- Call Us: +1 833 990 1500 (Toll Free) (Mon - Fri, 7am - 3pm EST)
- Email Us: info@medical-webinars.com
Menu
42 CFR Part 2 Final Rule: What You Need to Know
Recorded Webinar
On February 8, 2024, both the U.S. Department of Health & Human Services (HHS) with the Substance Abuse and Mental Health Services Administration (SAMHSA) along with the Office for Civil Rights announced a final rule in the Code of Federal Regulations changing the HIPAA confidentiality of medical and mental health records for Substance Use Disorder (SUD) records regulations.
This new law is now at 42 CFR part 2. With this final rule now firmly in place, the HHS is implementing the confidentiality provisions originating with section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, which was enacted March 27, 2020, and which require the Department to align certain aspects of Part 2 with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules and other applicable federal law in the Health Information Technology for Economic and Clinical Health Act (HITECH).
The Part 2 statute (42 U.S.C. 290dd-2) protects the following: “[r]ecords of the identity, diagnosis, prognosis, or treatment of any patient which are maintained in connection with the performance of any program or activity relating to substance use disorder education, prevention, training, treatment, rehabilitation, or research, which is conducted, regulated, or directly or indirectly assisted by any department or agency of the United States.”
These defined confidentiality protections now help address concerns that discrimination and fear of criminal prosecution deter people from entering treatment for SUD.
The updates, changes, and modifications in this final rule reflect the proposals published in the December 2, 2022, Notice of Proposed Rulemaking (NPRM) and public comments received from many interested parties.
These included substance use disorder and other advocacy groups; trade and professional associations; behavioral and other health providers; health information technology vendors and health information exchanges; state, local, tribal and territorial governments; health plans; academic institutions, including academic health centers; and unaffiliated or anonymous individuals.
Following the usual and customary 60-day comment period, HHS analyzed and carefully considered all comments submitted from the public on the NPRM and made appropriate modifications before finalizing this updated law. This is an intermediate webinar.
This webinar examines the new Code of Federal Regulations governing HIPAA privacy for Substance Use Disorder records in mental health.
This new federal law is only a few months old, but has had a huge impact on the rights of patients and persons availing themselves of mental health treatment for substance use disorder.
Erase the uncertainty and doubt about what the new law does – and doesn’t – do to protect patient confidentiality.
Venue: Recorded Webinar
Telehealth completely changed in 2020 when the Public Health Emergency was put into effect. Now in 2025, many of those temporary changes are expiring and the telehealth business has exploded. These methods of communication between provider and patient are loved by many, and the convenience of telehealth in healthcare has become a common occurrence. This webinar will be reviewing the current parts of telehealth that are being considered permanent in the 2026 Physicians Fee Schedule Final Rule and the new evaluation and management services that are new codes for CPT in 2025 related to telehealth. We will find out what the do’s and don’ts of telehealth that are here to stay, as well as implementing these new codes and regulations into your practice. These new rules and codes are important to any one currently offering telehealth as well all who are considering it to add it to their practice in order to be compliant and maximize reimbursement for the services performed. Areas Covered in this Webinar The CMS Telehealth List and how to use it Medicare’s rules G codes for Medicare telehealth CPT addition of 17 codes to the E/M section for Telehealth Education for office staff Implementation on your software programs Who Will Benefit Physicians Advanced Nurses Physicians Assistant Billers Coders Compliance Managers Administrators Case Managers Claims Processors
HIPAA Breach Risk Assessments determine whether a Ransomware attack constitutes a HIPAA Breach that triggers Breach Notification Rule reports and notifications. A Ransomware attack is automatically presumed to be a HIPAA Breach unless you do a HIPAA Breach Risk Assessment that demonstrates the attack resulted in only a low probability of compromise to the affected protected health information (PHI). This webinar explains how to do a Ransomware HIPAA Breach Risk Assessment. The Problem Solved by this Webinar The HHS Office for Civil Rights (OCR) declared that a breach of unsecured PHI is presumed to have occurred when electronic protected health information (ePHI) is encrypted as the result of a ransomware attack on a HIPAA-regulated entity (health care provider, health plan, health care clearinghouse, or business associate). The entity must then comply with the applicable breach notification provisions, including notifying affected individuals without unreasonable delay, the Secretary of HHS, and the media (for breaches affecting over 500 individuals), in accordance with HIPAA breach notification requirements. However, it is not a breach if the ransomware-victimized entity can demonstrate that there is a low probability that the encrypted ePHI has been compromised. This webinar explains how to do that. Areas Covered in the Webinar A Breach Risk Assessment can determine whether a ransomware attack is a breach of unsecured ePHI, triggering embarrassing reports and notifications. Factors that can be applied in performing a Breach Risk Assessment. OCR’s guidance about specific factors that can demonstrate a low probability of compromise to ePHI encrypted by a ransomware attack. How to perform a Breach Risk Assessment step-by-step. How to document a Breach Risk Assessment and why you must document it. What to do if you cannot demonstrate a low probability of compromise to ePHI. Why You Should Attend This Webinar Attend this webinar to learn how to perform a Breach Risk Assessment with a special emphasis on ransomware attacks. Ransomware attacks may have only a low probability of compromising ePHI. A Breach Risk Assessment can determine whether a ransomware attack resulted only in a low probability of compromise to ePHI and provide Covered Entities and Business Associates with Documentation to overcome the presumption that the ransomware attack was a Breach.. Who Will Benefit Health Care Covered Entities HIPAA Compliance Officials – Privacy and Security Officers Chief Compliance Officer Practice Managers Health Information Technology Supervisors Risk Managers Group Health Plan Administrators Third Party Group Health Plan Administrators Covered Entity Senior Management and Owners Health Care Providers practicing as individuals or in small groups Attorneys for Covered Entities – In-house and Outside Counsel Business Associates HIPAA Compliance Officials – Privacy and Security Officers Chief Compliance Officer Business Associate Senior Management and Owners Risk Managers Attorneys for Business Associates – In-house and Outside Counsel
Over the last few years, the U.S. Department of Health and Human Services, Office for Civil Rights has made modifications to patient privacy requirements. The agency is on track for enhancing care coordination, empowering patients, and reducing administrative burden. In addition, on the Security Rule side, the agency released a proposed rule to overhaul significant requirements and make cybersecurity safeguards a priority. Knowing what an organization must do to meet these new regulatory requirements can be challenging. The webinar will address what has already changed in privacy, cover proposed Privacy Rule modifications, and cover the Security Rule overhaul proposals. Timeline and compliance implications will be covered. After completing this webinar, a Covered Entity or Business Associate will have a clear understanding of what has changed and what will change. Objectives Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? What Has Already Changed in Privacy? What are the Proposed Privacy Rule Modifications? What are the proposed Security Rule modifications? What is the Timeline & Compliance Implications? What recommendations should be followed now? Q&A Webinar Highlights Learn from an expert on the implementation of the HIPAA rules Understand what the HIPAA management process currently requires Learn how to implement these changes for your organization Who Should Attend Compliance Officer HIPAA Privacy Officer HIPAA Security Officer Medical/Dental Office Managers Practice Managers Information Systems Manager Chief Information Officer General Counsel/lawyer Practice Management Consultants Any Business Associates that access protected health information
Many providers have considered outsourcing functions in the revenue cycle. Like all businesses, some third-party companies do excellent work for providers, but there may be others that look for ways to take advantage of their provider. Outsourcing has its own pros & cons that must be carefully considered. We will review major common areas that providers must weigh strategically before making a decision whether to outsource and selecting the best partner for your needs. It is vital providers know exactly who is handling their claims and what they are doing with their information. Definitions of third-party vendors Legal responsibilities of the provider Common industry trends Important questions to ask vendors & contractors Who Will Benefit Physicians Practice managers Medical assistants Nurses Compliance staff Billers Coders Revenue Cycle Risk Management Mid level providers