OrHIMA ROI Workshop

July 8, 2019

8:00 AM – 4:30 PM PT

Location

The Smullin Center
Rogue Regional Medical Center

2825 E. Barnett Rd.
Medford, OR 97504

Agenda

Topic and speakers are subject to change without notice.

Total CEU’s Available: 7 – Privacy and Security

8:00 - 8:15 AM

Welcome/Announcements

8:15 - 9:45 AM

Release of Information: Basic Rules of Disclosure

  • HIPAA Privacy Rule Review
  • TPO and Continuity of Care – what does not require an authorization and what does
  • HIPAA and Oregon Law
  • Other Laws – 42 CFR Part 2, FERPA, Psychotherapy Notes, COPA, Oregon Statute
  • ROI specifics: Timeframes, Charging for Records, Record Retention and ROI
Aurae Beidler, MHA, RHIA, CHC, CHPS

Aurae Beidler is currently the Compliance and Privacy Officer at Linn County Department of Health Services where she oversees the compliance and privacy program. Prior to working at the county, she served as the Oregon Health Authority’s Privacy Officer and an assistant professor and program director for the healthcare compliance graduate certificate program at Pacific University. She has ten years’ experience in healthcare compliance including auditing and monitoring coordination, investigations, education and HIPAA Privacy Officer duties. She has also published several articles in Compliance Today. She served three years on AHIMA’s Privacy and Security Practice Council.

Aurae holds a Master’s degree in Healthcare Administration from Pacific University, a graduate certificate in biomedical informatics from Oregon Health and Sciences University and a B.A. in Journalism from University of Oregon. Aurae is currently credentialed as a CHC, certified in healthcare compliance, RHIA, registered health information administrator and CHPS, Certified in Healthcare Privacy and Security.

Claire Cieri, MS, CHC, CHPS, CPCO, CPMA, CPC, CHCA

Claire Cieri is a Certified Compliance and Privacy officer, auditor and coder who partners with clinic administrators and providers to keep healthcare clinics profitable while still being compliant with the many privacy, security and compliance laws and regulations. She has been working in the healthcare field for a decade, continually growing her skills. Claire has been an independent consultant for the past 6 years, helping clinic managers with compliance and privacy projects that they know they are required to do, but just do not have the time or the staff. Claire truly enjoys meeting and working with all types of clinic personnel, knowing that the true measure of healthcare is how we take care of patients, including their protected health information. She has taught workshops on implementing compliance plans, risk assessments, HIPAA policies and procedures, plus updating your business associate agreements and notice of privacy practices. Claire provides HIPAA and Cybersecurity training, plus policies and procedures for all types of clinics. She was instrumental in educating clinics on what was required for the Omnibus Bill in 2013. Claire believes that, in terms of security and compliance issues, you are only as strong as your weakest link so she knows that training, and training often, is the best way to ensure that your clinic does not run the risk of losing it all due to a simple human error. Claire worked with Lane Community College Health Clinic on their data breach last year that concerned over 2000 patients. She helped administration inform the OCR, media, and patients plus she rewrote their privacy and security policies, including training. Claire has a Masters of Science in Industrial Relations from the University of Oregon and a Bachelors of Art from Smith College.

10:15 - 11:45 AM

Patient Rights

  • Accounting of Disclosure, Access, Amendment, Restriction, etc.
  • Anatomy of an Authorization and Patient Access Form – requirements of a valid form
    • General
    • Marketing
    • Fund Raising
    • 42 CFR Part 2
  • Personal Representatives and ROI
  • Legal Documents (Guardianship, POA, Advanced Directives, etc.)
  • Minors, Decedents, Estates
  • Denial of Access (Clinical Judgment, How to deny/ what to send the requestor)
Aurae Beidler, MHA, RHIA, CHC, CHPS

Aurae Beidler is currently the Compliance and Privacy Officer at Linn County Department of Health Services where she oversees the compliance and privacy program. Prior to working at the county, she served as the Oregon Health Authority’s Privacy Officer and an assistant professor and program director for the healthcare compliance graduate certificate program at Pacific University. She has ten years’ experience in healthcare compliance including auditing and monitoring coordination, investigations, education and HIPAA Privacy Officer duties. She has also published several articles in Compliance Today. She serves on AHIMA’s Privacy and Security Practice Council.

Aurae holds a Master’s degree in Healthcare Administration from Pacific University, a graduate certificate in biomedical informatics from Oregon Health and Sciences University and a B.A. in Journalism from University of Oregon. Aurae is currently credentialed as a CHC, certified in healthcare compliance, RHIA, registered health information administrator and CHPS, Certified in Healthcare Privacy and Security.

Claire Cieri, MS, CHC, CHPS, CPCO, CPMA, CPC, CHCA

Claire Cieri is a Certified Compliance and Privacy officer, auditor and coder who partners with clinic administrators and providers to keep healthcare clinics profitable while still being compliant with the many privacy, security and compliance laws and regulations. She has been working in the healthcare field for a decade, continually growing her skills. Claire has been an independent consultant for the past 6 years, helping clinic managers with compliance and privacy projects that they know they are required to do, but just do not have the time or the staff. Claire truly enjoys meeting and working with all types of clinic personnel, knowing that the true measure of healthcare is how we take care of patients, including their protected health information. She has taught workshops on implementing compliance plans, risk assessments, HIPAA policies and procedures, plus updating your business associate agreements and notice of privacy practices. Claire provides HIPAA and Cybersecurity training, plus policies and procedures for all types of clinics. She was instrumental in educating clinics on what was required for the Omnibus Bill in 2013. Claire believes that, in terms of security and compliance issues, you are only as strong as your weakest link so she knows that training, and training often, is the best way to ensure that your clinic does not run the risk of losing it all due to a simple human error. Claire worked with Lane Community College Health Clinic on their data breach last year that concerned over 2000 patients. She helped administration inform the OCR, media, and patients plus she rewrote their privacy and security policies, including training. Claire has a Masters of Science in Industrial Relations from the University of Oregon and a Bachelors of Art from Smith College.

11:45 AM - 12:30 PM

Lunch

12:30 - 1:30 PM

Research

  • HIPAA Privacy Rule
  • IRB
  • Authorizations for Research
  • Data Use Agreements/Limited Data Sets
Terri Barrett, PhD, CIPM, CIPP/G/US, FIP

In her role as Institutional Review Board Vice-Chair, Terri supports the Office of the Chief Privacy Officer. She works with the Oregon Health Science University (OHSU) research community to facilitate institutional compliance and integrity with the policies, procedures, regulations, and guidelines pertaining to information privacy and security. She is primarily responsible for the review and approval of research protocols from an information privacy and security standpoint and conducts investigations of potential research data incidents. This position coordinates with the Compliance Committee, Information Privacy and Security Office and Legal on highly sensitive and confidential matters.

Prior to her role at OHSU, she held the position as Deputy Chief Privacy Officer overseeing the WV Executive Branch privacy program involving the formulation, development, establishment and implementation of the overall privacy program’s strategic goals and objectives. She had responsibility for development and issuance of Executive Branch privacy training programs to insure basic competency and continued development of skills, knowledge and abilities relevant to the areas of privacy for assigned responsibility. Additionally, she was responsible for incident response management which includes harm analysis, mitigation of impact, as well as tracking all incidents in the WV Executive Branch.

She holds a Bachelor of Arts degree in Sociology from West Virginia State University and a Master’s of Science degree in Health Care Administration from Marshall University Graduate College. In February 2012, she earned her doctorate in Postsecondary and Adult Education from Capella University.

1:30 - 2:30 PM

Reporting to Authorities

  • Mandatory Reporting
  • Law Enforcement
  • Public Health
  • HIPAA Permitted Reporting (e.g., military, correctional institutions, whistleblowers, etc.)
Cindy Hahn JD, FIP, CIPP/US, CIPM, CHC

Cindy Hahn is a Senior Assistant County Attorney and the Chief Privacy Officer for Multnomah County, Oregon. Cindy represents the County in matters related to privacy, the protection of personal information and also handles other transactional matters. Prior to her role at the County, she held previous privacy and compliance roles at two large health plans and worked as a software engineer prior to and during law school. She earned a BBA in Management Information Systems from University of Texas at Austin and JD from University of Denver Sturm College of Law.

Rebecca Hall

Rebecca is currently the Operations Manager at Linn County Mental Health, where she oversees the day-to-day operations, records and quality programs. Prior to becoming Operations Manage, Rebecca was supervisor of the Quality Program starting in 2015 and a child outpatient therapist before that. She has a Masters in Marriage and Family Therapy with a Bachelors in Psychology. She has worked in outpatient, transitional housing and access in the mental health field. As part of her quality program position, she obtained Certification in Healthcare Compliance and Healthcare Privacy Compliance in 2017.

2:30 - 2:45 PM

Break

2:45 - 4:30 PM

Legal Proceedings from Discovery to Trial and Key Legal Documents

  • Legal Health Record vs Designated Record Set
  • Subpoenas and Court Orders
  • Affidavit, Custodian of Records
  • Risk Management
Cindy Hahn JD, FIP, CIPP/US, CIPM, CHC

Cindy Hahn is a Senior Assistant County Attorney and the Chief Privacy Officer for Multnomah County, Oregon. Cindy represents the County in matters related to privacy, the protection of personal information and also handles other transactional matters. Prior to her role at the County, she held previous privacy and compliance roles at two large health plans and worked as a software engineer prior to and during law school. She earned a BBA in Management Information Systems from University of Texas at Austin and JD from University of Denver Sturm College of Law.

Pricing

Member – $149
Nonmember – $169
Student – $69

Registration limited to 30 participants.

Breakfast and Lunch provided.

Conference workbook including all Presentations slides included in registration fee.

Cancellation

Registration fees will be refunded (less $25 processing fee) upon written notice received 72 hours prior to the meeting. Cancellations with less than 72 hours notice will not be refunded. Substitution for registrants is permitted.

Click here if you need to cancel your registration or provide a substitute.

Registration

Online registration has now closed.  Onsite registration will NOT be available.