Sign for Notice Everyday    Sign Up| Sign In| Link|

Our Sponsors

  • ESTA - Electronic System for Travel Authorization
Receive Latest News

Share Us

HIPAA HYBRID ENTITIES 2017 - HIPAA Hybrid Entities - What If Healthcare is Only a Part of What You Do

View: 177

Website | Edit Freely

Category hybrid entity under hipaa regulations,hipaa standards online training,hipaa protected health information,Hipaa Laws And Regulations Webinar,hipaa compliance training,upcomming hipaa webinars,hipaa changes 2017,online healthcare training Webinar,online hipaa training

Deadline: August 16, 2017 | Date: August 17, 2017

Venue/Country: Fremont, U.S.A

Updated: 2017-05-15 18:25:39 (GMT+9)

Call For Papers - CFP

Training Options Duration: 90 Minutes

Thursday, August 17, 2017 | 10:00 AM PDT | 01:00 PM EDT

Overview: Many organizations that provide health care services also provide

other services that are not related to heath care and are that not paid for by health

plans or Medicaid. For such organizations a decision must be made: Do we apply HIPAA

controls and policies throughout the organization for all programs, or do we decide

what parts of our organization are under HIPAA and what parts are not, and designate

Hybrid Entity status under HIPAA? There are significant impacts in making the choice

to be a Hybrid Entity or not, and entities need to consider their own particular

circumstances to determine the most appropriate path to take.

If one portion of an entity is covered under HIPAA, the entire entity is subject to

HIPAA, unless the entity declares Hybrid Entity status and limits the sharing of

information between the HIPAA and non-HIPAA portions. Either option has its pros and

cons and any entity's choice is not obvious at first glance. For something like a

county government, it's easy to see that while the County Nursing Home may be a HIPAA

entity, it would not make sense to apply HIPAA controls to the County Highway

Department, and the designation of Hybrid Entity status for the county would an

obvious choice, as there is no need to share any health care information between the

County Nursing Home and the County Highway Department.

But for behavioral health and social service organizations, the choice is not so

clear. To be able to share information from a HIPAA portion to a non-HIPAA portion, in

a Hybrid you need to have a HIPAA Authorization from each individual served, and you

must have strict logical "firewalls" between the HIPAA and non-HIPAA portions to

protect information from unauthorized access. You need to make sure any systems that

carry or touch any Protected Health Information are secure no matter which model you

follow would it be easier to apply HIPAA throughout the organization? You do, after

all, have obligations to protect individuals' privacy, ethically or under the law,

whether HIPAA applies or not, and HIPAA provides a good, recognized standard for

protecting the privacy and security or personal information. And consistency within

the organization is important - wherever you can reduce staff choices in how to handle

information, you reduce the chances for making the wrong choice.

There are burdens associated with either choice, and the best choice depends on how

you do business and how easily separable and distinct your programs are. If there is

no real overlap between HIPAA and non-HIPAA programs in services, locations, and

staff, Hybrid status may make sense, but you will need to get a HIPAA Authorization if

you want to refer an individual to another of your programs outside of HIPAA. If the

lines are blurred and information needs to be shared to achieve the organization's

goals, HIPAA-everywhere may be better, but it will require organization-wide policies,

procedures, and training. This session will examine the options and the issues in

choosing to be a Hybrid Entity or not and assist organizations in making the decision

and implementing the results of the decision. Agencies will come away with a better

understanding of how they should designate themselves and what they need to do for

compliance in either case.

In This Session:

The definition of a HIPAA Hybrid Entity

Typical Hybrid Entities

Understanding your information flows

How much of your work is healthcare?

Requirements of not claiming Hybrid status

Requirements of claiming Hybrid status

The HIPAA Authorization issue

Example Hybrid Entity analyses

Policy and Procedure Requirements

Documentation and Training Requirements

Why should you Attend: Recent HIPAA enforcement settlements indicate the importance of

properly designating Hybrid Entity status. UMass paid a $650,000 settlement amount,

reflective of the fact that the University operated at a loss in 2015, for not

adequately identifying all the HIPAA covered elements of UMass activities and

improperly designating its Hybrid Entity status. Skagit County, Washington also

settled with HHS after they had not properly designated the county as a Hybrid Entity

due to its County Health Department activities.

No matter whether the organization takes the steps to declare Hybrid Entity status or

to implement HIPAA organization-wide, there are significant implementation, policy,

and training impacts to consider. Going Hybrid means having a clear separation of

health information from other information outside the HIPAA-covered portion, and no

sharing of PHI outside the HIPAA portion with other portions of the organization in

order to coordinate services can take place without having HIPAA Authorizations in

place. If the organization chooses to take the HIPAA-everywhere approach, HIPAA

policies, procedures, and training will have to be applied organization-wide, but

sharing information within the organization in order to better deliver services is

much easier. There are pros and cons to either choice, and the best choice depends on

how the organization does business and the services it provides.

Areas Covered in the Session:

Find out how to evaluate whether or not your organization is best served by Hybrid

Entity status

Learn how to properly declare and document Hybrid Entity status when that is the best


Find out what policies and procedures are required, and for whom, for entities using a

HIPAA-everywhere approach

Find out what policies and procedures are required, and for whom, for entities using a

HIPAA-Hybrid approach

Learn about the training and education that must take place and be documented to

ensure your staff uses health information properly and does not risk exposure of PHI

Find out the steps that must be followed in the event of a breach of PHI

Learn about how the HIPAA audit and enforcement activities are now being increased and

how you must be prepared or risk significant penalties

Who Will Benefit:

Compliance Director



Privacy Officer

Security Officer

Information Systems Manager

HIPAA Officer

Chief Information Officer

Health Information Manager

Healthcare Counsel/Lawyer

Office Manager

Speaker Profile

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek

Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information

privacy and security regulatory compliance services to a wide variety of health care


Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-

chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup,

and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding

HIPAA and information privacy and security compliance issues at seminars and

conferences, including speaking engagements at numerous regional and national

healthcare association conferences and conventions and the annual NIST/OCR HIPAA

Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and

implementation, business process analysis, information systems and software

development. His experience includes leading the development of health care related

Web sites; award-winning, best-selling commercial utility software; and mission-

critical, fault-tolerant communications satellite control systems. In addition, he has

eight years of experience doing hands-on medical work as a Vermont certified volunteer

emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude,

from the University of Vermont and his master’s degree from the Massachusetts

Institute of Technology.

Price: $139.00

Contact Info:

Netzealous -MentorHealth

Phone No: 1-800-385-1607

Fax: 302-288-6884



Keywords: Accepted papers list. Acceptance Rate. EI Compendex. Engineering Index. ISTP index. ISI index. Impact Factor.
Disclaimer: ourGlocal is an open academical resource system, which anyone can edit or update. Usually, journal information updated by us, journal managers or others. So the information is old or wrong now. Specially, impact factor is changing every year. Even it was correct when updated, it may have been changed now. So please go to Thomson Reuters to confirm latest value about Journal impact factor.