HIPAA Changes for 2020 and Beyond

90 Minutes
Jim Sheldon-Dean
Webinar Id:


One Attendee
Unlimited Attendees ?


HIPAA Compliance has recently seen big changes in how the rules are enforced during the COVID-19 pandemic emergency and for individual access requests, long-overdue changes may be coming to regulations on Accounting of Disclosures of Protected Health Information (PHI), we can expect new rules regarding the HIPAA Notice of Privacy Practices and calling patients' cell phones, and a little-used HIPAA right may become a hot topic if the Affordable Care Act is threatened.

And there have been calls for HIPAA expansions to cover new technologies and new uses of PHI. There is no shortage of critical topics for medical offices to respond to, to meet requirements and avoid penalties.

This session will review the scope of what must be done to stay in compliance with the HIPAA regulations as individual access comes into focus both as a right that is vigorously enforced, yet now limited in some ways by a new Federal court order. Keeping up with these complex changes is essential to compliance with HIPAA access requirements.

The session will prepare organizations for the impacts of likely rule changes in areas such as Accounting of Disclosures, the Notice of Privacy Practices, cell phone communications, and new technologies. New rules expected for Accounting of Disclosures will be explored and their expected futures and impacts will be discussed, and impacts of changes to 42 CFR Part 2 and controls on information relating to substance use disorders will be explained.

One potential impact is not a HIPAA change, but an increase in the demand for requests to exert rights to keep treatment secret from health plans, which could result from changes to the ACA.

This session will help practices prepare for the various changes and avoid the significant penalties (up to $1.7 million and beyond) for non-compliance.

why you should Attend: The Health Insurance Portability and Accountability Act of 1996 has now been around for nearly a quarter century, and the regulations have evolved since the Privacy Rule first became enforceable in 2003. The recent adjustments, guidance, and allowances associated with the COVID-19 pandemic have led to new uses of technology that won’t just go back to the old ways once the emergency is over and regulations are returned to a non-emergency state.

There have been numerous enforcement settlements, there are new threats to the privacy and security of patient information, and still more changes in the rules are expected based on the HITECH Act and goals for greater patient access rights and integration of care services.

In addition, a recent Federal Court decision has changed the rules for providing access to patient information under the rules for individual access of PHI, and new guidance has been issued about the responsibilities of Business Associates for HIPAA compliance.

This session will look at the current state of HIPAA compliance and identify expected changes in the rules in the coming year, as well as examine the focus and results of various HIPAA enforcement actions to identify areas that deserve your HIPAA Officer’s attention in the coming year to ensure HIPAA compliance.

This session will provide the HIPAA Officer a review of the current enforcement actions, audit focus, privacy, security, and breach issues, and expected regulatory changes in HIPAA, and help the compliance specialist prepare for a year of HIPAA work including responding to issues and planning for regular compliance activities.

Areas Covered in the Session:

  • Emergency orders during the COVID-19 pandemic allow necessary flexibility but won't last forever
  • There may be a change to requirement to Obtain an Acknowledgement of the Receipt of a Notice of Privacy Practices
  • There may be a change to rules under TCPA (regarding calling or messaging cell phones)
  • Changes to ACA may impact the use of HIPAA rights to limit disclosures
  • Guidance has recently been provided on the HIPAA compliance liability of Business Associates
  • 42 CFR Part 2 (regarding Substance Use Disorder information) may become better aligned with HIPAA
  • There is inadequate coverage under HIPAA for new technologies and new kinds of patient information technologies, such as contact tracing Apps

  • Overview of HIPAA Regulatory Expectations
  • New Regulatory Directions
  • Rule Modifications and Guidance on the COVID-19 Pandemic
  • Overdue Regulatory Action
  • Court Ruling Limiting Regulations
  • Issues in Individual Access of Records under HIPAA
  • New Emphasis on Enforcement of Individual Access Rules
  • New Court Ruling Limiting Third-Party Access Requests
  • New Limitation of Business Associate Liability for Compliance
  • HIPAA Accounting of Disclosures Changes
  • Current Accounting of Disclosures Requirements
  • Required Changes and Difficulties Implementing Them
  • Likely Regulation to be Proposed
  • Potential Rules Changes
  • Acknowledgement of Receipt of Notice of Privacy Practices
  • TCPA and Cell Phone Communications
  • Impact of Potential Changes to Affordable Care Act
  • Getting Back to Normal After the Pandemic Emergency
  • HIPAA Controls and New Technologies
  • Difficulty in Managing Privacy
  • Calls for HIPAA Expansions

Who Will Benefit:
  • CEO
  • HIPAA Privacy Officers
  • HIPAA Security Officers
  • Information Security Officers
  • Risk Managers
  • Compliance Officers
  • Privacy Officers
  • Health Information Managers
  • Information Technology Managers
  • Information Systems Managers
  • Medical Office Managers
  • Chief Financial Officers
  • Systems Managers
  • Chief Information Officer
  • Healthcare Counsel/lawyer
  • Operations Directors

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

You Recently Viewed