The Office for Civil Rights (OCR), the arm of the U.S. Department of Health & Human Services that enforces the HIPAA privacy and security rules, has been active in the past few months providing informal guidance and clarifications of existing rules. In addition, OCR’s enforcement activities are continuing, including a $2.3 million settlement of alleged violations, although the HIPAA Phase 2 audit program seems not to have generated any results or guidance yet and might be “on hold.” Perhaps most worrisome, the new head of OCR reportedly said that he is looking for a “big, juicy case” to be his priority in HIPAA enforcement. Among other informal guidance from OCR in the past year, the agency continues to address disclosures to family and friends of individuals involved in natural disasters and other catastrophes, as well as disclosure of information relating to mental health and substance use. During 2017, OCR’s monthly cybersecurity newsletters addressed important topics including steps to ensure security of Protected Health Information (PHI) when traveling or during holiday periods, security of mobile devices that hold or access PHI, the dangers of insider threats, and best practices when terminating an individual’s access to PHI. In January 2018, OCR addressed the Meltdown and Spectre computer chip vulnerability issues.
Join Christine Williams, founder of Health Plan Plain Talk, as she reviews OCR’s new guidance and enforcement activity and explains the implications for employer-sponsored health plans, as well as steps plans should take to achieve or ensure compliance.
This webinar will cover:
- The background on the $2.3 million settlement of alleged HIPAA violations and what lessons health plans can learn from it
- How the mental health and substance abuse guidance clarifies past guidance, and how the HIPAA rules differ from other rules administered by HHS
- The status of the Phase 2 audit program
- How the Meltdown and Spectre vulnerabilities should be addressed
- OCR’s reminders about protecting PHI on mobile devices and during holiday periods
- OCR’s advice regarding phishing scams and how employees should be trained to avoid them
- The importance of quality training for workforce members who have access to PHI
- How HIPAA applies to employer-sponsored wellness programs
- The importance of the HIPAA basics — including business associate agreements, the security assessment, up-to-date policies and procedures, and documentation of all compliance material
- And much more!
Continue by clicking on the following link: