March 2013

March 28th  HIPAA Presentation Recap, Video and Discussion Link


Omnibus Final RuleOn March 28th Keith Carrington provided an easy to understand overview of the New HIPPA laws that took effect just 2 days before this presentation. He will continue to answer questions here so everyone can be ready for the September 23, 2013 Compliance Deadline.

Please view the video and share your thoughts about this complex issue that affects both providers and vendors in the discussion below.

HIPAA Presentation VideoTo see the entire video presentation CLICK HERE

To join in the ongoing discussion and to ask Keith HIPAA questions CLICK HERE

Below are highlights from the presentation that are color separated into topics that pertain to Providers or Vendors...Although for either side to completely understand the new laws you have to see it from both sides.

If you click the "SHOW MORE" button on the YouTube page the time links in the directory will take you directly to the topic.

Provider Topics Vendor Topics Topics Relevant To Both
00:01 Introduction (Michelle Burdo)
01:00 Discussion Summary (Keith Carrington)
04:30 OCR Statement on Publication of the Omnibus Rule
08:55 4 Final Rules
10:57 Legal Disclaimer
12:00 Provisions Affecting Covered Entities
12:28 Civil Monetary Penalties
14:38 Nature & Extent of the Violation
16:51 Nature & Extent of Resulting Harm
20:22 Affirmative Defenses
21:14 Breach Notification Requirements
22:57 Negating the Breach Presumption
28:03 Sale & Use of PHI for Marketing Purposes
31:53 Fundraising
34:15 Notice of Privacy Practices
37:19 Expanded Rights of Individuals
38:27 Additional Provisions
41:14 Deceased Individuals
43:55 School Notifications
45:26 Business Associates & Vendor Liability
51:31 Defining the Business Associate
52:26 Conduit Exception
53:43 Updated Business Associate Agreement Requirements
54:05 Direct Liability
55:22 Civil Monetary Policy
56:28 How Do I Comply?
57:10 Business Associate Agreement Compliance Date
58:17 Covered Entities
58:45 Business Associate Risk Assessment
59:43 Risk Assessments
1:03:48 Conclusion
1:04:45 Can you offer clarity on when a patient is paying for medical services and the provider is not allowed to disclose information if they ask you not to? (Vicky Van Gorder)
1:06:52 Are there HIPAA compliance requirements on email? (Louie Hilal)
1:08:41 Are Business Associates and Sub Contractors covered under one agreement? (Laura Mullin)
Additional information
1:10:11 Additional information and How to ask your questions (Burdo & Carrington)

Other Relevant Topics to This Video and the New HIPAA Omnibus Law

Breach Notification Rule Changes with Implementation of the New Law

Notice of Privacy Practices a Focus of the New HIPAA Omnibus Final Rule

Notifying Patients of Notice of Privacy Practices…As Easy As 1-2-3

The Business Associate Agreement Gets a Mandated Makeover

Patient Sign In Forms - Compliance Made Easy


Keith CarringtonAbout the Presenter:  Keith Carrington conducts both Meaningful Use and HIPAA Privacy & Security Rule Risk Assessments for medical providers and their Business Associates. In the course of his work, Keith consults with physicians, practice administrators, hospital administrators, and business associates to identify vulnerabilities in the entity's current security procedures and policies with an emphasis on remediation.

Through Keith's work, medical practices, hospitals, and their business associates are better equipped to meet federal and state audit requirements, while ensuring a higher level of PHI security. Keith frequently speaks on HIPAA compliance issues at industry conferences and conducts CME workshops for physicians on the topics of legal compliance, the HIPAA Security Rule, and Meaningful Use requirements.

Keith has also authored numerous articles for trade publications and law reviews on subjects relating to healthcare compliance and risk management. In addition, Keith was named Editor of the law review for Concord University’s School of Law.
Keith is a member of numerous professional associations including the American College of Healthcare Executives, the Health Care Compliance Association, the Society for Corporate Compliance and Ethics Professionals, the National Rural Health Association, the MGMA, and MOROF. Keith also serves as an adjunct professor and holds various appointments at the municipal government level.

Keith is currently a candidate for both a JD with a specialization in Health Law and a PhD in Health Services and Policy Analysis.