Areas Covered in the Session:
* Learn about the new requirements for HIPAA Business Associates
• Find out what is changing in the regulations for Business Associates
• Learn how the definition of BA has been significantly expanded
• Learn what goes into a proper Business Associate Agreement
• Find out about the new, higher enforcement penalties
• Learn about the new violation categories
• Learn about being prepared for a HIPAA Compliance Audit
I. Old Ways, New Ways - Changes to the Rules
A. Origins of Changes to Business Associate Rules
B. New Definitions of Business Associates
C. Contractors of Business Associates
II. New Requirements and Changed Requirements for HIPAA Business Associates
A. HITECH Act Required Capabilities
B. Required Amendments to BAAs
C. BAA Provisions to Consider
D. Transitioning to the New Rules
III. Enforcement and Audits
A. New HIPAA Violation Categories
B. New HIPAA Penalty Structure
C. Preparing for HIPAA Audits
Why should you Attend:
In the past, business associates of HIPAA covered entities were not directly covered under HIPAA and were required to conduct themselves only according to the contract with the covered entity being served. The American Recovery and Reinvestment Act of 2009 (ARRA) establishes new requirements for business associates (BAs) who handle the protected health information of covered entities under HIPAA. In addition, Federal Breach Notification requirements for health information directly impact the relationship of covered entities, business associates, and their subcontractors.
New HIPAA regulations being finalized in 2012 put HIPAA business associates and their subcontractors directly under the HIPAA rules and make them responsible for the privacy and security of the information they handle, as well as liable for violations under the rules. Now BAs will need to be in compliance with HIPAA Privacy and Security protections, and must also treat all their contractors as BAs as well, meaning that new agreements must be established between parties that have not formerly been required to have formal agreements, and existing agreements must be amended. And the business associate definition now is expanded to include entities such as health information exchanges, regional health information organizations, and e-prescribing gateways.
Under the proposed regulations, specific language must be incorporated in all HIPAA BA agreements, and ARRA requires that business associates can be subject to random compliance audits by the US Department of Health and Human Services. HIPAA breach notification requirements enacted in 2009 also apply to business associates, which means that all existing agreements must be examined to ensure that liability, indemnification, and notification are properly covered in the agreements.
Description of the topic:
• The new HIPAA Business Associate rules change the game for HIPAA compliance responsibility. We will discuss how the responsibilities have changed and how the changes affect both Business Associates and Covered Entities. Not only have the rules changed, but also there are new kinds of businesses now covered as HIPAA BAs such as Health information exchanges, e-prescribing initiatives, patient safety organizations, and now even the subcontractors of Business Associates, greatly expanding the pool of entities directly under Federal health care regulation.
• The new rules require updating all existing Business Associate Agreements (BAAs). We will discuss what goes into a compliant HIPAA Business Associate agreement, including what's required and what's advisable to protect parties in the event of breaches. The new regulatory language for HIPAA business associates will be explained and discussed. How a BA deals with making their contractors BAs under the new rules will be examined, and the chain of Business Associate relationships will be discussed.
• The new responsibilities for business associates will be explored, as well as the new liabilities for business associates under the rules. In essence, Business Associates are now subject to the same Security Rule safeguards, and restrictions on uses and disclosures under the Privacy Rule, as Covered Entities, and are equally as responsible for adopting BAAs and equally subject to penalties for violations.
• What goes into a compliance plan will be discussed and we will discuss how to develop your compliance plan and how to prepare for a HIPAA audit. Showing your compliance is a matter of showing that you have adopted sufficient policies and procedures, and that you have been using them through documented actions.
• The new HIPAA penalty structure will be discussed, including new criminal penalties for individuals involved with wrongful disclosures, new mandatory penalties for willful neglect of compliance (starting at $10,000 and going up), and the new, four-tier penalty structure and definitions.
• The session will provide attendees the following tools, benefits, and solutions:
- The audience will learn how business associates are now handled under the law and the proposed regulations and what has changed from the old rules.
- The suggested and required content for a compliant business associate agreement will be presented.
- Issues of how to assign liability and costs in the event of a breach will be discussed.
- Current BAs will learn what they have to do to get their contractors established as their business associates.
- BAs will discover the new obligations on them to ensure their clients comply with HIPAA in their dealings with the BA.
- BAs will learn how to be prepared for compliance audits and avoid the mandatory penalties for willful neglect of compliance.
Who will benefit: The designations
Information Systems Manager
Chief Information Officer
Health Information Manager
For more Detail
For any assistance contact us at firstname.lastname@example.org or call us at 877.782.4696