Part III: Longterm Care Facility Residents' Privacy and Access to Medical Records
From patient privacy complaints to cybersecurity attacks and breaches, the HIPAA-related compliance challenges facing covered entities can seem overwhelming. The Department of Health and Human Services Office for Civil Rights (OCR), the agency responsible for enforcing the HIPAA Rules, recently announced an enforcement initiative targeting covered entities that fail to provide patients with access to their records. In 2019, OCR also updated the penalties for breaches and publicized several multi-million dollar settlements against a variety of covered entities ranging from hospital systems to small dental practices. In this webinar, we will provide an overview of OCR’s recent enforcement activities, including insight on how to interpret the recent settlement agreements and incorporate “lessons learned” into your organization’s compliance work plan. We will also review the breach investigation and reporting requirements applicable to longterm care facilities and suggest strategies to ensure your organization responds appropriately to HIPAA-related incidents. Finally, we will provide suggestions on performing a HIPAA risk analysis to help your organization focus on its top privacy and security risk areas.
The regulatory landscape for providers of post-acute care has changed dramatically in recent months. New requirements of participation for longterm care facilities, promulgated by the Centers for Medicare & Medicaid Services (CMS) in 2016, have been implemented in three phases, with the last and arguably most significant set of changes implemented in November 2019. On October 1, 2019, and January 1, 2020, respectively, CMS implemented new “patient-driven” Medicare payment methodologies for skilled nursing facility services (SNF) and for home health services.
This series of four sixty-minute webinars will provide information and guidance to post-acute care providers on emerging topics relating to the revised requirements of participation and Medicare payment methodologies. Three of the webinars will focus on provider policies that will be under increased scrutiny as a result of the revised requirements of participation: compliance and ethics programs, emergency preparedness plans, and policies and procedures related to patient/resident privacy and information. One webinar will provide an overview of the Patient-Driven Payment Methodology (PDPM) for SNF services and the Patient-Driven Groupings Methodology (PDGM) for home health services, as well as identifying key compliance risks associated with the implementation of these methodologies. Each webinar will provide practical advice on how longterm care facilities and other post-acute care providers can most effectively develop and implement policies to respond to the new or revised requirements, and to strengthen the patient experience and patient care.
- Privacy and Security Officers
- Compliance Officers
- Program Directors
- Operations Staff
After this webinar, you will be able to:
- Understand OCR’s process for auditing and investigating covered entities
- Identify recent enforcement trends and develop strategies to mitigate your organization’s risk
- Review the breach investigation and reporting requirements for longterm care facilities
A Partner in the firm’s health law practice group, Molly advises health centers on the management of clinical, employment and workforce-related risks, with a particular focus on professional liability, Federal Tort Claims Act, and HIPAA matters. From her experience as both a private attorney and in-house counsel, Molly knows the importance of managing liability and risk issues in mission-driven organizations. [Full Bio]
SUSANNAH VANCE GOPALAN
Susannah is a Partner in the firm’s health law practice group where she focuses on health care litigation and regulatory counseling, with a focus on Medicaid and Medicare payment, financing, and compliance issues. Susannah brings regulatory expertise to bear when advising clients and pursuing litigation on their behalf. She has experience negotiating Medicaid waivers and managed care arrangements on behalf of providers, provider associations, and governmental entities. She represented a group of providers in reaching a settlement in major Medicaid litigation. [Full Bio]
As Partner and Compliance Counsel with the firm’s health law practice group, Dianne advises health centers on implementing effective compliance programs and on addressing top compliance risk areas. Dianne counsels health centers and other organizations on developing compliance programs that include the OIG’s seven elements, respond to identified compliance risk areas, and reflect the organization’s culture. Dianne also advises health centers and other organizations on patient privacy and confidentiality, including the HIPAA Privacy Rule and 42 CFR Part 2. She has experience responding to privacy and security incidents, including determining whether there has been a breach, notifying patients and the government, and creating corrective action plans. [Full Bio]
Certificates of Attendance: We verify attendance upon completion of a webinar (live or recorded version) and will only issue certificates in the name of the account holder enrolled in the course. If you need to document attendance for someone other than the account holder, we provide blank Certificates of Attendance for a supervisor to sign and certify that a different individual viewed the course.
Group Attendance: Due to the online nature of webinars, we cannot verify participation by more than one person. For groups, we provide an attendance record form and blank Certificates of Attendance to record attendance at a group viewing session and document each individual's participation. We recommend that a supervisor or colleague sign the certificate to certify attendance.
Read more about maintaining an attendance record in our FAQs.
- 1.00 Certificate of Attendance
The webinars in this course are only available as an entire webinar series. Registering for this series grants you complimentary access to both the live and on-demand versions of all the included webinars. The on-demand version of each webinar will be available in your account within two (2) business days of each live session and you will have access to the recordings for 180 days after the conclusion of Part IV. Once posted to your account, you can view each webinar anytime on-demand during the access period. For additional information on viewing and accessing webinars, view our full terms and conditions here.
This webinar series is complimentary for all users. To register, click the gray Take Course button found under the Overview or Register tabs.
Google Chrome and Mozilla Firefox are the preferred browsers.