10-03-11 | Blog Post
Did you happen to miss our HIPAA, HITECH, BAAs and the Law: Concerns and Best Practices Webinar last Tuesday? No worries, we have the slideshow, video and transcript up on our site, as well as our guest speaker Tatiana Melnik’s contact information if you have any unanswered HIPAA questions. Tatiana also provided numerous external links to sample HIPAA policies, procedures and training from major universities and medical centers for organizations seeking HIPAA compliance resources.
HIPAA, HITECH, BAAs and the Law: Concerns and Best Practices
This webinar discusses the legal implications of HIPAA, HITECH, and BAAs and their impact on IT Infrastructure and those who support it. Moderated by April Sage, Marketing Director of Online Tech, with special guest speaker Tatiana Melnik of Dickinson Wright law firm.
Some of the major takeaway points:
Things you should never do:
Webinar attendees were also given the opportunity to ask questions. Here’s some of the Q&A (view the full transcript):
Q: What’s a reasonable amount to expect to pay for a risk assessment or HIPAA audit?
A: Anywhere from $500 to $5,000 or $10,000, if you want the in-house training, all of the policies and procedures drafted for you, and if you need any additional services.
Q: Who should be responsible in a Healthcare organization for monitoring HIPAA? Should it be those primarily involved in Compliance? HR? Legal? IT? Everybody?
A: Actually, there is a requirement under HIPAA that each organization have a privacy officer. That is the person that is supposed to be in charge of monitoring these types of things. For example, if you are an organization that deals with HIPAA and you see patients, you are supposed to offer them a notice of privacy practices. It’s best for organizations to appoint one individual to monitor these types of developments because if you have multiple people, it gets very confusing.
Q: What’s the best way to handle PHI (protected health information) in email?
A: Don’t do it. Email is not a secure form of communication. Unless you’re sending encrypted email, you should not do it whatsoever.
This is just a sample of the discussion – view the slides, read the entire transcript and play the HIPAA webinar video on our site.
Tatiana Melnik, Attorney, Dickinson Wright PLLC
Tatiana Melnik is an attorney with the Dickinson Wright law firm where her practice focuses on information technology, healthcare information technology, intellectual property and privacy issues. Ms. Melnik sits on the Michigan Bar Information Technology Law Council, the Automation Alley Information Technology Committee, and is a Managing Editor of the Nanotechnology Law & Business Journal. Ms. Melnik holds a JD from the University of Michigan Law School, and a BS in Information Systems and BBA in International Business, both from the University of North Florida. Ms. Melnik regularly writes and speaks on issues surrounding healthcare information technology. Ms. Melnik will be speaking at the 2011 HIMSS Fall Technology Conference in Indianapolis on Social Media and Healthcare. Contact information is available at our site.