HIPAA's Right of Access: Compliance Challenges, OCR Enforcement, and Best Practices
Recording of a 90-minute CLE video webinar with Q&A
This CLE course will guide healthcare counsel on HIPAA's right of access. The panel will discuss defining the designated record set and evaluate common scenarios in which liability may arise. The panel will also discuss the U.S. Department of Health and Human Services Office for Civil Rights (OCR's) right of access enforcement efforts. The panel will offer best practices for compliance.
- HIPAA basics and the right of access
- HIPAA Right of Access Initiative
- Common scenarios in which liability may arise
- Intersection with the interoperability rule
- Applicable state law
- Record retention
- Best practices
The panel will review these and other relevant issues:
- What compliance challenges are covered entities facing today with respect to the HIPAA right to access?
- What steps should covered entities take to define designated record sets and otherwise ensure compliance with access requirements?
- Under its Right of Access Initiative, what actions has OCR taken to enforce the requirements?
Jo-Ellyn Sakowitz Klein, CIPP/US
Akin Gump Strauss Hauer & Feld
Ms. Klein is a leading practitioner on privacy and data protection matters, with a special emphasis on the health and... | Read More
Ms. Klein is a leading practitioner on privacy and data protection matters, with a special emphasis on the health and life sciences sectors. She has been recognized by The Legal 500 US in the cyber law (including privacy and data protection) category from 2019 through 2022. She has focused on privacy and data protection law for more than 20 years. Ms. Klein assists clients with issues arising under state and federal privacy, security and data breach notification laws and regulations. These include the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), Section 5 of the Federal Trade Commission (FTC) Act, the FTC Health Breach Notification Rule (HBNR) and myriad state privacy, security and breach notification laws, including the California Consumer Privacy Act (CCPA) and California Confidentiality of Medical Information Act (CMIA). Ms. Klein has examined privacy and data protection issues arising in a broad array of settings, ranging from hospitals to professional sports, including medical device and pharmaceutical companies, developers of health-related apps, and leading-edge technology companies.Close
Valerie Breslin Montague
Ms. Montague represents a variety of health care providers, digital health companies, senior living facilities,... | Read More
Ms. Montague represents a variety of health care providers, digital health companies, senior living facilities, nonprofit trade associations, life sciences companies, and vendors of health care providers. She is a Certified Information Privacy Professional/United States (CIPP/US), the preeminent credential in the field of privacy. Ms. Montague assists health care providers and business associates of all types in complying with the requirements of HIPAA and the HITECH Act, from the development of policies and workforce training to analysis and notification of breaches to guidance through Office for Civil Rights investigations. She also advises vendors initiating arrangements with health care entities on whether their business triggers HIPAA. Beyond HIPAA, Ms. Montague counsels health care providers on compliance with other federal and state health information confidentiality requirements, as well as cybersecurity best practices.Close