4-Part HIPAA Compliance Boot Camp 2025 – Security Rules, AI Compliance Risks, SAMHSA Part 2, and HITECH Risk Management

This “4-Part HIPAA Compliance Boot Camp 2025 – Security Rule Changes, AI Compliance Risks, SAMHSA Part 2, and HITECH Risk Management” series consists of 4 topics, each of 90 minutes.

Part 1: HIPAA Security Rule – Major Changes for 2025

This 90-minute webinar will address how practice/business managers (or compliance officers) need to get their HIPAA house in order as HIPAA HITECH is now fully enforced with bipartisan support, and the government is not using kid gloves anymore. It will also address new congressional mandates and the major changes and updates for 2025 and beyond – both for the HIPAA Privacy Rule and the HIPAA Security Rule.

We will also be discussing current breaches, most common breaches, telemedicine, texting, emailing, the 21st Century Cures Act (Information Blocking), and the OCR audit process.. There are an enormous number of issues and risks for covered entities and business associates these days – we will speak to the most common violations and fines, and how to best avoid fines and headaches. I will speak on specific experiences from over 23 years of experience working as an outsourced compliance auditor and expert witness on multiple HIPAA cases, and thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information. More importantly, I will show you how to limit those risks by simply taking proactive steps and utilizing best practices.

Areas Covered in the Session:-

• Updates for 2025 and Beyond
• Rights of AccessCare Coordination
• Information Sharing
• Notice of Privacy Practices
• 21st Century Cures Act
• Telemedicine (Do’s and Don’ts)
• Fines
• Portable Devices
• Texting and Emailing – New Guidelines
• New Definition of Protected Health Information
• Real Life Audits and Litigated Cases
• Business Associates and the Increased Burden
• Breach Notification
• Risk Factors

Part 2: New HIPAA and Artificial Intelligence (AI) Changes and Updates

This 90-minute webinar  on “New HIPAA and Artificial Intelligence (AI) Changes and Updates” we will be going into detail regarding your practice (or business) and the use of artificial intelligence (AI). We will engage in a comprehensive exploration of HIPAA compliance in the age of AI, where this innovation meets the HIPAA regulations for a harmonious future in healthcare.

We will discuss when HIPAA applies to AI, what AI is, how does is it affect healthcare (positively and negatively), managing AI risks, developing policies and procedure for AI, educating staff on the use of AI, what components are necessary for developing a HIPAA compliance AI solution (for developers), cyber-security and AI., and etc.

We will also discuss some of the popular AI platforms such as OpenAI’s/ChatGPT, Google Gemini/Bard, Midjourney AI, MS Copilot, etc.

Areas Covered in the Session:-

• General overview of AI
• How AI can affect healthcare delivery
• When does HIPAA apply to AI
• Managing AI risks
• What components are necessary when developing software
• Cyber risks and AI
• Popular AI platforms (pros and cons)
• Potential HIPAA violations
• Practical solutions.

Why Should You Attend?

Join Mr. Brian Tuttle in this 90-minute webinar on “New HIPAA and Artificial Intelligence (AI) Changes and Updates.” Let’s face it, Artificial Intelligence (AI) is changing the world, and this most certainly includes healthcare. From assisting in personalized treatment plans, administrative processes, diagnosis, and many other areas of healthcare, AI is reshaping the very foundations of healthcare delivery in multiple facets.

What changes have occurred relating to HIPAA and Artificial Intelligence (AI), and will they be permanent?

• But what is it?
• Are you currently using AI?
• Is the AI you are using compliant with HIPAA?
• Do you understand what is required of the AI technology to comply with the regulation?
• Are you a HealthIT Developer and concerned about the use of certain AI technologies within your application?

Part 3: New Update on HIPAA Vs SAMHSA (42 CFR Part 2)

This 90 minute session on “New Update on HIPAA Vs SAMHSA (42 CFR Part 2)” will be addressing how practice/business managers (or compliance offers) need to ensure their organization is complying with the Federal Substance Abuse and Mental Health Administration (SAMHSA) regulations (42 CFR Part 2) and how this differs from the HIPAA (Health Insurance Portability and Accountability Act) Privacy and Security Regulations.

Both regulations carry significant civil and even criminal penalties if not complied with. Both regulations are now being enforced proactively by the Federal government. Both regulations if not complied with can lead to catastrophic legal consequences on state laws of negligence and invasion of privacy if not complied with.

This lesson will cover the latest SAMHSA and HIPAA updates, which were released in January 2018 and December of 2017 respectively, and also cover multiple scenarios and FAQ’s relating to Substance Abuse Records, Mental Health Records, Alcohol Abuse Records, and the proper ways to secure this information and/or release this information.

An overview of a comparative analysis will be presented comparing SAMHSA to the HIPAA laws relating to protected health information in general.

Areas Covered:-

• Updates for 2025
• What is SAMHSA?
• What is HIPAA?
• Portable Devices
• When and how records can be released
• Proper Documentation Required
• Enforcement of the Law
• SAMHSA vs HIPAA (specific scenarios)
• Who must comply
• Best Practices.

Why Should You Attend?

Are you clear on the differences between HIPAA and SAMHSA CFR 42 Part 2? there are some small but extremely major differences that must be addressed between the two regulations.

Is your organization working with substance abuse records or treating patients for substance abuse?

Are you aware of the strict federal regulations related to this type of sensitive information?

Are you aware of the ramifications for non-compliance for both HIPAA and SAMHSA?

The Substance Abuse and Mental Health Services Administration (SAMHSA) is the agency within the U.S. Department of Health and Human Services that leads public health efforts to advance the behavioral health of the nation. SAMHSA’s mission is to reduce the impact of substance abuse and mental illness on America’s communities.

Part 4: How to Conduct a HIPAA HITECH Security Risk Assessment in 2025

This course will cover the proper methodologies on conducting a HIPAA Risk Assessment based on the formula used by Federal auditors and via the guidelines of the NIST (National Institute of Standard for Technologies). The course will also cover the most important aspects to be aware of in terms of the Federal auditing process as well as the new risks regarding patients suing for wrongful disclosures.

Areas Covered:-

•  Updates for 2025
•  Policies and Procedures
•  Risks
•  Business associates and the increased burden
•  NIST-based Risk Assessment

Why Should You Attend?

Have you done a HIPAA Risk Assessment? Do you know that a risk assessment is the first thing the Feds will ask for in an audit? Is your risk assessment adequate? Do you have written policies in place for every single one of the implementation specifications of the HIPAA Security Rule (even ones that don’t apply)? Do you know this is required?

I will show how to conduct a PROPER risk assessment point by point and how to avoid scams in the market. We will also be discussing the absolute importance of doing a risk assessment and that this is the first thing the OCR will ask for. I will instruct the listeners on how to write proper policies and procedures, which are to be based upon the findings of the risk assessment, and how to word the policies to satisfy the Fed. We will also discuss the importance of having policies that are consistent with your procedures, and also discuss the negative ramifications of cookie-cutter templates in the eyes of the HHS.

Who Will Benefit?

This webcast will be of valuable assistance to the following audience.

• Practice Managers
• MDs and other Medical Professionals
• Any business associates who work with medical practices or hospitals (i.e., billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc.)

Instructor:

Brian L Tuttle is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 17 years of experience in Health IT and Compliance Consulting.

With vast experience in health IT systems (i.e. practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 22 years of experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as a compliance consultant and has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.

In addition, Mr Tuttle has served in multiple litigated court cases serving as an expert witness offering input related to best practices and requirements for securing and providing patient access to protected health information. Mr. Tuttle has also worked directly with the Office of Civil Rights (OCR) both in defending covered entities and business associates as well as being asked by the Federal government to audit covered entities and business associates on behalf of the OCR.

Almost all of Brian’s clients are earned by referral with little or no advertising.

Brian is well known and highly regarded in medical circles throughout the United States for his quality work and down-home southern charm Mr Tuttle has a Master’s Degree in The Study of Law from the University of Georgia and operates nationally out of Swainsboro, GA.