Syllabus
HIPAA Privacy Rule
- Overview of the HIPAA Privacy Rule
- Outline the most impactful proposed/upcoming changes for mental health care providersa. Changing the maximum time to provide access to PHI from 30 days to 15 days.b. Covered entities will be permitted to make certain uses and disclosures of PHI based on their good faith belief that it is in the best interest of the individual.
c.The addition of a minimum necessary standard exception for individual-level care coordination and case management uses and disclosures, regardless of whether the activities constitute treatment or health care operations.
d. The definition of healthcare operations has been broadened to cover care coordination and case management.
e. The requirement for HIPAA-covered entities to obtain written confirmation that a Notice of Privacy practices has been provided has been dropped.
f. Covered entities will be allowed to disclose PHI to avert a threat to health or safety when harm is “seriously and reasonably foreseeable.” The current definition is when harm is “serious and imminent.”
g. The Armed Forces’ permission to use or disclose PHI to all uniformed services has been expanded.
3. In–practice changes to be in compliance with Privacy Rule Changes
21st Century Cures Act Information Blocking Rule
1. Overview of the Information Blocking Rule
2. Outline the Final Rule’s definition of Electronic Health Information (EHI) and how it relates to HIPAA’s definition of Protected Health Information (ePHI)
3. How to comply with the Information Blocking RuleNo Surprises Act
1. Overview of the No Surprises Act
2. How to provide Good Faith Estimates to be in compliance with the No Surprises ActThe HIPAA Security Rule as it applies to telephone service and remote communication technologies
1. Overview of HHS’ updated guidance and its implications
2. HIPPA-secure phone service and remote communication technologies that facilitate compliance with the HIPAA Security Rule requirements as they apply to these technologies