The privacy and security requirements under the Health Insurance Portability and Accountability Act (HIPAA) are complex and present special challenges for employers that sponsor health plans. The U.S. Department of Health & Human Services (HHS) has been active in auditing and investigating compliance with the privacy and security requirements, with penalties and settlements in 2017 totaling almost $20 million, including the single largest settlement ever for $5.5 million. Much of the HHS enforcement activity has focused on relatively basic requirements, including the importance of having and updating business associate agreements (BAAs), protection of portable devices (e.g., laptops, smart phones, tablets, and USB drives), security risk assessments and remediation of shortcomings identified by such assessments, the need for written privacy and security policies and procedures, and the need to impress upon employees the importance of the privacy and security rules and the high cost of even relatively small violations. All of this activity makes it especially important for health plans and their business associates (BAs) to understand exactly what the HIPAA rules require. This webinar will provide an introduction to the HIPAA rules for new employees who will be working with protected health information (PHI) and a refresher on the rules for more experienced individuals.
Please join Christine Williams as she covers the basics of HIPAA and the areas that can present special problems for the sponsors and BAs of employer-sponsored health plans.
WHAT YOU’LL LEARN
Just a sampling of what this webinar will cover:
- Who’s a covered entity (CE) and who’s a business associate (BA)
- What is protected health information
- Under what conditions the employer that sponsors a health plan is allowed to have PHI and how to tell the difference between PHI and employer information
- The obligations of the employer that sponsors an employee health plan
- Requirements for the BAA between the sponsor of a health plan and the BA
- The individual rights provisions of the HIPAA privacy rules and what they require
- The notice of privacy practices (NPP) and the rules about providing the NPP to employees?
- The HIPAA privacy and security issues that are likely to present special problems for employer-sponsored health plans and how those issues can be addressed
- AND MUCH MORE!
YOUR CONFERENCE LEADER
Your conference leader for “Basics of HIPAA Privacy & Security for Employer-Sponsored Health Plans” is Christine Williams. Ms. Williams has worked in the employee benefits field since 1987, both in private practice and as in-house counsel to a Fortune 100 company, and recently founded HealthPlanPlainTalk.com, an online resource for benefit plan sponsors and employee benefit professionals. She has extensive experience with all types of health and welfare plans, and was the editor and a contributing author of HIPAA Portability, Privacy, & Security, published by the Employee Benefits Institute of America (EBIA), a division of Thomson Reuters, and is now a contributor to that publication. She was a contributing author of Health Care Reform for Employers and Advisors, also published by EBIA. She has provided advice on HIPAA, health care reform, and benefit plan compliance to a wide range of health plans, employers that sponsor health plans, and business associates, and she regularly teaches seminars for employee benefit professionals. Before moving into employee benefits, Ms. Williams was a trial attorney at the U.S. Department of Justice and an assistant professor at the University of Maryland School of Law. She earned her J.D. degree from the University of Kentucky College of Law.