There will be no handouts for this seminar, each attendee will receive the Confidentiality & Security publication on-site.
Print Registration Form
This seminar is designed to inform and update health information management (HIM) professionals and others about the legal rules governing the protection and disclosure of health information in California. Health providers in California are subject to broad and complex standards ranging from the HIPAA privacy rules and the California Confidentiality of Medical Information Act, to special laws governing psychiatric, substance abuse, and HIV information. This seminar will assist attendees in identifying and understanding the various rules and appreciating how they work together.
The focus will be on the situations in which providers are called upon to disclose health information – including releases pursuant to court orders, subpoenas, reporting requirements, patient treatment regimens, and billing and payment activities – and will provide guidance about how HIM professionals should respond in each particular case. It will explore the so-called “patient rights” provisions in the HIPAA privacy rules and their California equivalents involving such matters as access by patients to their own medical records and patient requests for an accounting of disclosures. Additionally, it will discuss the specialized health information laws, including the California Lanterman-Petris-Short Act, the federal substance abuse confidentiality regulations, and the California rules governing the disclosure of HIV test results. It also will cover the requirements in the HITECH Act, the HIPAA Omnibus Rules, and California law for reporting security breaches. Finally, it will deal with emerging enforcement activities, including federal HIPAA audits, investigations by the California Department of Public Health into privacy and security issues, and consumer class actions for health data security breaches.
The goal is to give HIM professionals a framework for dealing with issues concerning the maintenance, retention, and release of patient information.
Topics include the following:
Introducing the Legal Standards
HIPAA privacy rules, including HITECH Act and HIPAA Omnibus Rules
California Confidentiality of Medical Information Act (CMIA)
California Lanterman-Petris-Short Act
Federal substance abuse confidentiality regulations
California laws governing HIV test results
Other sources of legal requirements
Releasing Protected Health Information
Obtaining an authorization
Releasing information without an authorization
Releases under subpoenas or other legal process
Releases for reporting purposes
Releases to governmental oversight bodies
Releases to other providers and to payers
Releases to employers
Releases in workers’ compensation proceedings
Releases for research purposes
Releases to consultants and contractors (business associates)
Patient Rights Requirements
Right of patient to receive notice of privacy practices
Right of patient to access records
Right of patient to amend records
Right of patient to obtain accounting of disclosures
Right of patient to request restriction of disclosures
Releasing Specially Protected Health Information
Substance abuse information
HIV test results
OCR Guidance on Patient Right of Access
HIPAA Phase II audits
HIPAA enforcement mechanisms – What are they and what should HIMs expect?
Business associates – Who are they? What about photo copy companies?
Compensation for producing electronic records
• Dealing with law enforcement agencies
• Scanned health information – Which is the original record?
• Electronic signatures
• Use of cell phones between health care professionals
• E-mailing or texting health information
• Health information and social media
• Special issues for long-term care providers
Participants will receive the November 2017 release of the Confidentiality & Security: Protecting and Releasing Health Information in California manual. CHIA publications on HIPAA Privacy & Security will be available for purchase.
7:30 am Registration/Beverages and Pastries
8:30 am Program
12:00 pm Lunch (included)
1:00 pm Program
3:45 pm Adjournment
Who Should Attend
ALL Health Information Management (HIM) personnel, nurses, physicians, Business Office staff, HIPAA Compliance and Privacy Officers. All health care personnel who have responsibility for maintaining or disclosing protected health information (PHI) and/or have access to PHI in any hospital, SNF, physicians’ office or other health care setting.
This program has been approved for five continuing education units for use in fulfilling the continuing education requirements of AHIMA’s Commission on Certification for Health Informatics and Information Management (CCHIIM). Provider approved by the California Board of Registered Nursing; Provider number is 05474 for five contact hours. Certificates of attendance are provided for this seminar. HIM Domain: Privacy and Security. Event No. SEM566 & SEM567