A Comprehensive HIPAA Compliance Guide: Navigating Today’s Healthcare Challenges!

Mark R. Brengelman

Mark R. Brengelman

Mark holds Bachelor’s and Master’s degrees in Philosophy from Emory University and a Juris Doctorate from the University of Kentucky. Retiring as an Assistant Attorney General, he now represents Health care professionals Two government ethics commissions, and Parents and kids in confidential child abuse and neglect cases,...
Read More
300 Mins
Mark R. Brengelman

Mastering HIPAA Compliance: Responsibilities, Mobile Devices, State Licensure, IoT Patient Monitoring, Telemedicine, and Social Media

Session 1: Role of HIPAA Privacy Officer: Compliance and Responsibilities | 60 Mins

While the basic provisions of privacy for protected health information are well known, their application in today’s healthcare world is complex – so much so the HIPAA laws require a Privacy Officer for your health care organization as a covered entity. HIPAA’s many security rules regarding protected health information first involve the person designated as a Privacy Officer. These federal requirements extend not only to covered entities but to business associates of covered entities.

What is the difference between a HIPAA Compliance Officer, a Privacy Officer, and a Security Officer? Can the health care entity combine functions and job duties? Are these three separate jobs, or are they three jobs in one? The current trend requires the covered entity to stay on top of continuing changes to HIPAA and a growing responsibility, expanded job duties, and a greater time and resource demands focused on patient confidentiality and digital security by the Privacy Officer.

This session of the module covers the job responsibilities of the Privacy Officer, the intended qualifications, and tips and techniques for carrying out these increasing privacy functions.

Session Outline:

  • Identifying the basics of HIPAA compliance as to the designated Compliance Officer, Privacy Officer, and Security Officer
  • Analyzing the required identification of the Privacy Officer
  • Citing examples of duties and responsibilities of the Privacy Officer
  • Reviewing desired qualifications found in the Privacy Officer, and
  • Discussing a comprehensive list of job duties for the successful Privacy Officer.

Session 2: E-Mailing, Texting, And The Use Of Personal Devices By Health Care Professionals | 60 Mins

The ability to text or e-mail health care practitioners and other staff and patients has become a priority for many health care entities and practitioners, especially solo health care practitioners with limited support staff.  Maintaining patient privacy and confidentiality is necessary to make sure covered entities meet compliance standards of HIPAA and state licensure laws.

Although e-mailing and texting are convenient for the health care practitioner and patient, these communication methods have security risks and inherent pitfalls. Implementing e-mail and text solutions in the health care setting is a complex issue and several factors must be addressed.

This session will help attendees erase the fear, uncertainty, and doubt about exactly how a health care practitioner may use modern texting and e-mail, both within their own health care organization or facility and to the outside world of patients.  Find out how these communications may or may not be required to be retained by the health care practitioner.

This session will help understand the fundamental aspects of HIPAA privacy regulations, establishing a strong foundation for understanding the intricate world of healthcare data security. We'll explore the core principles of HIPAA and its relevance in today's digital age, particularly in the context of electronic communications. We'll also provide real-world examples showcasing how state licensure laws can impact the handling of protected health information.

Additionally, we'll break down the essential components of privacy notices and effective communication practices with patients, ensuring compliance with HIPAA's stringent guidelines. As a bonus, we'll touch on the importance of implementing confidentiality and privacy disclaimers on healthcare practitioners' websites, especially for those managing their online presence.

Session Outline:

  • The basics of HIPAA privacy
  • The basics of HIPAA and the use of electronic communications
  • Examples of state licensure laws governing protected health information
  • Elements of privacy notices and communications practices with patients
  • Bonus: website confidentiality and privacy disclaimers for the health care practitioner with their own website.

Session 3: HIPAA Privacy Exceptions: State Licensure Boards and Investigations | 60 Mins

This part of the module discusses HIPAA requirements then diverts to a review of state licensure laws that allow state investigative agencies to exploit HIPAA exceptions for various law enforcement purposes.

During the session we’ll reviews core privacy requirements of HIPAA then covers in detail the ways state licensure boards and agencies use the authority of state law to cover HIPAA exceptions and gain access to your patient records. This session shows how state agencies use state law in concert with HIPAA exceptions to conduct government-lead investigations.

These exceptions can also be used by federal agencies in the same way.

This session will help you gain a firm understanding of how state law authorizes state licensure boards and agencies to use HIPAA exceptions to gain access to your patients’ protected health information when you are under investigation. Know the state authority under its police powers to protect the health, welfare, moral, and safety of the public in various health care context.

Session Outline:

  • How state licensure agencies investigate
  • How state law fits with the HIPAA privacy exceptions
  • When is a health care practitioner subject to subpoena administratively
  • Where do state open records laws apply to these sought-after records?
  • Civil and criminal matters that may result in investigation and inquiry to secure your records

Session: 4: Remote Patient Monitoring on the Internet of Things: HIPAA Security Rules for Telemedicine Practices | 60 Mins

Remote patient monitoring, often termed remote patient management, involves the collection of a broad spectrum of patient health data, from vital signs like blood pressure and heart rate to advanced metrics like glucose levels and pulse oximetry. These technologies are part of the Internet of Things (IoT), where electronic devices connect to central systems for data analysis and interpretation.

However, this interconnected landscape also introduces new security risks. Patient monitoring can be continuous, happening 24/7, which amplifies the need for robust safeguards to protect patient data.

In this session, we'll not only explore the evolving IoT landscape but also delve into broader examples of personal security infringements, from electronic stalking to tracking criminal activity using geolocation data from fitness devices.

Our aim is to dispel any uncertainties surrounding the utilization of modern remote patient monitoring within a telemedicine practice while ensuring compliance with HIPAA's stringent security regulations. We will provide insights on how healthcare practitioners can fulfill these mandates, ensuring patient confidentiality remains intact in this fast-evolving digital healthcare era.

This session will help attendees gain a comprehensive understanding of the evolving world of remote patient monitoring and IoT in healthcare, equipping you with the knowledge to navigate HIPAA's security rules effectively and with confidence.

Session Outline:

  • Identifying the growing use of the Internet of Things
  • Analyzing the basics of telehealth, telemedicine, and tele practice in health care, including mental health
  • Citing examples of remote patient monitoring, such as heart rate and steps counters, to sophisticated medical data collection
  • Reviewing elements of security issues with the constant flow of patient date 24/7
  • Examining basic steps to ensure compliance with HIPAA security in remote patient monitoring as a unique element of telehealth to the patient.

Session 5: Navigating Hospital Liability for Employee HIPAA Violations in the Age of Social Media | 60 Mins

This advanced webinar delves into the critical issue of social media violations committed by employees within healthcare facilities, specifically focusing on hospitals. It addresses the pivotal question of when and how a healthcare facility, such as a hospital, may be held accountable for HIPAA violations committed by its own staff members. This discussion is pertinent to various healthcare institutions beyond hospitals.

The goal of this session is to dispel any uncertainties surrounding a hospital's potential liability for its employees' HIPAA breaches and to clarify whether such misconduct falls within the scope of their employment, consequently making the hospital financially liable.

In this session we will examine two distinct state court cases that revolve around hospital employees' HIPAA violations, shedding light on how their outcomes can significantly differ. While addressing HIPAA privacy basics for hospitals and employees, we'll also explore established social media regulations and present glaring instances of HIPAA breaches resulting from reckless social media activities.

Furthermore, this session provides an in-depth analysis of the divergent outcomes in recent state court cases concerning hospital liability for employee HIPAA violations related to social media usage. By delving into these cases, we aim to illustrate how one hospital escaped liability while another did not.

Session Outline:

  • Basics of HIPAA privacy as applied to hospitals and employees;
  • Examples of social media violations by health care workers;
  • A detailed analysis of court cases involving hospital liability for employee HIPAA social media violations;
  • Employment best practices for social media rules;
  • Consequences for HIPAA social media violations, and;
  • Basic tips and techniques to defend yourself from liability.

Who Should Attend

  • Health care attorneys
  • Risk management officers
  • Corporate compliance officers in health care
  • Medical records staff of medical offices and health care entities
  • Hospital attorneys; health care practitioners who are covered entities
  • Law enforcement officers in health care compliance
  • State boards and agencies with jurisdiction over state licenses to practice a health care profession
Event Registration
Purchase Options


Webinar Recording + PDF Transcript

Get webinar recording (in mp4) with presentation handouts and pdf transcript for the webinar



Recording Only

Webinar recording (in mp4) with presentation handouts


Make your Own Bundle

Choose your own learning format/s


We also Recommend

Streamlining the Credentialing Process: Avoiding Common Pitfalls!
Streamlining the Credentialing Process: Avoiding Common Pitfalls!
Stephanie Thomas, CPC, CANPC, COSC | 60 Mins
Live | HealthCare

View More

Let us inform you about everything important directly.