HIPAA SUMMIT OVERVIEW
Our healthcare system is in critical condition; its costs are out of control, and it's failing to keep us healthy. We spend twice as much on healthcare per person as the next highest cost country, yet American healthcare is falling short on basic dimensions of quality, outcomes, costs, and equity.
As described in the 2012 Institute of Medicine (IOM) report, Best Care at Lower Cost: The Path to Continuously Learning Health Care in America, achieving their vision of continuously learning health care will depend on broad action by the complex network of individuals and organizations that make up the current health care system, including you. We must work together to achieve two overarching imperatives: to manage the health care system's ever-increasing complexity, and to curb ever-escalating costs. These goals are dependent on the ubiquitous implementation of electronic health records (EHRs), supported by health information exchanges, to enable the nationwide interoperability of health information to evolve. This fluid exchange of patient data also requires careful management of the inherent risks to the confidentiality, integrity, and availability of patient health information.
The legal footings for this evolution started with the Administrative Simplification Subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) which required the adoption and implementation of standards for administrative transactions, code sets, identifiers, security, and privacy. The Health Information Technology for Economic and Clinical Health (HITECH) Act, (part of the American Recovery and Reinvestment Act of 2009) made the Office of the National Coordinator for Health Information Technology (ONC) a part of statutory law and provided financial incentives and support for a roll out of EHR systems and use of electronic clinical information exchanges. In addition, HIPAA requirements for privacy and security were enhanced, and the Secretary of the Department of Health and Human Services (HHS) was directed to undertake "the development of a nationwide health information technology infrastructure that allows for the electronic use and exchange of information and that ensures that each patient's health information is secure and protected." HHS also promulgated regulations requiring the adoption of updated versions of the transaction standards and the use of ICD-10 coding.
Then Congress enacted the Patient Protection and Affordable Care Act and the Health Care and Education Reconciliation Act of 2010. Together, this Affordable Care Act (ACA), also known as "Obamacare," pushed the healthcare industry even further in the direction of expanded use of health information technology. In 2013 HHS published what is known as the Omnibus HIPAA final rule with modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules as required by the HITECH Act and by the Genetic Information Nondiscrimination Act of 2008 (GINA); and to make certain other modifications to the HIPAA rules to improve their workability and effectiveness and to increase flexibility for and decrease burden on regulated entities. These developments affect most aspects of healthcare, and everyone connected professionally with healthcare must understand these changes and what will be required in order both to benefit from and to comply with these new legal requirements.
All of these developments create substantial compliance challenges for HIPAA covered entities and their business associates and subcontractors, which are now directly covered by HIPAA. Hospitals, clinical organizations, health plans including health insurance companies, physicians, and all other covered entities must implement, update and train their workforces regarding the HIPAA, HITECH, and Omnibus rules generally, as well as institution specific policies and procedures including corporate compliance programs. Complex requirements regarding data breaches now must be included in the policies and procedures, and in training programs. Health plans will be at risk for new and significant financial penalties under ACA certification requirements. Outsourcing of healthcare IT is complicated by new requirements for agreements and compliance by contractors.
HIPAA enforcement activity has recently increased dramatically. From September 2015 through April 2016, HIPAA settlements have been coming out at a pace of more than one a month. Moreover, the dollar amounts involved are significant: $750k, $3.5M, $750k, $240k, $1.55M, $3.9M, $750k, and $2.2M.
Round 2 HIPAA audits have begun. This new program of performance audits measuring the compliance of HIPAA covered entities and business associates with the Privacy, Security and Breach Notification Rule standards promises a vigorous effort that will capture large segments of the health care over a stretch of a number of years.
Security breaches in the health care sector have skyrocketed and now the ransomware threat looms large in health care. Securing information systems that are the foundation of health care enterprises from outside forces that present with a far more complex environment making the need for effective information security of information systems a larger business imperative in order to meet a 21st century threat. The key to a successful security program requires an understanding of cyber threats, strategies for detection and avoidance, an integrated and multifaceted approach across every organization that handles health information, and an appreciation for the real risks to the business of healthcare.
The HIPAA Summit will provide the most up-to-date information on the new laws and regulations. Comprehensive presentations by leading regulators from the Centers for Medicare & Medicaid Services, the Office for Civil Rights, the Office of the National Coordinator for Health Information Technology, the National Institute for Standards and Technology and the Federal Trade Commission will provide unique insights. Private sector leaders will add practical advice from their many experiences in implementation. This HIPAA Summit will address privacy, security, cybersecurity data breach changes and challenges, and the legal and policy issues implicated, as well as electronic health record adoption issues. It will also cover developments and requirements for transactions, code sets, and operating rules and how they are being implemented. Training sessions for HIPAA privacy and security professionals, as well as those responsible for HIT, EHR, HIE, Operating Rules and/or Data Analytics, who intend to apply for certification are also available.
Please join us as we work together to bring the IOM vision into reality.
WHO SHOULD ATTEND
- Understand the basics of HIPAA, HITECH, and ACA laws and regulations, and the effect of healthcare reform on health information exchange.
- Obtain up-to-date information about recent changes to the HIPAA regulations.
- Update covered entities and business associates regarding HIPAA requirements.
- Learn what HIT contractors and subcontractors must do to become compliant.
- Outline the next generation of privacy and security compliance strategies, and how these affect electronic health record adoption and interoperability.
- Provide information on what you need to know now about the OCR HIPAA program and tools you can use to prepare.
- Equip healthcare organizations with the knowledge and practical applications to achieve "audit readiness."
- Learn security breach analysis and notification strategies, and understand encryption.
- Offer insights into HIPAA privacy and security compliance best practices.
- Understand the operational efficiency opportunities for providers and health plans supported by the operating rules.
- Analyze industry implementation of ICD-10 and operating rules, and articulate strategies for compliance.
- Learn about the operations efficiency opportunities for providers and health plans supported by the operating rules.
- Gain expertise in the evaluation, selection and adoption of electronic health record systems.
- Anticipate operational issues and learn best practices in electronic health record implementations.
- Explain the current cybersecurity landscape in healthcare, including recent and emerging trends.
- Identify the risks posed to provider organizations by cyberattacks, and offer strategies for mitigating that risk.
- Prepare attendees for professional HIPAA privacy and security certification examinations.
- Prepare attendees for professional HIT, EHR, HIE and Operating Rules certification examinations.
- Privacy Professionals
- Security Professionals
- Physicians and Other Clinicians
- Hospital and Nursing Home Executives
- Health Plan Professionals
- Employers and Healthcare Purchasers
- State, Regional and Community-Based Health Information Organizations
- Public Health Officials
- Pharmaceutical, Biotechnology and Medical Device Manufacturers
- Healthcare IT Consultants, Contractors, Suppliers and Vendors
- State and Federal Policy Makers
- Health Services Researchers
- Chief Executive Officers
- Chief Operating Officers
- Chief Technology Officers
- Chief Financial Officers
- Compliance Officers
- Health Law Attorneys and Accountants
- Medical Directors
- Managed Care Professionals
- Medical Group Managers
- Data Managers
- Ethics Officers
- Health Insurance Executives
- Government Agency Employees
- Health Administration Faculty
- Accountable Care Organization Personnel
- Financial Treasury Services Executives
- Revenue Cycle Managers
- Health Information Exchange Participants