The Office for Civil Rights (OCR), the arm of the U.S. Department of Health & Human Services that enforces the HIPAA privacy and security rules, has been active in the past few months providing informal guidance and clarifications of existing rules. In addition, OCR’s enforcement activities are continuing, including a $2.3 million settlement of alleged violations, although the HIPAA Phase 2 audit program seems not to have generated any results or guidance yet and might be “on hold.” Perhaps most worrisome, the new head of OCR reportedly said that he is looking for a “big, juicy case” to be his priority in HIPAA enforcement. Among other informal guidance from OCR in the past year, the agency continues to address disclosures to family and friends of individuals involved in natural disasters and other catastrophes, as well as disclosure of information relating to mental health and substance use. During 2017, OCR’s monthly cybersecurity newsletters addressed important topics including steps to ensure security of Protected Health Information (PHI) when traveling or during holiday periods, security of mobile devices that hold or access PHI, the dangers of insider threats, and best practices when terminating an individual’s access to PHI. In January 2018, OCR addressed the Meltdown and Spectre computer chip vulnerability issues.
Join Christine Williams, founder of Health Plan Plain Talk, as she reviews OCR’s new guidance and enforcement activity and explains the implications for employer-sponsored health plans, as well as steps plans should take to achieve or ensure compliance.
WHAT YOU’LL LEARN
This webinar will cover:
- The background on the $2.3 million settlement of alleged HIPAA violations and what lessons health plans can learn from it
- How the mental health and substance abuse guidance clarifies past guidance, and how the HIPAA rules differ from other rules administered by HHS
- The status of the Phase 2 audit program
- How the Meltdown and Spectre vulnerabilities should be addressed
- OCR’s reminders about protecting PHI on mobile devices and during holiday periods
- OCR’s advice regarding phishing scams and how employees should be trained to avoid them
- The importance of quality training for workforce members who have access to PHI
- How HIPAA applies to employer-sponsored wellness programs
- The importance of the HIPAA basics—including business associate agreements, the security assessment, up-to-date policies and procedures, and documentation of all compliance material
- AND MUCH MORE!
YOUR CONFERENCE LEADER
Your conference leader for “HIPAA Update for Employer-Sponsored Health Plans: What’s New, What’s Been Revised, and What’s Still Required” is Christine Williams. Ms. Williams has worked in the employee benefits field since 1987, both in private practice and as in-house counsel to a Fortune 100 company, and recently founded HealthPlanPlainTalk.com, an online resource for benefit plan sponsors and employee benefit professionals. She has extensive experience with all types of health and welfare plans, and was the editor and a contributing author of HIPAA Portability, Privacy, & Security, published by the Employee Benefits Institute of America (EBIA), a division of Thomson Reuters, and is now a contributor to that publication. She was a contributing author of Health Care Reform for Employers and Advisors, also published by EBIA. She has provided advice on HIPAA, health care reform, and benefit plan compliance to a wide range of health plans, employers that sponsor health plans, and business associates, and she regularly teaches seminars for employee benefit professionals. Before moving into employee benefits, Ms. Williams was a trial attorney at the U.S. Department of Justice and an assistant professor at the University of Maryland School of Law. She earned her J.D. degree from the University of Kentucky College of Law.