Course Description:

In July 2012, it was announced that the Minnesota Attorney General had reached a settlement agreement with Accretive, a company that functioned as a business associate for healthcare providers, for violating HIPAA rules when handling patient data.

The case was significant because it was one of the first to be resolved under HIPAA rules for Privacy and Security of Protected Health Information, as applied to Business Associates according to the HITECH Act. These changes and others, relating primarily to the HITECH Act, are expected to be finalized soon in rules to be enforced by the US Department of Health and Human Services Office for Civil Rights.

Besides introducing random audits of providers, the new amendments also make changes to rules pertaining to new patient rights and new restrictions on uses and disclosures by entities.

This seminar will explain the new rules as well as new requirements related to electronic health records that will require changes to policies, procedures, and even notices of privacy practices. Attendees will learn how new limitations on marketing and fund-raising may change how entities can reach out to individuals and the new requirements for disclosers of health information to apply "minimum necessary" standards. The seminar will detail the best practices needed to ensure that a healthcare entity or business associate is in compliance with the act's evolving requirements.

Learning Objective:

Key goals of the conference will include:

  • Learn how the changes to HIPAA came to pass
  • Find out the details of the changes to HIPAA, including new definitions
  • Learn how the new regulations change the way individuals have access to their records, and how much they can find out about who has accessed their records.
  • Find out about how Individuals can now request certain restrictions on disclosures that you must honor.
  • Learn about the new requirements for disclosers of health information to apply “minimum necessary” standards.
  • Understand the new requirements for Business Associates to comply with HIPAA privacy protections and security safeguards and how BAs are subject to enforcement and penalties directly by HHS.
  • Learn how Health Information Exchanges, Regional Health Information Exchanges, and e-Prescribing gateways are now considered to be Business Associates
  • Find out about how new limitations on marketing and fund-raising may change how entities can reach out to individuals.
  • Learn all about how new audit and penalty requirements increase the need to make sure you are in compliance before HHS OCR knocks on the door.

Who will Benefit:

  • Information Security Officers
  • Risk Managers
  • Compliance Officers
  • Privacy Officers
  • Health Information Managers
  • Information Technology Managers
  • Medical Office Managers
  • Chief Financial Officers
  • Systems Managers
  • Legal Counsel
  • Operations Directors
  • Medical Offices, Practice Groups, Hospitals, Academic Medical Centers, Insurers, Business Associates (Shredding, Data Storage, Systems Vendors, Billing Services, etc.)

Course Outline:

Day One     Day Two
  1. HIPAA History and Changes
    1. Structure of the HIPAA Regulations
      1. Privacy Rule
        1. Individual Rights
        2. Restrictions on Uses and Disclosures
      2. Security Rule
      3. Breach Notification Rule
      4. Enforcement Rule
    2. Origin of Changes to HIPAA
    3. Overview of HIPAA Amendments
      1. Expansion of Application
      2. Individual Rights
      3. Restrictions on Uses and Disclosures
      4. Breach Notification
    4. Scope of Changes
      1. History of Implementation
      2. Status of Changes
  2. HIPAA Business Associates
    1. Who Is and Is Not a Business Associate?
      1. The Significance of the BA Designation
    2. How Business Associates Have Changed Under HIPAA
      1. Expansion of Regulations To Business Associates
      2. New Kinds of Business Associates
    3. Appropriate HIPAA Policies for a Business Associate
    4. HIPAA Business Associate Agreements
    5. BAs and Security Compliance
      1. Risk Analysis and Business Associates
  3. Changes to Individual Rights Under HIPAA
    1. New Rights Concerning EHRs
      1. Copies of Electronic Records
      2. Accounting of Disclosures
      3. Necessity for New and Updated Policies
    2. New Rights on Restriction of Disclosures
      1. Requests Must Be Honored
      2. Requires New Policies, Processes, EHR Support
    3. New Rights Concerning Sale of PHI
    4. Changes to CLIA, HIPAA, and Laboratory Information
    5. Rewriting the Notice of Privacy Practices
  4. New Restrictions on Uses and Disclosures
    1. Changes to Minimum Necessary
    2. New Marketing and Fundraising Limitations
      1. Marketing Definitions Revised, Complicated
      2. Necessity to Honor Opt-Outs
    3. New Controls on Sale of PHI
    4. New Responsibilities for EHRs
      1. Must Help Manage Individual Requests, Rights
      2. Must Provide Access for Individuals
      3. Must Provide Access Reports, Accountings
      4. What to Ask Your EHR Vendor About HIPAA

  1. HIPAA Enforcement
    1. Changes to the Enforcement Rule
      1. New Tiered Penalty Structure
      2. Willful Neglect of Compliance
      3. New Higher Penalties
    2. Enforcement Actions
      1. Investigations and Settlements
      2. What Happens When You Ignore HHS-OCR
  2. Preparing for HIPAA Audits and Breach Notification
    1. Review of Questions Asked in Prior Audits
    2. Expansion of HIPAA Audits Under HITECH
    3. Exploration of the HIPAA Audit Protocol
      1. Scope of the Audit Protocol
      2. Using the HIPAA Audit Protocol as a Tool for Compliance Management and Documentation
      3. Policies, Procedures, and the NIST HIPAA Security Rule Toolkit
    4. HIPAA Breach Notification
      1. Who, What, When, and How
      2. Avoiding Breaches
      3. Learning from Breaches
    5. Using Audit Drills to Be Ready for Audits and Breaches
  3. Planning Your Compliance Effort
    1. Consider Compliance As A Series of Projects
    2. Selecting Your Compliance Team
      1. The Importance of Top-Level Support
    3. Selecting Your Compliance Management Tools
      1. The HIPAA Audit Protocol
      2. The NIST HIPAA Security Rule Toolkit
    4. Providing and Documenting Training
    5. Updating and Maintaining Your Compliance Plans

Meet Your Instructor

Jim Sheldon-Dean
Principal and Director of Compliance Services, Lewis Creek Systems, LLC

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, co-chairs the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and co-chairs the WEDI HIPAA Updates and Privacy and Security Meaningful Use sub-workgroups. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of New York City, New York State, Virginia, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

Register Now

Online using Credit card

Get the Invitation
Pre-Register yourself and get the official Invite when venue and dates are announced for this seminar.
Call here to register +1-888-717-2436 or email at [email protected]

Other Registration Option

By order form / PO#

Payment Mode

By Check -
Pay your check to (payee name) “MetricStream Inc” our parent company and Mail the check to:

ComplianceOnline (MetricStream, Inc),
6201 America Center Drive Suite 240
San Jose, CA 95002

By Wire -

Register / Pay by Wire Transfer

Please contact us at +1-888-717-2436 to get details of wire transfer option.

Terms & Conditions to register for the Seminar/Conference/Event

Your Registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-717-2436 or email us @ [email protected]

Payment is required before 2 days of the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. ( our parent company)

Cancellations and Substitutions:
Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund — less a $75 administration fee. No cancellations will be accepted — nor refunds issued — within 10 calendar days from the start date of the event.

On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($75) will be transferred to any future ComplianceOnline event and a credit note will be issued.

Substitutions may be made at any time. No-shows will be charged the full amount.

We discourage onsite registrations, however if you wish to register onsite payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available we will send the material after the conference is over.

In the event ComplianceOnline cancels the seminar, ComplianceOnline is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.

Attendance confirmation and Documents to carry to the seminar venue:
After we receive the payment from the registered attendee an electronic event pass will be sent to the email address associated with the registrant before 5 working days from the seminar date. Please bring the pass to the venue of the event.

Conference photograph / video:
By registering and attending ComplianceOnline conference you agree to have your photographs or videos taken at the conference venue and you do not have any objections to use these photos and videos by ComplianceOnline for marketing, archiving or any other conference related activities. You agree to release ComplianceOnline for any kind of claims arising out of copyright or privacy violations.

Media Partners


Media Partner Benefits
  • Logo and company data on the event website.
  • Logo on the conference material distributed during the conference.
  • Media Partner’s brochure distributed along with conference material.
  • Logo on all the mailings before and after the event.
  • 10% discount to media partner's subscribers.

Media Partner to do
  • Banner (min 728x90 or 468x60) on the Media Partner website.
  • Insertion of the event in the event calendar, both printed and/or online.
  • Announcement article of the conference on the Magazine and/or Website.
  • Dedicated email blast to all subscribers of Media Partner.
  • Article on the Magazine and/or Website after the conference.

Local Attractions

The Philadelphia Museum of Art sits majestically on a rise at the end of the Benjamin Franklin Parkway. The vast collections of this temple of art make it the third-largest art museum in the country, and an absolute must-see on the city's cultural circuit.

Among its impressive holdings in Renaissance, American, Impressionist and Modern art, some standouts include a great Rogier van der Weyden altarpiece, a large Bathers by Cezanne, a room devoted to Philadelphia's own Thomas Eakins, and Marcel Duchamp's notorious mixed-media Bride Stripped Bare by her Bachelors (The Large Glass), exactly as the dada master installed it.

With more than 3,600 acres of rolling hills and well-worn trails, Valley Forge is now a magnet for runners, bicyclists and picnickers as well as history buffs.

The vast expanse of open space links the Schuylkill River Trail to the Horse Shoe Trail, turning the park into a major hub in a 75-mile system linking Philadelphia to the Appalachian Trail.

The Liberty Bell has a new home, and it is as powerful and dramatic as the Bell itself. Throughout the expansive, light-filled Center, larger-than-life historic documents and graphic images explore the facts and the myths surrounding the Bell.

The 160,000-square-foot National Constitution Center explores and explains this amazing document through high-tech exhibits, artifacts, and interactive displays. The Kimmel Theater, a 350-seat star-shaped theater, features “Freedom Rising,” a multimedia production combining film, a live actor and video projection on a 360° screen to tell the stirring story of “We the people.”

An innovator in designing hands-on exhibits before “interactive” became a buzzword, The Franklin Institute is as clever as its namesake. Its eminently touchable attractions explore science in disciplines ranging from sports to space.

Highlights include The Sports Challenge, which uses virtual-reality technology to illustrate the physics of sports; The Train Factory's climb-aboard steam engine; Space Command's simulated earth-orbit research station; a fully equipped weather station; and exhibits on electricity.

The Barnes Foundation was created in 1922, a school originating with Barnes’ educational experimentation in his Argyrol (pharmaceutical) factory. Barnes and The Foundation’s first director of education, John Dewey, were interested in fostering cognitive development through new approaches to education, and in heightening critical-thinking and problem-solving skills through the study of art. Barnes, like Dewey, was actively engaged in development of an intellectual framework and educational philosophies and practices with many of the best artists and thinkers of his day.

One of Philadelphia’s most famous pieces of public art is a bigger-than-life boxer… literally. Originally created for Rocky III, the sculpture is now a real-life monument to a celluloid hero. The fictional Rocky Balboa of Sylvester Stallone’s Rocky movies was immortalized in bronze in 1980. After filming for the movie completed, Stallone donated the statue to the City of Philadelphia.

Franklin Square, one of Philadelphia’s five original public squares laid out by William Penn in his original plan for the city, has undergone a dramatic renovation. The park now boasts several family-friendly attractions, including a miniature golf course, classic carousel, burger joint, storytelling bench, picnic area and more.

We need below information to serve you better



6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube


Copyright © 2023 MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method