BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    On-Demand

  • signal_cellular_alt Difficulty Level

    Intermediate

  • work Practice Area

    ERISA

Date & Time
  • event Date

    Tuesday, November 5, 2024

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    90 minutes

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.

$347.00
CLE
ALL

This CLE webinar will provide health care providers and health plans an in-depth analysis of the U.S. Department of Health and Human Services' Office for Civil Rights' (OCR) final rule amending HIPAA privacy regulations. The panel will discuss the final rule's requirements for regulated entities and under what circumstances they are prohibited from disclosing reproductive healthcare information. The panel will also address the dilemma facing regulated entities when determining whether to comply with state laws requiring the disclosure of PHI or HIPAA's privacy prohibitions and offer best practices for compliance.

Faculty

Shalyn Watkins
Attorney
Holland & Knight LLP

Ms. Watkins represents various healthcare providers and companies, including, but not limited to, individual providers and provider practices, long-term care and skilled nursing facilities, laboratories, technology companies, and insurers and health plans. Ms. Watkins also assists clients with developing and managing compliant healthcare programs. Her practice involves assisting clients with regulatory compliance, health information privacy advising, Medicare and Medicaid/Medi-Cal reimbursement and overpayment issues, licensure and credentialing disputes, and transaction due diligence and structuring. Ms. Watkins experience includes knowledge of the Health Insurance Portability and Accountability Act (HIPAA), corporate practice of medicine, Stark Law, Anti-Kickback Statute (AKS), Eliminating Kickbacks in Recovery Act (EKRA), contract disputes, administrative law and regulatory enforcement actions, compensation and policy reviews, and the development and implementation of compliance plans for clients.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
David S. Szabo
Partner
Troutman Pepper Locke LLP

Mr. Szabo represents hospitals, integrated delivery systems, physician organizations, home care companies and other health care service providers. He also represents health care information technology companies and health plans. He is a Partner in the Corporate and Transactional Department and a member of the Privacy & Cybersecurity Practice Group. Mr. Szabo has extensive experience in health care licensing and regulation, reimbursement, fraud and abuse compliance matters, health care mergers and acquisitions and the structuring of joint ventures. He regularly advises clients on Stark Law and Anti-Kickback compliance matters. Mr. Szabo's  practice also includes the privacy and information security law applicable to health care providers, health plans, technology vendors and other organizations. He advises nonprofit organizations on transactions, general corporate matters, tax and governance issues. Mr. Szabo's practice includes significant engagements in the implementation of health information technology and shared electronic health record systems, compliance with privacy and information security regulations and response to data breaches and cybersecurity events. His breach response experience includes negotiation with regulatory agencies, breach remediation and crisis management.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

The OCR recently published a final rule amending the HIPAA privacy rule that provides new protections for the privacy of reproductive healthcare information. The rule requires compliance by Dec. 23, 2024, except for the notice of privacy practices provisions, which require compliance by Feb. 16, 2026.

The final rule restricts the circumstances under which HIPAA-covered entities, health plans, and their business associates may disclose reproductive healthcare information by prohibiting its use or disclosure to conduct a criminal, civil, or administrative investigation into a person or to impose civil, criminal, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive healthcare that is lawful under the circumstances in which it was provided.

Under the rule, regulated entities that receive requests for reproductive healthcare information related to law enforcement, judicial, or administrative purposes must obtain a signed attestation from the requestor to verify that the rule does not prohibit the use or disclosure of the reproductive healthcare information. The rule allows for healthcare providers to presume the healthcare provided was lawfully under the circumstances it was provided unless they have actual knowledge to the contrary.

The rule puts regulated entities in the difficult position of deciding whether to comply with a state law requirement to disclose information or the HIPAA privacy prohibition.

In addition, regulated entities must revise their notice of privacy practices to reflect the rule changes and also to address proposed changes made in the NPRM for the Confidentiality of Substance Use Disorders which were finalized in connection with this rule.

Listen as our panel discusses the final rule's requirements for HIPAA-covered entities, health plans, and their business associates and under what circumstances they are prohibited from disclosing reproductive healthcare information.

Outline

  1. Final HIPAA privacy rules
    1. Covered entities
    2. Revised definitions
    3. Prohibited uses and disclosures
    4. Rule of applicability
    5. Attestation
    6. Notice of privacy practices revisions
    7. Enforcement, compliance timeline, and other key issues
  2. Impact on group health plans
    1. Preparing for compliance
    2. Documentation that must be updated in light of the final rule
    3. Relationship to information blocking regulations
  3. Practitioner takeaways and best practices

Benefits

The panel will review these and other important considerations:

  • Who is covered by the final rule?
  • Under what circumstances does the final rule prohibit the disclosure of reproductive healthcare information?
  • When may regulated entities presume that the reproductive healthcare that was provided was lawful under the circumstances?
  • What is the attestation requirement in the final rule?
  • What revisions to notice of privacy practices are required by the final rule?