Updating HIPAA Compliance in Medical Offices


Instructor: Jim Sheldon-Dean
Product ID: 703330

  • Duration: 60 Min
This HIPAA compliance training will focus on the privacy policies and Notices of Privacy Practices that must be updated to ensure compliance with the final HIPAA Omnibus rule. Attendees will learn best practices to avoid breaches and penalties for non-compliance.
Last Recorded Date: Apr-2014


1 Person Unlimited viewing for 6 month info Recorded Link and Ref. material will be available in My CO Section
(For multiple locations contact Customer Care)

1 USB is for usage in one location only. info CD/USB and Ref. material will be shipped within 15 business days
(For multiple locations contact Customer Care)



Customer Care

Fax: +1-650-362-2367

Email: [email protected]

Read Frequently Asked Questions

Why Should You Attend:

The new Omnibus update to the HIPAA regulations now in effect contains numerous changes based, for the most part, on The HITECH Act passed in 2009. Some of the most significant changes for medical offices have to do with changes to individual rights under HIPAA that require updates in policies and procedures and must be properly noted in their forms and notices.

This webinar will review the new regulations and will discuss their effects on HIPAA policies. It will describe the new rights that must be added to a medical office’s policies and NPP, and identify the places where current rights need to be modified. It will also discuss typical policy content and describe the places where changes have to be ideally made, and discuss the information that needs to be added or removed to meet requirements most efficiently and economically. Sample policies will be examined.

This webinar will also examine a typical NPP and describe the places where changes might best be made, and discuss the information that needs to be added or removed to meet requirements most efficiently and economically. The work that must be done for updating HIPAA compliance for medical offices will be outlined, with a to-do list of activities that must be undertaken to ensure compliance, and identification of additional resources and templates.

Areas Covered in the Webinar:

  • Updates to HIPAA privacy policies and Notices of Privacy Practices to comply with new rules that came into force in September 2013
  • Schedule of implementation and scope of changes
  • Changes to be made to Breach notification policies
  • What must be included in privacy notices under the updated rules
  • New rights of individuals to restrict disclosure of information
  • Changes with respect to fundraising activity and the NPP
  • Re-evaluation of marketing activity by healthcare operations
  • How you should update your policies and your NPP – how do you document them, to whom does the new NPP go, and how?

Who Will Benefit:

This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The titles are:

  • Compliance director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Compliance Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager

Instructor Profile:

Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, co-chairs the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and co-chairs the WEDI HIPAA Updates and Privacy and Security Meaningful Use sub-workgroups. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of New York City, New York State, Virginia, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania.

Mr. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

Topic Background:

All HIPAA-covered healthcare providers must update the way they deal with certain patient requests and certain business activities, or face stiff penalties. All HIPAA covered entities that currently provide a Notice of Privacy Practices must update their NPPs to reflect the changes in individual rights. Violations are subject to enforcement that can include fines up to $50,000. Changes to policies and notices will be necessary in areas of patient access to records, restrictions of disclosures, marketing, fundraising, breach notification, and more.

Included are new requirements for the NPP to include notice of fundraising activity and an opportunity to opt out, new requirements for individuals to provide authorization for the sale of PHI, new rights of access to electronic records, new rights to restrict certain disclosures, and rights of notice in the event of a breach. Health Plans also have changes related to the Genetic Information Nondiscrimination Act (GINA) that must be reflected in their NPPs.

Reimbursed marketing activity that may have been permissible without authorization from the individual under the old rules used to require notice in the NPP. Now all such marketing activity paid for, above costs, by a third party wishing to promote a product or service will require authorization. The changes are numerous and many are subtle and require an in depth examination of your Notice of Privacy Practices.

The final amendments to HIPAA resulting from the HITECH Act are now in effect and fully enforceable. The amendments require changes in several areas of operation, including health information management, marketing, fundraising, breach notification, and security, and many of the changes will require significant effort to implement.

Every HIPAA covered entity is required to have a Notice of Privacy Practices that accurately reflects patient rights and practices at the entity. Because there are new finalized changes to the HIPAA rules, the NPP for every organization having one must be updated. There are new requirements about fundraising activity, new controls on the sale of PHI, new rights of access and restrictions, and the right to be notified if there is a privacy breach. The new areas to be included will be discussed and explained, and areas that no longer need notice will also be discussed.

Follow us :



Refund Policy

Our refund policy is governed by individual products and services refund policy mentioned against each of offerings. However in absence of specific refund policy of an offering below refund policy will be effective.
Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. ComplianceOnline would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange. Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time. On-Demand Recording purchases will not be refunded as it is available for immediate streaming. However if you are not able to view the webinar or you have any concern about the content of the webinar please contact us at below email or by call mentioning your feedback for resolution of the matter. We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email [email protected] call +1-888-717-2436 (Toll Free).




6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube


Copyright © 2021 ComplianceOnline.com MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method