Business Associates and Covered Entities

Audio Conference on CD or Audio On-Demand

Sponsored by the HIPAA E-Learning Library and Guide to HIPAA Auditing, Second Edition

A program for security, privacy, and compliance officers, and business associates

presented on July 29, 2009

The HITECH Act (part of the American Recovery and Reinvestment Act) – signed into law by President Barack Obama February 17 -- requires business associates (BAs) of covered entities to comply with the HIPAA Security Rule and the sections of the Privacy Rule laying out the requirements around how PHI can be used and disclosed. That means major changes in the working relationship between the covered entity and the BA, changes that must be recorded into their existing contracts, per the HITECH.

Congress also included new breach notification laws. BAs must notify covered entities of individual breaches, and HHS and the media for breaches of 500 patient records or more. The cost for non-compliance with the new regulations can be steep – up to $1.5 million in fines in a given year for each type of violation and potential horrific publicity.

HCPro presents this 90-minute audio conference featuring Chris Apgar, CISSP, and John R. Christiansen, JD. They walk you through the law, explain new categories of BAs now impacted by the law, and help you develop a plan of action to review and revise existing contracts and develop new ones you need to ensure your organization is covered.

LEARNING OBJECTIVES

1. Explain the contract requirements from a business associate perspective and/or a covered entity perspective
2. Conduct a gap analysis on your current contracts
3. Describe the regulations regarding breach notification
4. Demonstrate practical steps on how to implement the required contract changes, handle breach notifications, and adapt to upcoming HHS regulation deadlines

TAKE A LOOK AT THE AGENDA:

1. New contract requirements
1. The new definition of a BA and new categories of BAs
2. What HITECH means for BAs and covered entities
3. HHS regulatory deadlines
2. Potential penalties
1. Who is exposed
2. OCR and CMS are required to conduct audits
3. Extension of jurisdiction to State Attorneys General
4. Steep monetary penalties
3. Gap analysis:  Existing contracts vs. what you should have
1. With whom do you have existing contracts?
2. Is there a contract for everyone that should be a BA?
3. Are there others that you need to remove from your database?
4. Which ones are you missing, including new categories of BAs?
4. Rollout
1. Templates of a full BA contract and addendum
2. What to include: a practical, step-by-step walk-through
3. How to integrate with FTC’s Red Flag Rule requirements
5. Security breach notifications
1. Timelines and what you need to do now
2. Action steps if you have an incident
3. Immediate and annual HHS reporting requirements.

A question and answer session follows the presentation.

MATERIALS

In addition to the expertise and advice presented during this audio conference, you'll also receive a slide presentation of the program materials and:

• Two white papers on HITECH from HCPro
• Gap analysis tool/checklist
• Sample language for key provisions of business associate contracts, contract addendum and Red Flag Rule
• Incident responsibility coordination policy
• List of online resources

These materials are provided with PDF links.

MEET THE SPEAKERS

Chris Apgar, CISSP, is president of Apgar & Associates, LLC in Portland, OR, an independent consulting firm specializing security, privacy, and regulatory compliance. He is a nationally recognized information security, privacy and HIPAA expert, a member of the Workgroup for Electronic Interchange (WEDI) Board of Directors, and a member of the team working with the US Department of Health & Human Services and the State of Oregon to develop national privacy and security standards to assist in confidential and efficient electronic health record exchange.

John R. Christiansen, JD, practices health information technology law in Seattle at Christiansen IT Law, and focuses on IT contracting, implementation, management and compliance. He is a technical advisor to the Health Information Security and Privacy Collaboration, and former member of the American Bar Association’s Committees on Healthcare Privacy, Security and Information Technology and Healthcare Informatics. He is chair of the Health Information Trust Business Associates Working Group, the American Bar Association’s HITECH Business Associates Task Force, and speaks and writes frequently on health IT topics.

WHO SHOULD LISTEN?

Privacy, security, and compliance officers; all business associates who work with a covered entity handling patients’ protected health information (PHI), such as attorneys, consultants, trading partners, collection agencies, third party administrators etc.

AUDIO ON-DEMAND

In addition to the regular purchase options for HCPro audio conferences, we are pleased to offer another option, audio on-demand. Audio on-demand allows you to download the program and play it back at your convenience through your computer or MP3 player. Purchase a CD or audio on-demand of the program and listen when you can. It's also a perfect training tool for new staff or as a refresher for veteran staff.

• Audio Conferences

• Other Health Information Management Products
• Other Revenue Cycle Products