This is a repeat of an event originally broadcast March 19.
On Jan. 17, 2013, the federal government released the long-awaited HITECH Act Omnibus Final Rule, clarifying the HIPAA compliance obligations of healthcare providers, health plans and their business associates. The HITECH Act significantly expanded the reach of HIPAA by imposing compliance obligations on a broad array of downstream entities not traditionally viewed as healthcare companies, by requiring the reporting of data breaches, and by significantly increasing the civil and criminal penalties for violations of HIPAA.
The HITECH Act also changed the enforcement climate. Recent investigations by the Office for Civil Rights (OCR) signal a dramatic shift in the government’s approach to enforcement, from a reactive approach focused on education to a proactive approach in which covered entities and business associates of all sizes are expected to achieve and sustain compliance. In addition, the OCR has implemented a new audit program, through which the HIPAA compliance status of selected covered entities and business associates will be evaluated.
- The compliance obligations of covered entities, business associates and downstream subcontractors;
- The impact of the Omnibus Final Rule upon compliance;
- The new OCR audit program and what to expect from an enforcement perspective;
- How to determine whether an unauthorized use or disclosure of PHI rises to the level of a breach, including a review of how the breach standard has changed; and
- An overview of compliance with the Security Rule, including the importance of securing portable electronic media.
- Nathan A. Kottkamp, Partner, McGuireWoods LLP (Moderator)
- Meggan Michelle Bushee, Associate, McGuireWoods LLP
- Holly Carnell, Associate, McGuireWoods LLP