If you do not wish to receive this training alerts from MentorHealth Click Unsubscribe
Having trouble viewing this Message?View it Online
MentorHealth
We Train Healthcare Professionals
Live Webinar on
HIPAA Hybrid Entities - What if Healthcare is only a Part of what you do Date: Thursday, August 17, 2017Â Â Duration:
90 Minutes
Time: 10:00 AM PDT | 01:00 PM EDT Location: Online
Register Now
Instructor: Jim Sheldon Dean
Overview: Many organizations that provide health care services also provide other services that are not related to heath care and are that not paid for by health plans or Medicaid. For such organizations a decision must be made: Do we apply HIPAA controls and policies throughout the organization for all programs, or do we decide what parts of our organization are under HIPAA and what parts are not, and designate Hybrid Entity status under HIPAA? There are significant impacts in making the choice to be a Hybrid Entity or not, and entities need to consider their own particular circumstances to determine the most appropriate path to take. If one portion of an entity is covered under HIPAA, the entire entity is subject to HIPAA, unless the entity declares Hybrid Entity status and limits the sharing of information between the HIPAA and non-HIPAA portions. Either option has its pros and cons and any entity's choice is not obvious at first glance. For something like a county government, it's easy to see that while the County Nursing Home may be a HIPAA entity, it would not make sense to apply HIPAA controls to the County Highway Department, and the designation of Hybrid Entity status for the county would an obvious choice, as there is no need to share any health care information between the County Nursing Home and the County Highway Department. But for behavioral health and social service organizations, the choice is not so clear. To be able to share information from a HIPAA portion to a non-HIPAA portion, in a Hybrid you need to have a HIPAA Authorization from each individual served, and you must have strict logical "firewalls" between the HIPAA and non-HIPAA portions to protect information from unauthorized access. You need to make sure any systems that carry or touch any Protected Health Information are secure no matter which model you follow would it be easier to apply HIPAA throughout the organization? You do, after all, have obligations to protect individuals' privacy, ethically or under the law, whether HIPAA applies or not, and HIPAA provides a good, recognized standard for protecting the privacy and security or personal information. And consistency within the organization is important - wherever you can reduce staff choices in how to handle information, you reduce the chances for making the wrong choice. There are burdens associated with either choice, and the best choice depends on how you do business and how easily separable and distinct your programs are. If there is no real overlap between HIPAA and non-HIPAA programs in services, locations, and staff, Hybrid status may make sense, but you will need to get a HIPAA Authorization if you want to refer an individual to another of your programs outside of HIPAA. If the lines are blurred and information needs to be shared to achieve the organization's goals, HIPAA-everywhere may be better, but it will require organization-wide policies, procedures, and training. This session will examine the options and the issues in choosing to be a Hybrid Entity or not and assist organizations in making the decision and implementing the results of the decision. Agencies will come away with a better understanding of how they should designate themselves and what they need to do for compliance in either case. In This Session: The definition of a HIPAA Hybrid Entity Typical Hybrid Entities Understanding your information flows How much of your work is healthcare? Requirements of not claiming Hybrid status Requirements of claiming Hybrid status The HIPAA Authorization issue Example Hybrid Entity analyses Policy and Procedure Requirements Documentation and Training Requirements Why should you Attend: Recent HIPAA enforcement settlements indicate the importance of properly designating Hybrid Entity status. UMass paid a $650,000 settlement amount, reflective of the fact that the University operated at a loss in 2015, for not adequately identifying all the HIPAA covered elements of UMass activities and improperly designating its Hybrid Entity status. Skagit County, Washington also settled with HHS after they had not properly designated the county as a Hybrid Entity due to its County Health Department activities. No matter whether the organization takes the steps to declare Hybrid Entity status or to implement HIPAA organization-wide, there are significant implementation, policy, and training impacts to consider. Going Hybrid means having a clear separation of health information from other information outside the HIPAA-covered portion,
and no sharing of PHI outside the HIPAA portion with other portions of the organization in order to coordinate services can take place without having HIPAA Authorizations in place. If the organization chooses to take the HIPAAeverywhere approach, HIPAA policies, procedures, and training will have to be applied organization-wide, but sharing information within the organization in order to better deliver services is much easier. There are pros and cons to either choice, and the best choice depends on how the organization does business and the services it provides.
Areas covered in the session: l
Find out how to evaluate whether or not your organization is best served by Hybrid Entity status
l l
Learn how to properly declare and document Hybrid Entity status when that is the best choice Find out what policies and procedures are required, and for whom, for entities using a HIPAA-everywhere
l
approach Find out what policies and procedures are required, and for whom, for entities using a HIPAA-Hybrid
l
approach Learn about the training and education that must take place and be documented to ensure your staff uses
l
health information properly and does not risk exposure of PHI Find out the steps that must be followed in the event of a breach of PHI
l
Learn about how the HIPAA audit and enforcement activities are now being increased and how you must be prepared or risk significant penalties
Who Will Benefit: l l l l l l l l l l l
Compliance Director CEO CFO Privacy Officer Security Officer Information Systems Manager HIPAA Officer Chief Information Officer Health Information Manager Healthcare Counsel/Lawyer Office Manager
Click here to register for this webinar
About Speaker Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit.
Suggest a Topic
... more
More Webinars
It would be really nice if you can circulate this mail to all your deserving colleagues who can immensely benefit from this program. For more information, please contact the event coordinator. We look forward to seeing you at the webinar. Best regards, Event-coordinator MentorHealth About MentorHealth MentorHealth is a comprehensive training source for healthcare professionals. Our trainings are high on value, but not on cost. MentorHealth is the right training solution for healthcare professionals. With MentorHealth, healthcare professionals can make use of the best benefits relating to their professional training. MentorHealth www.mentorhealth.com 161 Mission Falls Lane,, Suite 216, Fremont, CA 94539, USA. Phone: 800-385-1607 or Fax your PO to: 302-288-6884 If you do not wish to receive this training alerts from MentorHealth Click Unsubscribe