CAADS HIPAA Manual - 2025 Refresh

HIPAA

CAADS Health Insurance Portability and Accountability Act (HIPAA)
Policies and Procedures Manual for ADHC Providers
2025

CAADS has once again collaborated with Allan Jergesen of Hanson, Bridgett to create an updated HIPAA Compliance Kit designed to help you quickly comply with the new HIPAA regulations. This revised manual incorporates updates necessitated by:
  • Special protections have been added for reproductive health information in response to the Supreme Court’s Dobbs decision.  This may not seem to have much of an impact on providers that focus on seniors, but the definition of reproductive health information is broad and could include various items found in the records of ADHC participants.
  • The Notice of Privacy Practices provided to new participants will have to be updated.
  • New interpretations of HIPAA regarding proper responses to health information security breaches.
  • There have been changes in California law that are more stringent than some HIPAA standards, meaning that ADHCs will have to follow them as well.
The electronic manual includes an overview of the HIPAA rules, model policies, and procedures, a comprehensive list of federal and applicable California laws, electronic templates for required agreements, and notices that can be customized for your organization.
By purchasing this manual, you agree to use it solely within your organization and not to share it with others.

HIPAA MANUAL PACKAGE DETAILS

The package includes:

  1.  An electronic copy of the 2025 CAADS Policies and Procedures Manual for Health Information Privacy
  2.  Registration for one staff member to attend our March 27, 2025, HIPAA webinar presented by Allan D. Jergesen, Partner, Hansen Bridgett LLP
    (Additional webinar-only registration(s) can be purchased separately.)

    Member Rate: $775.00
    Non-Member Rate: $2,100.00 


Order your copy by March 15, 2025,  and receive the discounted rate below:

Member Rate: $750.00
Non-Member Rate: $2,000.00

U.S.Department of Health and Human Services logo

The Department’s Office for Civil Rights seeks to update HIPAA Security Rule for the first time since 2013

Regulatory Initiatives

HIPAA Security Rule NPRM

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued a proposed rule to improve cybersecurity and better protect the U.S health care system from a growing number of cyberattacks. The proposed rule would modify the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule to require health plans, health care clearinghouses (an organization that enables the exchange of health care data between a provider and a payer (insurance company)), and most health care providers, and their business associates, to strengthen cybersecurity protections for individuals’ protected health information. This proposed rule is the latest step taken by OCR to address more frequent cyberattacks targeting the U.S. health care system, consistent with the HHS Healthcare and Public Health critical infrastructure sector Cybersecurity Performance Goals.

OCR has seen a substantial increase in reports of large breach reports received over the last five years. From 2018-2023, reports of large breaches increased by 102 percent, and the number of individuals affected by such breaches increased by 1002 percent, primarily because of increases in hacking and ransomware attacks. In 2023, over 167 million individuals were affected by large breaches—a new record. Since 2019, large breaches caused by hacking and ransomware have increased 89 percent and 102 percent.

Accordingly, the proposed rule would modify the HIPAA Security Rule to require health plans, health care clearinghouses, and most health care providers, and their business associates to better protect individuals’ electronic protected health information against both external and internal threats. It would clarify and provide more specific instruction about what covered entities and their business associates must do to protect the security of electronic protected health information. The proposed rule also would require that policies and procedures be in writing, reviewed, tested, and updated on a regular basis. Additionally, it would better align the Security Rule with modern best practices in cybersecurity.

(SOURCE: https://www.hhs.gov/hipaa/for-professionals/security/hipaa-security-rule-nprm/index.html)