Safeguarding Your Practice: Understanding the Final HIPAA-HITECH Rules

Credits: 1

Best suited for: This course is best suited for physicians of all specialties and affiliated providers involved in direct patient care

Course Description

September 23, 2013, is the deadline when all hospitals, clinics, and practices must meet all requirements of the HIPAA Final Rule announced in January. Shortly thereafter, the Department of Health and Human Services (HHS) will begin audits to ensure that everyone meets their HIPAA obligations. This self-directed online learning module has been designed to address the federal government’s final rules on HIPAA privacy, security, and enforcement as well as the HITECH Act and the Breach Notification Rule.  

Learning Objectives

At the conclusion of this self-directed e-learning activity, participants should be able to:

  • Review and discuss the final regulations issued on January 25, 2013, by the U.S. Department of Health and Human Services as they affect ­

            - The HIPAA Privacy Rule ­
            - The HIPAA Security Rule ­
            - The HIPAA Enforcement Rule ­
            - The HITECH Act and the Breach Notification Rule

  • Describe what is and is not a “breach” of protected health information (PHI) according to the revised definition in the final rule 
  • List the required changes you must make to the content of your Business Associate Agreements 
  • Review and discuss the expanded definition of a “Business Associate” and the rules regarding subcontractors of the “Business Associate”  
  • Describe the new rules regarding fund-raising communications, marketing communications, and the sale of protected health information 
  • Describe the required revisions to your existing Notice of Privacy Practices 
  • List the enhanced civil and criminal penalties that can be applied
Faculty Information

Leslie Meserole, JD, is a principal in the health care practice team of Riddell Williams. She has experience working with hospitals, public hospital districts, air ambulance providers, physician groups, and physicians in business transactions and regulatory compliance matters. Leslie received her BS degree in Business Administration from Vanderbilt University and her JD degree from Seattle University School of Law, summa cum laude.

Robert Y. Oikawa
, MD, MPH, CISSP, CPPS, CPHQ, has focused on the information security and safety of health care information technology, especially regarding HIPAA security and privacy. He has been involved with health care, security, safety, and quality improvement throughout his career. He received his MD degree from the Johns Hopkins University School of Medicine in 1979, completing his medical residency and fellowships in biomedical engineering, cardiology, and interventional cardiology at the Johns Hopkins Medical Institutions. After a stint in private practice of interventional cardiology, he returned to software engineering and served as principal consultant, senior program manager, and senior architect during a decade with the Microsoft Corporation and MSNBC, focusing on software and system architecture, information security, learning solution development, software engineering best practices, risk management, innovation, and intellectual property. 

Planning Group

Tracey L. G. Hugel, RNC-TNP, CHC, CHPC, CPHIMS
David McGrath, CPHRM – Senior Risk Management Consultant, Physicians Insurance, Seattle
Cathy Reunanen, ARM, CPHRM, Senior Healthcare Risk Management Consultant, Physicians Insurance, Seattle
Cryss. Toycen - CME Specialist, Physicians Insurance, Seattle

2017 Review Group

Cathy Reunanen, ARM, CPHRM, Senior Healthcare Risk Management Consultant, Physicians Insurance, Seattle

Original release: July 2013
Last reviewed and updated: July 2017
Expiration: July 2018

CME Information
Category 1 credit is applicable throughout the United States.
Physicians Insurance/Experix members who complete this course will fulfill the risk management education requirement mandated by the Washington Health Services Act of 1993.

Participants will need to complete and pass a short quiz in order to claim CME credit. The minimum score to receive course credit is 70%.

Estimated time to complete this activity: 1 hour

Physicians Insurance/Experix is accredited by the Washington State Medical Association to provide continuing medical education for physicians.

Physicians Insurance/Experix designates this enduring material for a maximum of 1 AMA PRA Category 1 CreditTM. Physicians should claim only the credit commensurate with the extent of their participation in the activity.

This activity meets the criteria for up to 1 hour of Category I CME to satisfy the relicensure requirements of the Washington State Medical Quality Assurance Commission.

All faculty, planning and peer-review group members have certified that neither they nor their spouses/partners have, nor have had within the health care goods or services consumed by or used on patients, with the exemption of non-profit or government organizations and non-health care related companies.

Resolution of Conflicts of Interest
Physicians Insurance/Experix has implemented a process to resolve conflicts of interest for each continuing medical education activity, to help ensure content objectivity, independence, fair balance, and content that is aligned with the interest of the public. Conflicts, if any, are resolved through a peer-review process.

* If you are a member of Physicians Insurance, all CME courses are included with your premium. Click here to access members-only CME.