This webinar is for HIPAA Business Associates (BAs) and Covered Entities (CEs).
The importance of BA HIPAA compliance was just emphasized dramatically by numerous class action lawsuits filed across the country stemming from reports of a BA's HIPAA Breach exposing the Protected Health Information (PHI) of more than 24 Million patients. The BA, a medical billing collection agency that allegedly committed the breach and the CEs it represented are all being sued. BAs are liable for complying with the HIPAA Rules and CEs must document satisfactory assurances from a BA of its HIPAA compliance before disclosing PHI to the BA or allowing the BA to create, receive, maintain or transmit PHI on its behalf.
The chain of compliance and liability follows PHI from a CE to its BA and down through the BA’s Subcontractors. If they are not careful CEs can find themselves fully liable for HIPAA violations committed by BAs and BAs for violations committed by Subcontractors under a little known Federal agency law. However, risks associated with BA HIPAA compliance can be managed calmly and confidently by following the HIPAA Rules and HIPAA Rules are easy to follow, step-by-step when you know the steps.
Why should you Attend:
Business Associates must know exactly what to do to comply with HIPAA. They are liable for compliance with the entire HIPAA Security Rule and parts of the HIPAA Privacy and Breach Notification Rules. But it is easy to be unsure about what BAs must do to comply with their Privacy and Breach Notification Rule requirements. And when BAs became liable for HIPAA compliance the government rule makers forgot to explain who BAs should assign to develop and implement their Privacy and Breach Notification Rule policies and procedures.
BAs should attend this webinar to develop a game plan for HIPAA compliance. CEs should attend to see what to look for in due diligence and obtaining the necessary satisfactory assurances that a BA is complying with HIPAA.
Areas Covered in the Session:
This webinar will cover HIPAA law that applies to Business Associates broken down into 5 key compliance steps:
- Who's in charge? - All HIPAA compliance responsibility rests squarely with top management. But authority to develop and implement a HIPAA compliance program is delegated to one or more Business Associate HIPAA Compliance Official(s). They must do more than just develop and implement Security Rule Policies and Procedures. Business Associate HIPAA Compliance Official's duties are a roadmap to develop, implement and maintain a Business Associate's HIPAA Compliance Program
- Risk Analysis and Risk Management - the basis of Business Associate HIPAA Compliance
- Business Associate Privacy Rule Compliance - Required compliance responsibilities and appropriate Policies and Procedures
- Business Associate Breach Notification Rule Compliance - how to investigate, assess and document Potential Breaches and if necessary, make notifications required by the Breach Notification Rule
- Business Associate Agreements (BAAs) - between a BA and CE and between a BA and Subcontractor BA and avoiding BAA language that can make CEs and BAs liable for downstream BA violations by mistake
Who Will Benefit:
- Compliance Manager
- Chief Information Security Officer
- Chief Information Officer
- Chief Compliance Officer
- Risk Management Director
- Business Manager
- Attorney - General Counsel, Associate General Counsel, Inside Compliance Attorney, Outside
- Health Law Attorney
- Security Official
- Privacy Official
- BA Owner - CEO - COO
- Healthcare Practice Manager
- Administrator, Long Term Care Facility
- CE Owner