Patient Access of Records under HIPAA - New HHS Guidance, New Focus for HIPAA Audits

Instructor: Jim Sheldon-Dean
Product ID: 704757
  • Duration: 90 Min

recorded version

1x Person - Unlimited viewing for 6 Months
(For multiple locations contact Customer Care)
Recorded Link and Ref. material will be available in My CO Section
Last Recorded Date: Jun-2016

Training CD / USB Drive

One CD/USB is for usage in one location only.
(For multiple locations contact Customer Care)
CD/USB and Ref. material will be shipped within 15 business days

Customer Care

Fax: +1-650-362-2367


Read Frequently Asked Questions

This training program will help health information professionals understand what they have to do, and when, and what to keep in mind as they move forward, in order to be in compliance with the new HHS guidance. It will provide a comprehensive look at the guidance and the changes in the HIPAA rules on access and prepare attendees for the process of incorporating the guidance and the changes in how they do business in their facilities.

Why Should You Attend:

Medical laboratories are now required to provide individual access to test records, and will need to have processes to authenticate those who request information and the means to ensure that the correct results are provided to authenticated individuals.

HHS has also issued guidance on issues relating to access of mental health records and the records of minors, clarifying what information may be provided or not, depending on the information and other circumstances. The guidance also includes information on dealing with law enforcement requests for information on alleged violators of the law.

In this webinar, the new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be changed and how. The course will show what policies and evidence you may need to produce if you are audited by the HHS Office of Civil Rights, which has already indicated that compliance with the rules on patient access of records is a significant problem that is likely to be a focus of the new HIPAA audits in 2016.

A four-tier violation schedule with mandatory fines for willful neglect of compliance starts at $10,000 for willful neglect even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. Any reports of willful neglect are required to be investigated under the law, and even violations for a reasonable cause or with reasonable diligence taken are subject to penalty. The course will discuss what is necessary to avoid penalties and make sound compliance decisions.

Areas Covered in the Webinar:

  • Learn about the new guidance from HHS on access of PHI by individuals.
  • Learn about the new access rights under HIPAA and CLIA regulations.
  • Learn about the guidance from HHS regarding access of mental health information and minors' information.
  • Find out what the regulations call for and what processes you must have in place for the proper approval and denial of access as appropriate.
  • Learn about the required process for the review of certain denials of access.
  • Learn how e-mail and texting should be handled, what can go wrong, and what can result when it does.
  • Find out about HIPAA requirements for access and patient preferences, as well as the requirements to protect PHI.
  • Learn about the training and education that must take place to ensure your staff handles access requests properly.
  • Learn about how the HIPAA audits are under way and enforcement activities are now being increased, and what you need to do to survive a HIPAA audit or investigation.

Who Will Benefit:

Medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The titles are:

  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/Lawyer
  • Office Manager
  • Contracts Manager

Instructor Profile:

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Mr. Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Topic Background:

Changes modifying the HIPAA Privacy and Security Regulations have gone into place over the last few years, providing new rights of access and communications for individuals, and HHS has recently published and updated new guidance on the topic. Now, HHS officials have announced that the provision of access will be one of the focal points for the new HIPAA Audits taking place in 2016. Covered entities, and particularly those that use electronic health records (EHRs), need to meet the new access and disclosure rules. And if you are required to have a HIPAA Notice of Privacy Practices, you may need to update that to properly show all the rights that patients have.

Patient rights under HIPAA have been expanded to include several new rights of access, and extensive new guidance on access of records has been issued and expanded. Tied to access are rights of communication that allow individuals to request communications and transmission of PHI to them in the format they wish, if reasonably possible. HIPAA now provides for individual rights to receive electronic copies of records held electronically, and to directly access test results from laboratories. The changes to rules having to do with patient access of records will need to be reflected in every health care-related organization’s policies and procedures.

Providing access must appropriately consider a number of issues specified in the rules, as to what access is permitted, and how it is provided. Procedures for responding to requests for access and handling the provision of access, or its denial, appropriately is required and is expected to be a focal point in the 2016 HIPAA Audits. Costs must be carefully considered; records should be provided for free if possible; electronic access may be provided for a flat fee of $6.50 – these are all issues covered in the new guidance from HHS.

In addition, there is guidance from HHS about how to treat access to mental health information and information pertaining to minors, including giving due consideration to patient requests and safety issues of the patient and others.

Perhaps most importantly, the HIPAA Audits of 2012 revealed that providing the proper patient access to information is a significant compliance problem, and the new HIPAA Audit program by HHS is expected to include reviews of patient access policies and practices. It is expected that HHS will be focusing on current access issues, having to do with the costs to individuals for access of records and the proper handling of denials of access.

All HIPAA-covered providers need to review their HIPAA compliance, policies, and procedures to see if they are prepared to be in full compliance and meet the requirements of the changes in the rules. Compliance is required and violations for willful neglect of the rules begin at $10,000.

Follow us :
HIPAA Privacy Rule Compliance-Understanding New Rules and Responsibilities of Privacy Officer
Biostatistics for the Non-Statistician

Refund Policy

Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. ComplianceOnline would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange.

Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time.

If you have any concern about the content of the webinar and not satisfied please contact us at below email or by call mentioning your feedback for resolution of the matter.

We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email call +1-888-717-2436 (Toll Free).

Product Reviews

This product hasn't received any reviews yet. Be the first to review this product! Write review

Best Sellers
You Recently Viewed