The Office for Civil Rights (OCR, the arm of the U.S. Department of Health & Human Services that enforces the HIPAA privacy and security rules, imposed almost $29 million in HIPAA penalties in 2018—an all-time record. The penalty cases include multiple instances of failure to have business associate agreements in place, failure to terminate access to Protected Health Information (PHI) when terminating an employee, and failure to review records of access to PHI. In addition, OCR has issued informal guidance on appropriate security for smart phones and laptops that hold or can access PHI, the dangers of insider threats to the security of PHI, and issues relating to the use of cloud storage and processing for PHI.
Employers that sponsor health plans for their employees hold PHI that is subject to the HIPAA privacy and security rules and they have legal obligations to protect that PHI. Keeping updated on the latest HIPAA guidance and enforcement trends is a cornerstone of compliance and this webinar will review the latest information from OCR and other sources.
Anyone who has responsibility for choosing or budgeting for health plan offerings, handling health plan enrollment and recordkeeping, dealing with health plan third-party service providers, answering employees’ questions about their health coverage, or health plan legal compliance. Depending on the size of the company, this might include the CEO or CFO, a VP for Benefits or HR, HR managers and front-line HR staff. It may also include compliance officers, payroll managers or staff, and IT security staff.
Christine Williams has worked in the employee benefits field since 1987, both in private practice and as in-house counsel to a Fortune 100 company, and now as a consultant. She has extensive experience with all types of health and welfare plans, and was the editor and a contributing author of HIPAA Portability, Privacy, & Security, published by Employee Benefits Institute of America (EBIA), a division of ThomsonReuters, and is still a contributor to that publication. She was a contributing author of Health Care Reform for Employers and Advisors, also published by EBIA. She has provided advice on HIPAA, health care reform, COBRA, ERISA, and other compliance issues to a wide range of benefit plans, employers that sponsor benefit plans, and business associates. In 2017 she left the active practice of law and founded Health Plan Plain Talk, a consulting firm to assist employers and others with benefit plan compliance. She regularly teaches seminars for employee benefit professionals and writes about benefit plan compliance. Before moving into employee benefits Ms. Williams was an assistant professor at the University of Maryland School of Law. She earned her law degree from the University of Kentucky College of Law.