BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    On-Demand

  • signal_cellular_alt Difficulty Level

    Intermediate

  • work Practice Area

    Health

Date & Time
  • event Date

    Tuesday, October 8, 2024

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    90 minutes

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.

$297.00
CLE
ALL

This CLE webinar will guide healthcare practitioners through the U.S. Department of Health and Human Services' Office for Civil Rights' (OCR) final rule amending HIPAA privacy regulations governing the use and disclosure of PHI related to reproductive healthcare information (RHI). The panel will discuss the final rule's requirements for regulated entities and under what circumstances they are prohibited from disclosing RHI. The panel will also address the dilemma facing regulated entities when determining whether to comply with state laws requiring the disclosure of RHI or HIPAA's privacy prohibitions and offer best practices for compliance.

Faculty

Beth Neal Pitman
Partner
Holland & Knight LLP

Ms. Pitman advises healthcare systems and providers and healthcare information technology (IT) businesses when navigating healthcare privacy and cybersecurity regulations, other healthcare regulations, and government reimbursement program matters. Her experience includes the development and ongoing management of comprehensive HIPAA compliance programs, including drafting and negotiating business associate agreements, policies and training. When a data breach or other privacy regulatory violation occurs, Ms. Pitman guides her clients through the process for responding to the breach and any subsequent federal or state government investigations. She also provides advice to clients related to the frequent changes associated with the many federal healthcare payment programs.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Julia R. Hesse
Partner
Holland & Knight LLP

Ms. Hesse advises physicians, clinicians and healthcare investors in the formation and expansion of management companies across various specialties, with particular emphasis focused on dental practices, women's health, fertility centers, reproductive health, menopause and dermatology. Ms. Hesse has deep experience and knowledge representing fertility providers in transactional and complex regulatory and investigation matters. She is also a leading national authority on the regulation of dentists and dental support organizations, and advises on the unique structural and regulatory issues for investors in the dental space. In addition, Ms. Hesse counsels private equity and venture capital funds, as well as strategic investors, on healthcare diligence and transactional issues. She works closely with clients in the healthcare industry regarding regulatory matters such as fraud and abuse, self-referral laws, licensing, compliance, insurance, HIPAA and the HITECH Act, and state law privacy and data security concerns, including data breach issues.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

OCR recently published a far-reaching final rule amending the HIPAA privacy rule and providing new protections for the privacy of RHI. The rule requires compliance by Dec. 23, 2024, with the exception of the notice of privacy practices (NPP) provisions requiring compliance by Feb. 16, 2026.

The rule's purpose is to restrict the circumstances under which HIPAA-covered entities and their business associates (regulated entities) may disclose RHI by prohibiting its use or disclosure to conduct a criminal, civil, or administrative investigation into a person, or to impose civil, criminal, or administrative liability on any person, for the mere act of seeking, obtaining, providing, or facilitating reproductive healthcare that is lawful under the circumstances in which it was provided.

To ensure compliance, the rule requires regulated entities that receive requests for RHI related to law enforcement, judicial, or administrative purposes to obtain a signed attestation from the requestor to verify that the use or disclosure of the RHI is not prohibited as described in the rule. The rule allows for healthcare providers to presume the healthcare provided was lawful under the circumstances it was provided unless they have actual knowledge or factual information to the contrary.

Regardless, the rule now puts regulated entities in the difficult position of deciding whether to comply with a state law requirement to disclose information or the HIPAA privacy prohibition.

The rule also requires regulated entities to revise their NPPs to reflect the rule's changes and also to address proposed changes made in the NPRM for the Confidentiality of Substance Use Disorders which were finalized in connection with this rule.

Listen as our expert panel guides practitioners through the new amendments to the HIPAA privacy rule and the significant impact it will have on regulated entities. The panel will also offer best practices for compliance.

Outline

  1. Introduction
  2. The final rule
    1. Purpose
    2. Covered entities
    3. Revised definitions
    4. Prohibited uses and disclosures
    5. Rule of applicability
      1. Presumption that healthcare at issue is lawful
      2. When the provider and requestor disagree as to whether the healthcare is lawfully provided
    6. Attestation
    7. Notice of privacy practices revisions
    8. Reporting abuse, neglect, or domestic violence
    9. Responding to law enforcement administrative requests
    10. Recognition of personal representative
    11. Disclosures authorized by patient
    12. Enforcement
    13. Compliance timeline
  3. Impact on healthcare providers
    1. Preparing for compliance
    2. When state law conflicts with HIPAA
    3. Relationship to information blocking regulations
  4. Practitioner takeaways

Benefits

The panel will review these and other important considerations:

  • Who is covered by the final rule?
  • Under what circumstances does the final rule prohibit the disclosure of RHI?
  • When may regulated entities presume that the reproductive healthcare that was provided was lawful under the circumstances?
  • How should regulated entities proceed when state law requirements appear to conflict with the final rule's prohibitions?
  • What is the attestation requirement in the final rule?
  • What revisions to NPPs are required by the final rule?