BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    On-Demand

  • signal_cellular_alt Difficulty Level

    Intermediate

  • work Practice Area

    Health

Date & Time
  • event Date

    Tuesday, November 5, 2024

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    90 minutes

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.

$297.00
CLE
ALL

This CLE webinar will guide practitioners through federal and state regulations governing the offshoring of patient data in the healthcare industry. The expert panel will discuss how offshoring is being used in the industry and how this may create conflicts with privacy regulations and material contractual arrangements. The panel will also offer best practices for guiding clients through the maze of privacy regulations so they may remain compliant.

Faculty

Carolyn V. Metnick
Partner
Sheppard Mullin Richter & Hampton Llp - San Diego

Ms. Metnick is a partner in the Corporate Practice Group in the firm's Chicago office and a member of the Healthcare and Privacy & Cybersecurity Teams. She represents a range of healthcare industry clients, including hospitals and health systems, physician organizations and digital health companies. Ms. Metnick advises on healthcare regulatory and transactional matters with a focus on health information privacy and security. She is the founder and leader of Sheppard Mullin Healthy AI, which is an initiative focused on legal issues relates to the use of AI in healthcare. Ms. Metnick counsels healthcare clients on issues relating to AI, including governance, contractual matters, and data related issues. She advises clients on a range of privacy and security laws, including HIPAA and other federal and state privacy laws. Ms. Metnick also counsels businesses in data breach investigations and compliance with federal and state breach notification laws. She is a Certified Information Privacy Professional/United States (CIPP/ US) and a Certified Information Privacy Professional/Europe (CIPP/E).

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Michael Sutton
Attorney
Sheppard Mullin Richter & Hampton LLP

Mr. Sutton takes on the most cutting edge and disruptive areas of practice, blending healthcare, technology, and legal compliance into his daily workload. In particular, he focuses on HIPAA and privacy related regulations and their interplay with technological developments both inside and outside of the healthcare and consumer spaces. Similarly, Mr. Sutton well versed in negotiations centered on data usage and derivative ownership rights. He supports clients as they navigate a complex web of emerging regulations in the digital healthcare space, tackling artificial intelligence, webtracking, information blocking, offshoring, de-identification, and other next-gen workstreams. He has managed government investigations, worked to resolve active breach incidents, and advised clients regarding a range of privacy and technology oriented matters. Mr. Sutton also supports clients in developing compliant and innovative approaches to navigating HIPAA and other privacy laws to ensure client objectives are achieved in alignment with all legal and regulatory requirements.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

Healthcare companies are increasingly contracting with third-party vendors to provide software and a variety of support services, such as claims processing, call center staffing, and technical support, for cost savings. Often this involves offshoring mass amounts of patient data to subcontractors.

Offshoring occurs when a party contracts with another party located outside of the U.S. and its territories. With federal and state privacy laws governing patient data becoming more stringent and offshoring becoming more common, counsel should be aware of how to help their clients navigate the complex and often inconsistent interplay of laws, regulations, and guidance to ensure compliance.

In addition to federal regulations, such as HIPAA and ACA, and CMS guidance that impact the offshoring of patient data, several states have taken steps to limit this practice as well. For example, the Florida Electronic Health Records Exchange Act effectively prohibits certain covered healthcare providers from storing electronic health records offshore themselves and from relying on third-party offshore vendors to store such records. Other states have issued executive orders prohibiting the offshoring of certain activities that are paid for by state agencies.

Listen as our expert panel discusses the compliance challenges facing healthcare counsel and their clients who must decide whether and to what extent to use offshore third-party vendors for support while maintaining their obligations to protect patient data. The panel will discuss the network of federal and state regulations and guidance governing the offshoring of patient data and best practices for helping clients remain compliant.

Outline

  1. Introduction to offshoring
    1. How offshoring is being used in the healthcare industry
  2. Federal regulations and guidance impacting offshoring in healthcare
    1. HIPAA
    2. ACA
    3. CMS guidance
  3. State laws and actions affecting offshoring
    1. FL
    2. OH
    3. Others
  4. Contractual arrangements
  5. Penalties for noncompliance
  6. Best practices for compliance
  7. Practitioner takeaways

Benefits

The panel will review these and other key considerations:

  • What federal laws impact the offshoring of patient data? How?
  • What are notable state laws and/or actions that limit or prohibit the offshoring of patient data?
  • What are best practices for assisting clients in deciding whether and in what manner to use third-party vendors that require offshoring?