HIPAA and Patient Access to Records—Poor Access Processes Can Lead to Penalties

Event Information
Product Format
Prerecorded Event
60 minutes
Product Description

New Patient Access Rights and Regulations Under CLIA and HIPAA and Latest Guidance from HHS OCR.

HIPAA has expanded the patient rights and has included several new rights to access. Recently, guidance on access of records has also been issued—the guidance gives out detailed information on how to provide access, what must be charged for the fees, and what are the rights of an individual when it comes to accessing information. The changes to rules regarding patient access of records are required to be reflected in the policies and procedures of every healthcare organization.

HIPAA has now started to provide individual rights for electronic copies of records that are held electronically. Under the Clinical Laboratory Improvement Amendments (CLIA) and HIPAA, patients also have new rights to directly access test results from the labs creating the data. The labs that did not deal directly with the patients before, are now required to create patient-facing operations, and how sensitive results are communicated to patients needs to be considered.

In addition to that, HHS has released new explanations about treating access to information pertaining to mental health and minors, which also includes considering patient requests and safety issues of the patient and others.

However, the focus of HIPAA Audits in 2016 was on proper patient access to information as a significant compliance problem, and it is expected that the upcoming HIPAA Audit program will include reviews of patient access policies and practices. It is also expected that HHS will focus on current access issues, regarding the costs to individuals to access records and the proper handling of denials of access.

All HIPAA-covered providers are required to review their HIPAA compliance, policies, and procedures to see whether they are prepared to be in full compliance and meet the requirements of the changes in the rules. Compliance is required and violations for willful neglect of the rules carry huge fines and penalties. Not only are the compliance rules changed, but the enforcement rules have changed, with a new four-tier violation schedule with increased fines, and mandatory fines for willful neglect of compliance that start at $10,000 even if the problem is corrected within 30 days of discovery.  Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000 and can reach $1.5 million for any particular violation. Any reports of willful neglect are required to be investigated under the law. Even violations for a reasonable cause or with reasonable diligence taken are subject to penalty.

Join this session by expert speaker, Jim Sheldon-Dean, where he will discuss the new access rights under HIPAA and CLIA regulations. Learn about the 2016 guidance from the HHS Office of Civil Rights, including the additional updates to the guidance, so that access can be provided according to the rules. Jim will review issues on provision and denial of access, fees, and access of mental health records, as well as access of mental health records of minors. You’ll also learn about the HHS guidance and information on dealing with law enforcement requests for information on alleged violators of the law.

Additionally, Jim will review new regulations and analyze their effects on usual practices, and explain what policies need to be changed and how. You will learn what policies and evidence you may need to produce if you are audited by the HHS Office of Civil Rights. Plus, you’ll get tips and best practices to avoid penalties and make sound compliance decisions.

Session Highlights

  • New access rights under HIPAA and CLIA regulations
  • Extensive new guidance from the HHS Office of Civil Rights on access of PHI
  • Guidance from HHS regarding access of mental health information and minors' information
  • What the regulations call for and what processes must be in place for the proper approval and denial of access as appropriate
  • Required process for the review of certain denials of access
  • How e-mail and texting should be handled, what can go wrong, and what can result when it does
  • HIPAA requirements for access and patient preferences, as well as the requirements to protect PHI
  • Training and education that must take place to ensure your staff handles access requests properly
  • How the HIPAA audit and enforcement activities are now being increased and what you need to do to survive a HIPAA audit

Session Agenda

  • HIPAA privacy and security rules
  • PHI, uses, disclosures, and designated record set (DRS)
  • HIPAA right of access
    • Denial of access
    • The access process
    • Access and individual preferences
  • Calculating/evaluating risk
  • Communications and access guidance
  • Guidance on access regarding mental health and minors
  • What are the HIPAA considerations
  • E-mail, texting and security
  • Policy on using insecure communications with patients
  • 2016 guidance
    • General right of access
    • Requests for access
    • Providing and denying access
    • Right to direct to another person
  • What is a breach under HIPAA?
  • What is a HIPAA audit?
  • Audit your own compliance
  • Training, education and documentation

Who Should Attend

  • Compliance Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Medical Office Manager
  • Medical Practice Lawyer
  • CFO
  • CEO
  • COO
  • Privacy Officer
  • Information Security Officer

Ask a question at the Q&A session following the live event and get advice unique to your situation, directly from our expert speaker.

Order Below or Call 1-844-384-4744 Today

We Also Recommend
Order Form

(Select the format below)

Choose Quantity:

(*) Single User Price

You can also order through:




About Our Speaker

Jim Sheldon Dean - HIPAA Compliance & Regulations Expert

Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...   More Info
More Events By The Speaker

Why ProfEdOnDemand?
  • Save money on travel.
  • Meet your specific training needs.
  • Keep learning after the event.
  • Save time training your whole staff.
Join Our Mailing List