Overview:

This session provides a comprehensive examination of your organization's information technology infrastructure and its direct relationship with the HIPAA/HITECH Security Rule, with a specific focus on securing Protected Health Information (PHI) during electronic transmission.

We will analyze real-world examples and common scenarios, offering practical and straightforward solutions. Key topics will include the secure use of texting, email, encryption, medical messaging platforms, voice data, and personal devices, along with a clear assessment of associated risk factors. The presentation will separate common myths from regulatory realities, drawing on insights from over 1000 risk assessments and direct experience with Office for Civil Rights (OCR) audit protocols.

I will share specific expertise gained from 18 years as an external compliance auditor and expert witness in HIPAA-related legal proceedings, including a detailed explanation of how patients can now seek financial damages for wrongful disclosures of their health information. Most critically, I will demonstrate proactive strategies and best practices to effectively mitigate these risks.

It is essential to approach online HIPAA guidance with caution, particularly concerning IT and encryption, as some sources promote solutions that exceed actual regulatory requirements.

Why you should Attend:

Are you navigating conflicting information about HIPAA compliance and unsure of what is truly permitted? This session is designed to provide definitive clarity. Significant misunderstanding exists around the transmission of PHI and the specific obligations for Covered Entities and Business Associates.

Understanding the latest enforcement trends from the Department of Health and Human Services is critical, especially as they apply to portable devices, texting, email, and other common methods of transmitting PHI. You will learn how to reduce your audit profile and minimize the threat of lawsuits stemming from inadequate IT practices. Having served as an expert witness in cases where organizations were sued for insufficient risk management, I can confirm that the litigation risk from private attorneys now often surpasses that from federal regulators.

Areas Covered in the Session:

• Regulatory Updates for 2024

• Bring Your Own Device (BYOD) Policies and Management

• Developing and Enforcing Personal Device Policies

• Security Best Practices for Portable Devices

• Guidelines for Secure Texting by Healthcare Providers

• Implementation of Practical, Real-World Solutions

• The Expanding Compliance Burden on Business Associates

• Secure Methods for Emailing PHI

• Secure Methods for Texting PHI

• Understanding the Federal HIPAA Audit Process

Who Will Benefit:

• Practice Managers

• Medical Professionals (Physicians, Nurses, Therapists, etc.)

• All Business Associates serving the healthcare sector, including:

  • Billing and Transcription Companies

  • IT and Answering Services

  • Home Health Agencies

  • Medical Coders

  • Legal Counsel