American Bar Association American Bar Association

HIPAA Privacy Post HITECH Act: Managing Risks & Responsibilities

SPONSORS: The Sections of Business Law; Health Law; Labor and Employment Law; Real Property, Trust and Estate Law; Taxation; Tort Trial and Insurance Practice; and the American College of Employee Benefits Counsel

General Information

Untitled Document

A 90-minute TeleConference
MONDAY, MAY 16, 2011

1:00-2:30 pm ET / 12:00-1:30 pm CT / 11:00 am-12:30 pm MT / 10:00 am-11:30 am PT

Cynthia Marcotte Stamer, Cynthia Marcotte Stamer, PC, Addison, TX
Susan McAndrew, Deputy Director for Privacy, Office for Civil Rights, U.S. Department of Health and Human Services, Washington, DC

Health plans and health insurers, health care providers, healthcare clearinghouses and their business associates (covered entities) face new imperatives to tighten their Health Insurance Portability & Accountability Act (HIPAA) Privacy and Security Rule compliance and risk management. As covered entities face new demands to update policies, contracts practices and training to meet new HITECH Act data breach and other amendments and other evolving guidance, the March announcement of a $4.3 Million 1st HIPAA Privacy Civil Monetary Penalty and other regulatory and enforcement activities signal both OCR and state attorneys general are serious and moving quickly to use expanded enforcement muscle expanded by the HITECH Act. Gain invaluable insights into the latest regulatory guidance and OCR’s enforcement, audit and other plans from OCR Deputy Director for Privacy Susan McAndrew. Among other things, this program will discuss:

  • Current and emerging Office for Civil Rights guidance interpreting and implementing the HITECH Act and other HIPAA requirements;
  • OCR’s expectations of covered entities concerning requirements and best practices for business associate agreement contracting, management, breach monitoring and notification and coordination of other HIPAA compliance obligations;
  • An update on Office for Civil Rights audit, enforcement and sanctions activities, rules and processes;
  • Details and lessons to take from the Cignet $4.3 Million Civil Monetary Penalty, the Massachusetts General and other resolution agreements, and other OCR investigations and enforcement data and activities;
  • Insights about the policies and procedures, internal audits, training and other actions expected of covered entities to meet OCR’s expectation of a "robust compliance plan";
  • Practical tips to prepare for and respond to OCR audit, investigation or other enforcement actions.

HIPAA Privacy Post HITECH Act: Managing Risks & Responsibilities
General Information
Program Registration/Purchase CDs / Mp3
Policies and Procedures
Government Q&A Sessions
Contact JCEB
Attendee Area