Health Care and HIPAA Compliance
HIPAA and Health Information Privacy, Security and Management
Increasing scrutiny of health care delivery and health information use and disclosures by regulatory agencies, courts and stakeholders requires greater emphasis on the need for efficient and cost-effective information management. The services below are aimed at cost-effective management of information and communications between caregivers and others to mitigate compliance and litigation risk while increasing information use efficiencies.
Health Care Compliance and Regulatory Offerings
- HIPAA consulting and legal counsel with regard to the pertinent state and federal regulations and potential regulations and laws. New HIPAA law and state disclosure regulations (HITECH Act and ARRA) are in the drafting process with regard to disclosures, uses, confidentiality, privacy and security of protected health information, including electronic health information (“EPHI”). We keep you informed and help devise strategies for management of health information systems consistent with the requirements of these provisions.
- “Red Flags Rule” assessment and protocols: Gap Analysis, policies. Procedures and training on new requirements concerning potential security breaches and security breach notification
- Information governance assessment and gap analysis of records management protocols, including preservation, uses, access, and disclosures of EPHI, electronic health records (“EHR’s or EMR’s) pursuant to HIPAA and state laws.
- Coordination of interdisciplinary teams to revise and/or draft protocols for management of EPHI, EMR’S and EHR’S.
- Facilitation of and guidance for EPHI Content Mapping, so that health information may be accessed, utilized and disclosed in across the enterprise in a timely and cost-efficient manner.
- Employee technology use protocols and risk management issues.
- Disclosure Readiness Assessment, to provide a measure of the ability of the organization to respond, within the bounds of HIPAA (as revised in February 2009) and state laws to requests for PHI, including electronic health information, by patients, caregivers, courts (and counsel), state and federal regulatory authorities and accreditation agency surveys (JCAHO and RAC); facilitate formation and operation of Disclosure Response Teams to reduce costs, duplication of effort, and time in responding to disclosure requests.
- Coordination with outside counsel with regard to litigation and regulatory agency demands for information, including appearances at discovery conferences as discovery counsel, where appropriate; defense of motions for sanctions for failure to produce demanded information.
- Prepare and deliver training and education materials and programs regarding federal and state regulations on EPHI management and disclosures.
- Facilitation of interdisciplinary workgroups to monitor, review and document compliance.
- Representation in compliance audits and investigations.
- Defense in proceedings for HIPAA civil monetary penalties and state sanctions.