New Guidance on De-Identifying Protected Health Information under HIPAA
|Speaker||:||Brian L Tuttle|
This webinar provides guidance on how to ensure that data is "de-identified", also methods and approaches to achieve de-identification in accordance with the HIPAA Privacy Rule. De-identification standard is meant to balance the importance of making data available and protecting the privacy of the individual's information.
This webinar will be addressing the ins and outs of identifying what is and what is not PHI, proper ways to disclose this information, common sense security methods, what we can and can't do under HIPAA relating to disclosures, and how to properly investigate a breach (or a suspected breach). We will also be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur.
It will also address major changes under the Omnibus Rule and any other applicable updates relating to protected health information Additional areas covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT. The primary goal is to ensure everyone is well educated on what is a myth and what is a reality with this law, there is so much misleading information all over regarding the do's and don'ts with HIPAA -I want to add clarity for compliance officers.
I will uncover myths versus reality as it relates to this very enigmatic law based on over 1000 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life litigated cases I have worked where HIPAA is being used to justify state cases of negligence -THIS IS BECOMING A HUGE RISK! In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).
Why Should You Attend:
Are you clear on what constitutes identifiable health information vs none identifiable health information? It can be very confusing and frustrating to say the least. Since the HIPAA Omnibus Final ruling, the Federal government has expanded the definition of what constituted PHI.
Is your staff trained to understand the new risks and definitions?
- Do you have written policy in place relating to this?
- Do you have an effective HIPAA compliance program?
- New laws and funding mean increased risk for both business associates and covered entities!
- HIPAA Omnibus -Do you know what's involved and what you need to do?
- What does Omnibus mean for covered entities and business associates?
- Why should you be concerned?
- Court cases that are changing the landscape of HIPAA and patient's ability to sue!
TRIAL ATTORNEYS ARE MORE DANGEROUS THAN THE FEDERAL GOVERNMENT!!
It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to what we need to do as compliance officers. You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.
Areas Covered in the Session:
- What is PHI
- What constitutes identifiable PHI
- What is "de-identified" PHI
- How to investigate a possible breach and conclude whether the incident constituted a breach or not
- How to properly notify if a breach occurs
- Requirements of Compliance Officers
- Real life litigated cases
- Portable devices
- Business associates and the increased burden
- Emailing of PHI
- Texting of PHI
- Federal Audit Process
- HIPAA and suing -how this works
- Risk Assessment
- Best resources
Who will Benefit:
- Practice Managers
- Any Business Associates who work with Medical Practices or Hospitals (i.e. Billing Companies, Transcription Companies, IT Companies, Answering Services, Home Health, Coders, Attorneys, etc)
- MDs and other Medical Professionals
Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 18 years' experience in Health IT and Compliance Consulting. With vast experience in health IT systems (i.e. practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 18 years’ experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as compliance consultant and has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.
In addition, Mr. Tuttle has served in multiple litigated court cases serving as an expert witness offering input related to best practices and requirements for securing and providing patient access to protected health information. Mr. Tuttle has also worked directly with the Office of Civil Rights (OCR) both in defending covered entities and business associates as well as being asked by the Federal government to audit covered entities and business associates on behalf of the OCR.
Brian is well known and highly regarded in medical circles throughout the United States for his quality work and down-home southern charm. Mr. Tuttle has a Master's Degree in Health Sciences from Georgia State University and works nationally out of Kennesaw, GA.