Description: Between 250 – 500 words The Biden-Harris Administration, through the Office for Civil Rights (OCR) at the U.S. Department of Health & Human Services (HHS) has issued a Final Rule to modify the HIPAA Privacy Rule to support reproductive health care privacy. This Final Rule is one of many actions taken by HHS to protect access to and privacy of reproductive health care after the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization that has led to extreme state abortion bans and other restrictions on reproductive freedom in 21 states.
To better protect information related to reproductive health care and to bolster patient-provider confidentiality, organizations providing these services will need to implement required changes.
This webinar will review those changes and provide guidance on new HIPAA Privacy Rule requirements.
Date: 08/09/2024
Time: 11:00 am - 12:00 pm (EDT)
Reg. deadline: 08/08/2024
Venue: Live Webinar
Under the HIPAA Privacy Rule, the confidentiality and privacy protections afforded to individuals’ health information do not automatically end with death. Instead, they continue to apply to a decedent’s protected health information (PHI) for 50 years after the date of death. The Privacy Rule defines PHI as individually identifiable health information held by a covered entity or its business associates, and this definition explicitly includes data about deceased persons for a 50-year period following death. During the 50-year protected period, a covered entity—such as a health care provider, health plan, or health care clearinghouse—is generally required to safeguard a deceased individual’s health information in the same manner as it would for a living person, restricting unauthorized uses and disclosures. This means that simply being deceased does not lift HIPAA’s protections and that PHI remains subject to the Privacy Rule’s limits. However, the Privacy Rule also includes special provisions that speak directly to the context of decedents. For example, covered entities may disclose PHI of a deceased individual to family members or others involved in the individual’s care or payment for care prior to death, unless doing so is inconsistent with any known prior expressed preferences of the individual. The disclosures must be limited to information that is relevant to the person’s involvement in the decedent’s care or estate matters. The rule further permits disclosures in specific situations without authorization. Covered entities may share PHI about a decedent with law enforcement to alert them of death under suspicious circumstances, with coroners, medical examiners, or funeral directors as needed for their official functions, and with research entities when the PHI is solely for research on deceased individuals. Covered entities may also use decedent PHI to facilitate organ donation. When it comes to accessing a decedent’s medical records, HIPAA recognizes that protected health information may be relevant to the treatment of surviving family members. Under the Privacy Rule, disclosures for treatment purposes do not require authorization; thus, a provider may disclose a deceased relative’s PHI to another provider treating a family member if it’s relevant to that treatment. Additionally, a personal representative, often the executor or administrator of the decedent’s estate under applicable law, is treated as the individual for purposes of accessing and authorizing disclosures of the decedent’s PHI, to the extent authorized by law. Importantly, HIPAA does not mandate retention of medical records for 50 years—covered entities may dispose of records according to state law or organizational policy. The 50-year protection period reflects how long PHI remains subject to HIPAA if retained. Overall, HIPAA’s approach balances privacy interests of decedents and their families with practical needs for estate administration, treatment of surviving relatives, public health, law enforcement, and research. Finally, examine some state licensure laws that state confidentiality survives the death of the patient, and learn some examples of health care practitioners who violated that. Areas Covered in the Session HIPAA Privacy Rules Regarding Decedents HIPAA Rights for PHI and Decedent’s Family When and Who PHI Can be Disclosed to Special Situations when PHI can be Disclosed Documentation Preferences and Record Retention State Licensure Laws on Post-Death Confidentiality Horror Stories of Confidentiality Violations for Breaches After Death – You Mean a Dead Patient Complained??? Why should you Attend? You should attend this webinar so that you are prepared in the event that a patient dies. Who will Benefit? Healthcare practitioners who work with individuals.
Swing Beds can be a financial lifeline for Critical Access Hospitals. This webinar will focus on swing bed regulations in Appendix W for Critical Access Hospitals. Interpretive guidelines and survey procedures are under Appendix PP – Long Term Care manual – which will be discussed in the corresponding regulation sections. It is challenging to figure out what the interpretive guidelines and survey procedures are as there is there was no crosswalk between Appendix W and Appendix PP. The webinar was created to assist hospitals in understanding what needs to be done. Also to be discussed will be common deficiencies involving swing beds and how to avoid them. Objectives Discuss the requirements for a patient to be admitted to Swing Bed status Recall how to locate the regulation and interpretive guidelines and survey procedures for swing beds Describe what is required by CMS to be in the resident assessment which is done to do the care plan Recall the CMS requirements for emergency dental care for swing bed patients Agenda Manual and Introduction to Conditions of Participation Introduction Common Swing Bed deficiencies Special Requirements for Providers of Swing Beds Services Introduction to Swing Beds Eligibility requirements Interpretive guidelines and survey procedure under Appendix PP Three-day stay Eligibility Payment Healthcare literacy SNF Services Patient/Resident Rights Exercise of Rights Notice of Rights and Services Free Choice Privacy and Confidentiality Visitors and notification Work Mail Access and Visitation Rights Personal Property Married Couples Admission, Transfer and Discharge Rights Transfer and Discharge Payment of care Content of notice Resident Behavior and Facility Practices Restraints, Abuse and Neglect Reporting requirements Staff Treatment of Residents Hiring of employees Patient Activities Social Services Resident Assessment Comprehensive Care Plans PASARR or RAI Trauma informed care Discharge Summary Rehabilitation services Dental services Nutrition Appendix and Resources Who Should Attend CEO COO CFO Nurse executives Accreditation and Compliance/Regulation director Nurse managers Pharmacists Quality managers Risk managers Health information management personnel Social workers Dieticians Nurses Nurse educators Nursing supervisors Patient safety officer Director of Rehab (OT, PT, speech pathology, and audiology) Infection preventionist Anyone who is responsible for the care of swing bed patients in a CAH Persons responsible implementing the CMS swing bed requirements
Considering the news and staggering events of mass shootings in the last several months, workplace violence might be foremost in our minds. Most of us think of workplace violence occurring only in the workplace setting, but the threatening conduct is broader and may encompass behavior occurring outside the actual workplace. Even domestic violence creates challenges for all employers. The healthcare environment creates an even greater challenge to prevent and intervene in healthcare violence. The rate of injuries and illness from violence in the healthcare industry is more than three times greater than violence in all private industry. Healthcare organizations include hospitals, outpatient clinics, medical office clinics, home health care, home-based hospice, paramedic and emergency medical services, mobile clinics, drug treatment programs and ancillary healthcare organizations. What makes violence in healthcare unique is that it carries negative ramifications for quality patient care. In the U.S. some states, such as California, have passed legislation specifically addressing violence in healthcare. There are other federal and state laws that require the employer to address the hazards of workplace violence, and laws that protect the victims of workplace violence. OSHA identifies healthcare as one of three “high risk” industries for violence. The violence is perpetrated not only by patients, their families, and visitors, but as well among the health professionals themselves. It may include a patient admitted to the ER high on drugs and wielding a knife. Or, it may be an enraged physician in the operating room flinging a scalpel at a nurse. And, the violence may be one nurse bullying another nurse – depending how the word “violence” is actually defined. Violence in healthcare is not unique to the United States. In 2016, the 4th International Conference on Violence in Healthcare will be held in Ireland. In the U.S. some states, such as California, have passed legislation specifically addressing violence in healthcare. In 2010, the Bureau of Labor Statistics (BLS) data reported healthcare and social assistance workers were the victims of approximately 11,370 assaults by persons; a greater than 13% increase over the number of such assaults reported in 2009. Almost 19% (i.e., 2,130) of these assaults occurred in nursing and residential care facilities alone. Unfortunately, many more incidents probably go unreported. Why Should You Attend? The healthcare setting is one of the most violent venues in which to work in the U.S. and internationally. Healthcare is unique in that the violence that occurs here, has negative ramifications to quality patient care. The Joint Commission has even taken a stand on dealing with unsafe patient care due to abusive (which may constitute violence) behavior by health professionals. Your role as leaders in your healthcare organization equates to a responsibility to create and sustain a safe working environment for your employees AND a safe and healing environment for your patients. This webinar will review the critical elements required to plan, design, develop, implement, and evaluate your healthcare organization’s violence prevention plan. Are you prepared to deal with an active shooter on one of your patient floors—which happened in a hospital in Minnesota? As we hear more and more about mass shootings, it causes us to pause and wonder if it could really happen in a hospital, clinic, or when visiting a patient’s home. Fortunately, most violence does not rise to that level, but nonetheless, the violence that commonly occurs in healthcare has profound consequences for all involved. It is essential you prepare to prevent and react to minimize violence that occurs. Areas to be Covered? To define workplace violence To provide examples of workplace violence in healthcare To discuss the relevant laws that address workplace violence To state the impact and consequences of violence to the healthcare victims, the organization and patient care To examine the clinical, occupational, social, and economic factors of violence in healthcare To review 10 de-escalation tips when dealing with an angry individual To examine the causes of healthcare violence To discuss a violence prevention program to ensure patients, families, visitors, and staff are safe using JCAHO guidlines To outline the roles and responsibilities of the organization’s stakeholders To explain how to help the workplace and workers recover following a violent episode Who Should Attend? Director of Risk Management Director of Safety Director of Quality Improvement Occupational Health Nurse VP of Nursing/Chief Nursing Officer Legal counsel Chief Medical Officer Chief Operations Officer
HIPAA sets national standards to protect the privacy and security of individuals’ protected health information (PHI). At the core of HIPAA’s Administrative Simplification provisions is the concept of covered entities, specific organizations and individuals that must comply with HIPAA’s Privacy, Security, and Breach Notification Rules because of the type of health information they handle and how they use it. Under HIPAA, covered entities consist of three main categories: health plans, health care clearinghouses, and health care providers. Health plans include health insurance companies, HMOs, and government programs that pay for health care, such as Medicare and Medicaid. Health care clearinghouses are organizations that process or transform health information received from another entity into standardized formats for processing. Health care providers are individuals or organizations (physicians, clinics, pharmacies, psychologists, dentists, and others) that transmit any health information electronically in connection with certain standard transactions such as claims, eligibility inquiries, or billing. So how then can one person be a covered entity? They are not an entity, they are a person. Only entities that meet the regulatory definitions outlined in 45 CFR § 160.103 are covered entities. Entities that do not qualify — even if they handle health-related data — are generally not subject to HIPAA’s privacy and security protections. For example, a flexible spending account (FSA) or a cafeteria plan only becomes a covered entity when it meets the definition of a group health plan under the Employee Retirement Income Security Act (ERISA) and provides medical care. FSAs that are self-administered with fewer than 50 participants do not qualify as group health plans and therefore are not covered entities. Similarly, an organization acting as a third-party administrator (TPA) for a group health plan is not automatically a covered entity just by virtue of its administrative role. Instead, such TPAs typically fall under HIPAA as business associates — entities that perform functions for or on behalf of a covered entity involving PHI and must enter into Business Associate Agreements. State, county, and local health departments illustrate another nuance. These public agencies must comply with HIPAA only if they carry out functions that fall within the definitions of covered entities — such as operating as a health plan (e.g., Medicaid) or a health care provider transmitting electronic health transactions. A health department with mixed functions may elect to designate its covered functions as a “hybrid entity” with specific HIPAA obligations applied to the health care component of the organization. Understanding who is a covered entity is critical because it determines which organizations must uphold individuals’ rights to privacy, data security, and breach notifications, and which must implement policies, training, and safeguards to protect PHI. HIPAA compliance ensures that sensitive health data is handled responsibly and empowers individuals with rights regarding their personal health information. Areas Covered in the Session Definitions of HIPAA Covered Entities and Why They Matter Covered Entities vs. Business Associates Categories of Covered Entities: Health Plans, Healthcare Providers, and Healthcare Clearing Houses Special Cases: FSA, Cafeteria Plans, Third Party Administrators, State Laws Privacy and Security Compliance How One Health Care Practitioner Can be a Covered Entity Why should you Attend? Learn about what and who the covered entities are and how they interact within the healthcare system. Find out how they interact with and impact you as a healthcare practitioner. Answer the question: Can One Person be a Covered Entity? Who will Benefit? Healthcare practitioners who interact with covered entities or are a part of a covered entity themselves.