Regulatory Changes & Their Implications: What You Need to Know to be in Compliance for a Legal-Ethical Mental Health Practice

Course Materials

Part 1: HIPAA Privacy Rule Updates
Part 2: 21st Century Cures Act Information Blocking Rule
Part 3: No Surprises Act & The Good Faith Estimate
Part 4: The HIPAA Security Rule & Telephone Service
Question & Answer


HIPAA Privacy Rule

  1. Overview of the HIPAA Privacy Rule
  2. Outline the most impactful proposed/upcoming changes for mental health care providersa. Changing the maximum time to provide access to PHI from 30 days to 15 days.b. Covered entities will be permitted to make certain uses and disclosures of PHI based on their good faith belief that it is in the best interest of the individual.

    c.The addition of a minimum necessary standard exception for individual-level care coordination and case management uses and disclosures, regardless of whether the activities constitute treatment or health care operations.

    d. The definition of healthcare operations has been broadened to cover care coordination and case management.

    e. The requirement for HIPAA-covered entities to obtain written confirmation that a Notice of Privacy practices has been provided has been dropped.

    f. Covered entities will be allowed to disclose PHI to avert a threat to health or safety when harm is “seriously and reasonably foreseeable.” The current definition is when harm is “serious and imminent.”

    g. The Armed Forces’ permission to use or disclose PHI to all uniformed services has been expanded.

    3. In–practice changes to be in compliance with Privacy Rule Changes

    21st Century Cures Act Information Blocking Rule

    1. Overview of the Information Blocking Rule
    2. Outline the Final Rule’s definition of Electronic Health Information (EHI) and how it relates to HIPAA’s definition of Protected Health Information (ePHI)
    3. How to comply with the Information Blocking Rule

    No Surprises Act
    1. Overview of the No Surprises Act
    2. How to provide Good Faith Estimates to be in compliance with the No Surprises Act

    The HIPAA Security Rule as it applies to telephone service and remote communication technologies
    1. Overview of HHS’ updated guidance and its implications
    2. HIPPA-secure phone service and remote communication technologies that facilitate compliance with the HIPAA Security Rule requirements as they apply to these technologies


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss