03-14-13 | Blog Post

Online Tech Exhibits HIPAA Hosting Solutions at HIPAA in a HITECH World in Washington, D.C.

Blog Posts

Next week, Online Tech will be flying to Washington D.C. to sponsor and exhibit HIPAA hosting solutions at an American Health Lawyers Association (AHLA) health IT event, HIPAA in a HITECH World. Featuring a special keynote address by Leon Rodriguez, Director of the Office for Civil Rights, the event agenda includes sessions focused on health IT compliance standards and how to achieve data security with business associates and subcontractors that deal with PHI (protected health information).

Hosted at the Renaissance Harborplace Hotel in Baltimore, Maryland, the one-day event will be held March 22. With the recent HIPAA omnibus rule changes, the focus will be on how regulatory requirements have affected healthcare organizations (covered entities), HIPAA cloud solution providers and other healthcare service providers (business associates), as well as their contractors and subcontractors. A few of the more notable sessions from the HealthLawyers.org brochure include:

Top 10 Significant Issues in the HIPAA / HITECH Omnibus Rule: An Homage to Letterman

  • Patricia A. Markus (Moderator), Elisabeth Belmont (Hospital Perspective),
  • Joanne Lax (Long Term Care Perspective), Charlene L. McGinty (Physician Perspective),
  • Maia Thiagarajan (Plan Perspective)

This interactive session will provide attendees with perspectives from various sectors of the health care industry – physician, hospital, health plan and long term care – on the implications of key provisions contained in the HIPAA/HITECH Omnibus Rule of which healthcare counsel need to be aware in order to appropriately advise clients. The panelists will provide an overview of the following key issues, starting with those likely to have the most significant impact on healthcare stakeholders, and share “in the trenches” insights on the Rule’s effect on:

  • Breach notification, business associates and subcontractors, agency, and enforcement
  • Access to ePHI, payment, marketing, fundraising, and sale of PHI
  • Research, notices of privacy practices, and security

Another concurrent session is:
Complex Data Sharing

  • Bernadette M. Broccolo
  • Edward F. Shay

Complex models for sharing, integrating and analyzing protected health information (PHI) are essential for the effective implementation and operation of emerging accountable care delivery
arrangements. Such models include:

  • Health Information Exchanges (HIEs) and other Health Information Organizations (HIOs)
  • Shared and cloud hosted server infrastructure, applications and data centers
  • Peer to peer interfaces for wide-ranging purposes
  • Decision support systems

This session will examine whether and how the HIPAA/HITECH Omnibus Rule affects
complex data sharing models and associated risk. The session will cover:

  • Can complex data sharing models effectively manage many-to-one permitted uses/disclosures?
  • Is return and destruction of data feasible in complex data sharing models?
  • Does the Rule add barriers to the PHI exchange and integration needed to support accountable care delivery?
  • Will the Rule’s escalation of reporting, use and disclosure standards and associated penalties stifle PHI exchange/integration?
  • How will the Rule affect the allocation and management of privacy and security risk in multi-party agreements involved in implementing complex data sharing models
  • Have complex data sharing models outgrown HIPAA’s organizational models?

Other sessions focus on the changes and impact of the HIPAA/HITECH Omnibus Rule on breach notification reporting for both covered entities and business associates:

Shift Happens – HIPAA/HITECH Omnibus Rule Breach Notification Standard Will Result in Expanded Reporting

  • Patricia A. Markus
  • Rebecca R. Williams

Three and a half years after publication of the Interim Final Breach Notification Rule, the
HIPAA/HITECH Omnibus Rule provides a revised definition of “breach” and a new risk
assessment methodology that shifts the burden of proof to covered entities and business
associates. Now, a covered entity or business associate must provide breach notification if
it fails to demonstrate that a violation of HIPAA resulted in no more than a low probability
that the protected health information was compromised.  This session will address:

  • The new definition of breach and new risk assessment standard and factors
  • Hypotheticals illustrating the potential effect of the new standard
  • Practical considerations for covered entities and business associates as they prepare for compliance with the new requirements

In January, we hosted a webinar, No More Excuses: HHS Releases Tough Final HIPAA Privacy and Security Rules, with featured guest speaker health IT Attorney Brian Balow of the Dickinson Wright Law Firm. The webinar covered the rule modifications, their impact on covered entities, business associates and subcontractors, and mechanisms for minimizing the risk of HIPAA liability.

HIPAA Compliant Hosting White PaperFor more on secure hosting for HIPAA compliant solutions, read our HIPAA Compliant Hosting white paper. Questions to ask your HIPAA hosting provider, data center standards cheat sheet and a diagram of the technical, physical and administrative security components of a HIPAA hosting solution (including HIPAA compliant clouds) are included.

Learn more about how the final omnibus rule from our previous articles:
Final HIPAA Omnibus Rule: Business Associate Agreements & Roadmap to Compliance
In addition to redefining business associates (BAs) and including subcontractors in the scope of liability, the final HIPAA omnibus rule has prompted the release of a new sample business associate agreement by the Dept. of Health and Human Services (HHS). … Continue reading →

How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers
The long-awaited final modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules were introduced Thursday. The 563-word document outlines the changes that were initially slated for implementation last summer (remember the omnibus rule?). So how do these modifications affect … Continue reading →

HIPAA Omnibus Rule Narrows the HIPAA Hosting Market
The final HIPAA omnibus rule released late last week holds business associates (BAs) and subcontractors (the BA of a business associate) directly liable for compliance with the HIPAA rules, and sets a deadline for compliance with the new modifications. There’s … Continue reading →

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved