2018 HIPAA Compliance
Virtual Boot Camp
Presented By: Jim Sheldon-Dean
Duration: 240 minutes
Buy Now
Medical offices have powerful new tools available to them for reaching out to their patients for purposes such as reminders and the announcement of new services, and to describe products and services that patients could be interested in. Texting and e-mail offer new opportunities for communication that patients are coming to expect and providers are eager to use. However, there are limitations on the use of protected health information (PHI) for continuation of care versus marketing purposes, and limitations under other laws such as the Telephone Consumer Protection Act of 1991 (TCPA), the CAN-SPAM Act that limit contacting patients on their cell phones, via texts, or email.

There are times when it is useful and/or important to share health information. However, it is also important to protect the identity of the individuals whose information is involved. Such circumstances call for de-identification of PHI, which is not an easy process. Sometimes, for research purposes, a partially de-identified Limited Data Set may be needed. De-identification must be considered carefully, especially since HIPAA requirements for de-identification do not allow the use of patient initials to “de-identify” information.
Session Details
Session 1: 2018 HIPAA Issues in Patient Communications: Texting, E-mail, Reminders, and Marketing Done the Right Way

Length: 90 Minutes

There are many ways to go wrong when it comes to patient communications, and marketing using texting and e-mails is full of opportunities for missteps. Therefore, it is important to know what the limitations and requirements are before you start.

This session will focus on reaching out to patients to provide them with information about products and services you provide. You will understand how such communications may be conducted, depending on the relationship and the information.
Session 2: 2018 De-Identification of Protected Health Information: Removing Identifiers of PHI is Harder than it Looks

Length: 60 Minutes

Health information is afforded all kinds of protections under HIPAA regulations but once the health information is de-identified, it is no longer protected under HIPAA and can be used or disclosed without limitation. The problem is that de-identification of PHI is harder than it looks.

Truly de-identifying information is not a simple or foolproof process. Oftentimes the context of the information or the uniqueness of information can give away the identity of the patient. If information is not properly de-identified and released inappropriately as a result, it can result in fines and corrective action plans that can reach into millions of dollars. The right process needs to be followed to ensure that data that is shared is shared appropriately. With increasing demands for sharing information in 2018, it is essential to understand how to do so correctly, and within the regulations.
Session 3: 2018 HIPAA Security Rule Risk Analysis, Policies, and Procedures: Being Prepared and Avoiding Security Incidents

Length: 90 Minutes

The HIPAA Security Rule has some basic requirements for risk analysis and risk management, but also includes numerous physical, technical, and administrative safeguards that must be addressed in policy and procedure. Tackling these requirements individually can result in dozens of new policies.

This session will focus on the conduct of an information security risk analysis, as required under the HIPAA Security Rule, and development and implementation of the necessary policies and procedures for HIPAA Security Rule compliance. It will explore the suggested ways a risk analysis may be conducted, and the tools that may be used.
Who Will Benefit?
  • Personnel involved in, interested in, or responsible for patient communications, information management, and privacy and security of protected health information under HIPAA, including:
    • Compliance directors
    • CEOs
    • CFOs
    • Privacy officers
    • Security officers
    • Information systems managers
    • HIPAA officers
    • Chief information officers
    • Health information managers
    • Healthcare counsel/lawyers
    • Office managers
    • Contracts managers
  • Personnel in health information management, information security, and patient relations:
    • Compliance officers
    • Privacy and security officers
    • Leadership and staff
  • Staff in patient intake and front-line patient relations
About Our Speaker
Jim Sheldon-Dean Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. Jim is a frequent speaker regarding HIPAA, which includes speaking engagements... Read More

Download Conference Material:

Buy Now