1. Live Webinar on : HiPAA and EHRs – what your system need to do so you can be in
compliance with new rules
Get 15 % Discount as a early bird
registrations. Use Promo Key
: CGO15
Who will benefit
 Compliance director
 CEO
 CFO
 Privacy Officer
 Security Officer
 Information Systems Manager
 HIPAA Officer
 Chief Information Officer
 Health Information Manager
 Healthcare Counsel/lawyer
 Office Manager
 Contracts Manager
Pricing
Live ( Single registration ) : $189.00
Group ( Max 10 Attendee): $499.00
More Trainings
Description
More health care providers than ever are adopting
electronic health records and new regulations on using
them and protecting the information on them are here,
with more on the way.
Why should you attend:
• Recent and proposed changes to HIPAA that expand
the regulation’s reach and increase enforcement, along
with incentives to adopt electronic health records, have
created a perfect storm for the privacy and security of
protected health information (PHI).
• Many of the new changes to HIPAA focus directly on
aspects of the use of electronic records, such as the
accounting of disclosures of all kinds, even for treatment,
payment, and healthcare operations, and the provision of
records in electronic formats when requested. These
proposed rules have a tremendous impact on not only
EHRs, but any electronic systems that hold protected
health information in the designated record set.
• The proposed requiement to provide a list of all
accesses of an individual records is based on an ability to
track accesses that not all systems can provide
today. Using electronic records of any kind could mean
big headaches for compliance with HIPAA accounting of

2. disclosures requirements.
• To qualify for incentive funding, providers must
perform HIPAA Security compliance activities that may
have been sidestepped in the past, but no longer can be
due to new, higher penalties, including mandatory
penalties in the tens of thousands of dollars for willful
neglect of compliance. Risk analysis is now clearly
required, both for HIPAA and for EHR funding, but
many organizations have not yet performed one and find
the task overwhelming.
• Providers will need to change how they do business to
meet the new requirements as they move to newer
electronic records systems, and qualifying for the funding
will require the kind of attention to privacy and security
that health information has always deserved, but not
always received.
Description of the topic
The new and proposed HIPAA Privacy and Security
regulations will be reviewed and their effects on the use
of EHRs will be discussed. The proposed rules call for an
ability to make an electronic copy of an individual's
protected health information for any information held in
an entity's designated record set. In addition, any
accesses of electronic PHI in a designated record set must
be recorded so that they can be provided in an access list
if requested by the individual. Not only do these
requirements call for technical capabilities that may or
may not be present in a particular system, but they also
imply that an organization would be well-advised to
carefully define its designated record set in order to limit
its exposure under these requirements, giving the
definition of a designated record set new importance.
We will discuss how disclosures and accesses must be
tracked in an EHR and review the various ways patient
records can be supplied electronically. The proposed
rules allow for a variety of methods to accomplish the
objectives, but all will require new policies, procedures,
and practices. We will show what policies need to be
changed and how.
Adopting an EHR and securing funding for it through
the Federal program requires that certain objectives be
met according to defined measures, including a required
objective to protect the privacy and security of
information in an EHR. That measure calls for a HIPAA

3. Security risk analysis. We will discuss the scope and
methods of a risk analysis that can meet the requirements
and make it easier to prioritize your activities to reduce
risks and improve security most cost-effectively.
Some of the new regulations require an ability to
restrict certain disclosures that may not be easy to
implement in EHRs, and may require modifications and
upgrades before you can be in compliance.
To be prepared for compliance, you need to be
prepared for an audit by the HHS Office of Civil Rights.
This session will show you what policies and evidence
you need to produce if you are audited, and what you
can do ahead of time to show you have securely
implemented your EHR and continue to monitor and
maintain its security. We will show you how to find out
what has been asked of entities in reviews before and
what you need to prepare in advance so you can be ready
when they call.
Finally, the new enforcement penalty structure and
the latest plans for audits by HHS OCR will be described,
so you can know what you're up against if you don't
make the effort to ensure compliance. Protecting your
EHR will require new practices and new routines to help
you avoid breaches and the significant penalties of
violations, and we will help you understand the
ramifications of not doing what's necessary to protect
your EHR and its data, so you can make intelligent
decisions about your security priorities.
Areas Covered in the Seminar:
• The new regulations change the way individuals have
access to their records, and how much they can find out
about who has accessed their records.
• Individuals can request an accounting of disclosures of
their health information including those made for
purposes of treatment, payment, or healthcare
operations, from an electronic health record, going back
three years.
• Individuals have the right to obtain electronic copies of
their health information that is stored electronically, from
any electronic system in the HIPAA designated record
set.
• Individuals can now request certain restrictions on

4. disclosures that you must honor.
• Meaningful Use requirements for EHR funding call for
a HIPAA Information Security Risk Analysis and
implementation of risk mitigation measures.
• New audit and penalty requirements increase the need
to make sure you are in compliance before HHS OCR
knocks on the door.
• The new penalty structure and plans for audits mean
that you are more likely to be audited for HIPAA
compliance, and you may be facing significantly higher
penalties for non-compliance than ever before.
About Speaker:
Jim Sheldon-Dean is the founder and director of compliance
services at Lewis Creek Systems, LLC, a Vermont-based
consulting firm founded in 1982, providing information privacy
and security regulatory compliance services to a variety of
health care providers, businesses,universities,small and large
hospitals,urban and rural mental health and social service
agencies, health insurance plans, and health care business
associates. He serves on the HIMSS Information Systems
Security Workgroup, and has co-chaired the Workgroup for
Electronic Data Interchange Privacy and Security
Workgroup. He is a frequent speaker regarding HIPAA and
information privacy and security compliance issues at seminars
and conferences,including speaking engagements at AHIMA
national and regional conventions and WEDI national
conferences,and before the New York Metropolitan Chapter of
the Healthcare Financial Management Association,Health
Information Management Associations ofVirginia, New York
City, New York State, and Vermont, the Connecticut Hospital
Association,and the Hospital and Health System Association
of Pennsylvania. Sheldon-Dean has nearly 30 years of
experience in policy analysis and implementation, business
process analysis,information systems and software
development. His experience includes leading the development
of health care related Web sites; award-winning, best-selling
commercial utility software; and mission-critical, fault-tolerant
communications satellite control systems. In addition, he has
eight years of experience doing hands-on medical work as a
Vermont certified volunteeremergency medical
technician. Sheldon-Dean received his B.S. degree, summa
cum laude, from the University of Vermont and his master’s
degree from the Massachusetts Institute ofTechnology.

5. https://compliance2go.com/index.php?option=com_training&speakerkey=12&productKey=26
Compliance2go | www.Compliance2go.com
Phone : 877.782.4696 | Fax : 281-971-0286
Email : Support@compliance2go.com