HIMSS12 Preview: Get Updated on HIPAA Privacy & Security

For several years, attorneys Gerry Hinkley and Deven McGraw have jointly presented an educational session at the annual HIMSS Conference. They’re back for HIMSS12 in Las Vegas.


For several years, attorneys Gerry Hinkley and Deven McGraw have jointly presented an educational session at the annual HIMSS Conference.
 
They’re back for HIMSS12 in Las Vegas, hoping to be able to explain provisions of the long-delayed HIPAA privacy/security/breach notification/enforcement final rule. Absent that, they’ll give a refresher on current regulations and how they may change in the final rule.

Hinkley, a partner in the law firm Pillsbury Winthrop Shaw Pittman; and McGraw, director of the health privacy project at the Center for Democracy and Technology, and a member of the HIT Policy Committee that advises federal officials, also will draw on the practical experiences they’ve had with privacy breaches.

They’ll explain, for instance, when there is a basis for justifying that a breach has not and will not cause significant harm, and thus need not be reported and affected patients notified. That “harm threshold” provision in existing HIPAA law has been a bone of contention, and there could be changes in the final rule. Among other issues, Hinkley and McGraw also will address the current HIPAA obligations of business associates and subcontractors and how that could significantly change in the final rule.

For all organizations covered under the privacy, security and breach rules, “it’s time for a HIPAA tune-up,” Hinkley says. “HIPAA is the legal requirement, it needs to be part of your culture and it needs to be properly understood.”

As organizations join health information exchange initiatives and start talking to each other about their internal privacy/security policies as they seek common compliance via HIEs, some are painfully learning that their compliance hasn’t been adequate, Hinkley says. “So, be open to changes in your privacy policies and attitudes as they could change with health information exchange. There’s a lot of misconceptions out there.”

The session, “Trends and Recent Developments in Patient Privacy,” is scheduled on Feb. 21 at 12:15 p.m.