March 28, 2013


Presented by Kathie McDonald-McClure, Esq., and hosted by Uluro, a Product of Transformations, Inc.

Topics Covered: Why there’s more attention on the security of health information; who is required to comply with the HIPAA Security Rule; Meaningful Use criteria requires compliance with Security Rule; who is a “covered entity” (and who is a “health care provider”, “health plan”, “health care clearinghouse”) and who is a “business associate”; the impact of HIPAA Omnibus Rule on business associates and their subcontractors; what is a Security Rule risk assessment; impact of HIPAA Omnibus’ Rule on penalties & enforcement; what is government doing to audit for Security Rule compliance?

Click the following link to access the Webinar slide deck:

Wyatt-Transformations_Webinar-Legal_Issues_in_Health_IT_Security – March 28 2013


POST-NOTE & IMPORTANT UPDATE: The 3-Part Webinar Series below was presented during August & September of 2010 and was based on the Stage 1 Meaningful Use criteria and on the HIPAA/HITECH laws and regulations that were in place at that time.  Since then, the Stage 2 criteria for meeting Meaningful Use was released in July 2012, and the HIPAA Omnibus Rule was released in January 2013.  With the release of the Meaningful Use criteria for Stage 1, CMS modified certain Stage 1 criteria; an overview of the changes was prepared by CMS in a “Stage 1 Changes Fact Sheet” (last updated August 2012), which can accessed by clicking here.  The HIPAA Omnibus Rule modified HIPAA in a number of areas such changes to Notices of Privacy Practices, creating direct liability for Business Associates and their subcontractors, redefining the criteria for a “breach”, enhancing enforcement and the penalties for violations,  and more.


Learn about HITECH’s certification and meaningful use requirements, as well as the incentives available for electronic health records (EHRs). Also learn about the privacy and security requirements for patient health information (PHI) under HITECH. Participate in each program from the comfort of your office, at no cost! Each program will include a presentation by one of Wyatt’s Health Care Service Team lawyers followed by an opportunity for questions. The topics, dates and times are:


Part I: The HITECH EHR Incentives and Certification Requirements
Wednesday, August 18, 2010, 12:00-1:15 pm (EDT) Click Here to Download the Part I Webinar materials 

On July 13, 2010, the Health & Human Services’ Office of National Coordinator (ONC) released a Final Rule on the standards and certification criteria that EHRs must satisfy in order to achieve “certified EHR” status. On the same date, the Centers for Medicare and Medicaid (CMS) released a Final Rule that addressed, among other things, the incentive payments available for EHRs. How much money is available? What are the procedures for claiming your incentive, besides proving “meaningful use” (to be addressed in Part II)? What are the standards and certification criteria that an EHR must meet? What contracting issues should be addressed in the EHR vendor’s contract? Can you get incentives if you have a system with different modules provided by different vendors? Can your homegrown EHR qualify?


Part II: The HITECH EHR “Meaningful Use” Requirements for Hospitals and Eligible Professionals
Wednesday, September 1, 2010, 12:00 -1:15 pm (EDT) 
Click Here to Download the Part II Webinar Materials

Providers must make a meaningful use (MU) of their “certified EHR” in order to qualify for the HITECH financial incentives. This webinar will address the MU requirements under the CMS Final Rule. What are the MU requirements for hospitals and eligible professionals? How do the requirements under the Final Rule differ from the proposed rule? Can you still qualify for incentives if one of the MU requirements is impossible to meet? What are the demonstration and reporting periods for MU? What are the stages of MU? What are the deadlines to “sign up” to participate?


Part III: HITECH’s Changes to HIPAA
Wednesday, September 22, 2010, 12:00-1:30 pm (EDT) Click Here to Download Webinar Part III Materials

On July 14, 2010, the Department of Health and Human Services issued a notice of proposed rulemaking to modify the HIPAA Privacy, Security, and Enforcement Rules. What do these proposed rules reveal about HHS’ future enforcement plans for HIPAA? What should business associates be doing now in order to meet upcoming compliance dates? We will also be discussing the data breach policies that all covered entities and business associates should have in place, the training that everyone needs on data breach policies, and the statutory changes that HITECH made to the HIPAA Privacy and Security Rules.


There is no charge to participate. For additional information, feel free to call one of the presenters directly:

Kathie McDonald-McClure, Esq., ph. 502-562-7526
Carole D. Christian, Esq., ph. 502-562-7588
Erin Brisbay McMahon, Esq., ph 859-288-7452


Copyright 2015. Wyatt HITECH Law. All rights reserved. Fair use with attribution welcomed.

Leave a reply. Please note that although this blog may be helpful in informing clients and others who have an interest in information privacy and security, it is not intended to be legal advice. The information on this blog also should not be relied upon to form an attorney-client relationship.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.