Overview:

This session provides an in-depth exploration of your practice's information technology infrastructure and its critical relationship with the HIPAA/HITECH Security Rule, particularly concerning the protection of Protected Health Information (PHI) during transmission.

We will navigate through various real-world examples and specific scenarios, offering straightforward, practical solutions. Key areas of focus will include secure texting, email communication, encryption standards, medical messaging platforms, voice data, the use of personal devices, and identifying potential risk factors. The presentation will distinguish common myths from regulatory realities, drawing from insights gained in over 1000 risk assessments and direct experience with Office for Civil Rights (OCR) audit protocols.

I will share specific knowledge gained from 17 years as an outsourced compliance auditor and expert witness in HIPAA-related legal cases, explaining the mechanisms that now allow patients to seek financial remedies for the wrongful disclosure of their health information. Most importantly, I will demonstrate how to mitigate these risks through proactive measures and the implementation of industry best practices.

It is crucial to navigate beyond common online misconceptions about HIPAA, especially regarding IT and encryption, where some entities may advocate for solutions that exceed actual regulatory requirements.

Why you should Attend:

Are you struggling with the conflicting information surrounding HIPAA compliance and what is truly permissible? This session is designed to provide definitive answers. Significant confusion exists around the transmission of PHI and the specific obligations for both Covered Entities and Business Associates, including what actions to avoid.

Understanding the latest enforcement trends from the Department of Health and Human Services is critical, particularly as they apply to portable devices, texting, email, and other methods of transmitting PHI. You will learn how to reduce your audit profile and minimize the risk of lawsuits from individuals affected by poor IT practices. As an expert witness in cases where organizations were sued for insufficient risk management, I can attest that the litigation threat from private attorneys often exceeds that from federal regulators.

Areas Covered in the Session:

• Regulatory Updates for 2024

• Bring Your Own Device (BYOD) Policies

• Developing Effective Personal Device Policies

• Best Practices for Managing Portable Devices

• Secure Texting for Healthcare Providers

• Implementing Practical, Real-World Solutions

• The Increased Compliance Burden on Business Associates

• Secure Email Transmission of PHI

• Secure Texting of PHI

• Understanding the Federal HIPAA Audit Process

Who Will Benefit:

• Practice Managers

• Medical Professionals (MDs, DOs, Nurses, etc.)

• All Business Associates serving healthcare providers, including:

  • Billing and Coding Companies

  • IT and Managed Service Providers

  • Transcription Services

  • Answering Services

  • Home Health Agencies

  • Legal Firms

• Any individual who handles Protected Health Information (PHI), directly or indirectly