding the pool of entities under regulation to some that may not even be aware they have become HIPAA business associates.

Business associates have new requirements to comply with HIPAA privacy protections and security safeguards, and are subject to enforcement and penalties directly by HHS. Health information exchanges, regional health information exchanges, and e-prescribing gateways are now considered to be business associates, and sub-contractors of business associates are also considered to be business associates under the new rules.

Business associate agreements are now more important than ever, because breaches by business associates are becoming more common and carry tremendous expenses for the affected covered entities. New audit and penalty requirements increase the need to make sure covered entities and business associates are in compliance before HHS OCR knocks on the door. The new penalty structure and the new audit program mean that you are more likely to be audited for HIPAA compliance, and you may be facing significantly higher penalties for non-compliance than ever before. HHS is not the only enforcer of the new rules, state attorneys general can also initiate HIPAA enforcement actions against covered entities and business associates under the law, regardless of the regulations.

Follow us :
ComplianceOnline Banking Summit 2016 | Risk Management and Data Security - 80390SEM
21 CFR Part 11 Compliance for SaaS/Cloud Applications - 80202SEM

Product Reviews Write review

Jim is always a wealth of information. I like that he gives links to get more information. That helps a lot for future reference.- Doctors Community Hospital, CCO/Director, Risk &Safety Management
- Theresa Stevenson

Best Sellers
You Recently Viewed