4-Part HIPAA 2025 Boot Camp: Security, Messaging, Training & SAMHSA Rules

4-Part HIPAA 2025 Boot Camp: Security, Messaging, Training & SAMHSA Rules

This "4-Part HIPAA Compliance Boot Camp 2025: Security Rules, Messaging Risks, Officer Training & SAMHSA Clarity" series consists of 4 topics, each of 90 minutes.

Topic 1: New Update on HIPAA Vs SAMHSA (42 CFR Part 2)

This 90 minute session on "New Update on HIPAA Vs SAMHSA (42 CFR Part 2)" will be addressing how practice/business managers (or compliance offers) need to ensure their organization is complying with the Federal Substance Abuse and Mental Health Administration (SAMHSA) regulations (42 CFR Part 2) and how this differs from the HIPAA (Health Insurance Portability and Accountability Act) Privacy and Security Regulations.

Both regulations carry significant civil and even criminal penalties if not complied with. Both regulations are now being enforced proactively by the Federal government. Both regulations if not complied with can lead to catastrophic legal consequences on state laws of negligence and invasion of privacy if not complied with.

This lesson will cover the latest SAMHSA and HIPAA updates, which were released in January 2018 and December of 2017 respectively, and also cover multiple scenarios and FAQ’s relating to Substance Abuse Records, Mental Health Records, Alcohol Abuse Records, and the proper ways to secure this information and/or release this information.

An overview of a comparative analysis will be presented comparing SAMHSA to the HIPAA laws relating to protected health information in general.

Areas Covered:-

• Updates for 2025
• What is SAMHSA?
• What is HIPAA?
• Portable Devices
• When and how records can be released
• Proper Documentation Required
• Enforcement of the Law
• SAMHSA vs HIPAA (specific scenarios)
• Who must comply
• Best Practices.

Why Should You Attend?

Are you clear on the differences between HIPAA and SAMHSA CFR 42 Part 2? there are some small but extremely major differences that must be addressed between the two regulations.

Is your organization working with substance abuse records or treating patients for substance abuse?

Are you aware of the strict federal regulations related to this type of sensitive information?

Are you aware of the ramifications for non-compliance for both HIPAA and SAMHSA?

The Substance Abuse and Mental Health Services Administration (SAMHSA) is the agency within the U.S. Department of Health and Human Services that leads public health efforts to advance the behavioral health of the nation. SAMHSA's mission is to reduce the impact of substance abuse and mental illness on America's communities.

Topic 2: 2025 HIPAA Training for the Compliance Officer

This webinar will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur with strong bipartisan backing in Washington. It will also address major changes under the Omnibus Rule and any other applicable updates for 2025

Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT.

The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information regarding the “do’s and don’ts” with HIPAA – I want to add clarity for compliance officers and practice managers and also what you guys need to do and how to best implement your HIPAA program based on over 22 years of personal experience working with Federal auditors, state auditors litigation, and corporate auditors.

We will go through multiple scenarios that are commonly faced by compliance officers and how to manage these situations

I will also speak to real-life litigated cases I have worked on where HIPAA is being used to justify state cases of negligence – THIS IS BECOMING A HUGE RISK!

In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand)

Areas Covered:-

• Updates for 2025
• Requirements of Compliance Officers
• The new definition of what constitutes protected health information
• Real-life litigated cases
• BYOD
• Portable devices
• Business associates and the increased burden
• Emailing of PHI
• Texting of PHI
• Federal Audit Process
• HIPAA and suing – how this works
• Risk Assessment Resources
• Ransomware and how to avoid
• What to do when a breach occurs.

Why Should You Attend?

Join me in this in-depth 90-minute webinar where we will get into the nitty-gritty about the roles and responsibilities of a HIPAA Compliance Officer

Do you have an effective HIPAA compliance program? Do you know what needs to be done to satisfy the requirements? Are you aware of the new 2025 changes relating to Information Access, Information Blocking, Encryption, Notice of Privacy Practices, Dobbs/Jackson, Care Coordination, etc,?

New laws, funding, and enforcement mean increased risk for both business associates and covered entities – 2023 was a record year for enforcement and fines – 2024 will be no different.

It is important to understand the new changes going on at Health and Human Services as it relates to the enforcement of HIPAA for both covered entities and business associates. You need to know how to avoid being low-hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.

Topic 3: 2025 HIPAA Texting and Emailing - Do's and Don'ts

This 90-minute webinar will go into detail regarding your practice (or business) information technology and how it relates to the HIPAA/HITECH Security Rule and securing PHI in transmission – what is required and what is not. What may be coming around the corner with the 2025 NPRMs for the HIPAA Security Rule?

I will go through multiple examples and specific scenarios and offer simple, common-sense solutions. I will also discuss the “dos and don’ts” relating to encryption and updated bulletins provided by the Office for Civil Rights.

Areas covered will be texting, email, encryption, medical messaging, voice data, personal devices, and risk factors relating to virus-born emails.

I will uncover myths versus reality as it relates to this very enigmatic law, based on over 1000 risk assessments performed, as well as years of experience in dealing directly with the Office for Civil Rights HIPAA auditors.

I will speak on specific experiences from over 22 years of experience working as an outsourced compliance auditor, expert witness on multiple HIPAA cases in state law, and thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information.

More importantly, I will show you how to limit those risks by simply taking proactive steps and utilizing best practices.

Don’t always believe what you read online about HIPAA, especially as it relates to encryption and IT. There are a lot of groups selling more than is necessarily required.

Areas Covered in the Session:-

• Updates for 2025
• Telemedicine
• BYOD
• Encryption (is it mandatory?)
• Patients’ rights to Unencrypted Communications
• Policies regarding personal devices
• Portable devices – best practices
• Doctors and texting
• Practical solutions
• Business associates and the increased burden
• Emailing of PHI
• Texting of PHI
• Federal Audit Process.

Why Should You Attend:-

Confused about all the misinformation relating to HIPAA, what you can and can’t do?

Let me get those questions FINALLY answered for you once and for all!

What is myth, and what is reality? What does the new 2025 proposed HIPAA HITECH mean for transmitting EPHI?

There is a lot of confusion about transmissions of protected health information and what business associates and covered entities need to do and what we SHOULD NOT do!

Join me in this 90-minute webinar as we discuss the dos and don’ts regarding texting and emailing, along with any other sorts of transmissions of protected health information!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates, as it relates to portable devices, texting, emailing, and transmission in general of protected health information (PHI).

You need to know how to avoid being low-hanging fruit in terms of audit risk, as well as being sued by individuals who have had their PHI wrongfully disclosed due to bad IT practices.

I have also been an expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence to minimize risk.

Today, trial attorneys pose a higher risk than the Federal government!

Topic 4: New HIPAA Security Rule: Clarified and Explained for 2025

This HIPAA Security Rule webinar will be addressing how practice/business managers (or compliance officers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the HIPAA Security Rule and any other applicable updates for 2024. Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT. Brian will also go into details regarding the top areas of non-compliance relating to the Security Rule and common-sense ways (and resources) to get this fixed!The primary goal is to ensure everyone is well educated on what is the myth and what is the reality with this law, there is so much misleading information all regarding the do's and don'ts with HIPAA – Brian will add clarity for compliance officers and/or practice managers/business owners. He will uncover myths versus reality as it relates to this very enigmatic law based on over 1000 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. Brian will also speak to real life litigated cases he has worked where HIPAA is being used to justify state cases of negligence – THIS IS BECOMING A HUGE RISK! In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).Areas Covered: -

• Updates for 2025
• HIPAA Security Rule vs HIPAA Privacy Rule
• Requirements of Compliance Officers
• Real Life Litigated Cases
• BYOD
• Portable Devices
• Business Associates and the increased Burden
• Emailing of PHI
• Texting of PHI
• Federal Audit Process
• HIPAA and suing – how this works
• Risk Assessment
• Best Resources.

Why Should You Attend?

• Do you know what's involved and what you need to do under the HIPAA Security Rule?
• Why should you be concerned?
• Court cases that are changing the landscape of HIPAA and patient's ability to sue!
• TRIAL ATTORNEYS ARE MORE DANGEROUS THAN THE FEDERAL GOVERNMENT!!

It is important to understand the new changes going on at Health and Human Services as they relate to the enforcement of HIPAA for both covered entities and business associates, as it relates to what we need to do as compliance officers. You need to know how to avoid being low-hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully disclosed due to bad IT or internal administrative practices.

Who Will Benefit?

This webcast will be of valuable assistance to the following audience.

• Practice Managers
• MDs and other Medical Professionals
• Any business associates who work with medical practices or hospitals (i.e., billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc.)