Webinar: Advancing Information Sharing – Understanding EHI

Webinar: Advancing Information Sharing – Understanding EHI

Date and Time

November 30, 2022
2:00-3:00 PM ET


Dan Healy

Dan Healy
Policy Coordinator

Rachel Nelson

Rachel Nelson, JD
Branch Chief

Barbara Carr

Barbara Carr, RHIA
Strategic Advisor


Information Protection; Access, Disclosure, Privacy and Security

Presentation Content

The information blocking definition of electronic health information (EHI) includes the entire scope of electronic protected health information (ePHI) that is or would be in a Designated Record Set (DRS). Prior to October 6, 2022, the definition of information blocking was focused only on the subset of EHI that is represented by elements in the United States Core Data for Interoperability (USCDI) v1. As of October 6, 2022, all EHI falls within the scope of the information blocking definition.

What is and what is not EHI for purposes of information blocking regulations? In this presentation you will hear from experts with the ONC (Office of the National Coordinator for Health IT) on what EHI is and how its definition relates to but differs from the definition of ePHI under the HIPAA Rules. Learn about current information blocking policy and what healthcare organizations and providers should bear in mind specific to information blocking regulations as they review and update their technical capabilities and workflows in context of their DRS to ensure they are sharing EHI consistent with all applicable laws.

Learning Outcomes

  1. Understand how EHI is an important part of the information blocking definition.
  2. Learn how to identify what is and what is not EHI.
  3. Learn more about how information blocking policy recognizes the importance of maintaining cybersecurity of your health IT and of respecting patients’ privacy rights and preferences.

Reference List

HHS Office of the National Coordinator for Health Information Technology.

Understanding Electronic Health Information (EHI)

Information Blocking Exceptions

Information Blocking FAQs

Software Supply Chain Risk – Effective Third Party, “Nth” Party Management

Software Supply Chain Risk – Effective Third Party, “Nth” Party Management

Information Protection; Access, Disclosure, Privacy and Security (for CEU certificate)

Barbara Carr
, , RHIA, Verisma Advisor, Former AVP of Health Information Management at Einstein Healthcare Network
Jim Staley, CISSP, Verisma’s Chief Information Security Officer

Presentation Content:
As healthcare providers continue to improve their own security, attackers are more frequently targeting third parties, vendors, and suppliers who provide services to healthcare companies. To make matters worse, they are also attacking not only your vendors, but also your vendor’s vendors! The idea that “you’re only as strong as the weakest link in the chain” has never been more true.

In this presentation you will hear from Verisma’s Chief Information Security Officer as he will share his risk management expertise and provide real world examples of third (and even fourth or fifth!) party attacks as well as software “supply chain” attacks. He’ll review what the “standards of care” are for third party management, decipher some of the ling around third party certifications, and provide some concrete “do’s and don’ts” for managing third-party risk.

Learning Outcomes:

  1. Understand why managing third party risk is more important than ever before.
  2. Understand the differences between third party attacks, “nth” party attacks, and “supply chain” attacks.
  3. Learn what different security frameworks and vendor certifications mean and what level of assurance they provide.
  4. Learn what’s important, what’s not important, and what things can even be counter-productive, when creating or participating in a third-party risk management process.
HIPAA Update from the Office of Civil Rights

HIPAA Update from the Office of Civil Rights

Wednesday, June 22, 2:00 – 3:00 PM EDT

Information Protection; Access, Disclosure, Privacy and Security

Timothy Noonan
Deputy Director for Health Information Privacy
Office of Civil Rights

Presentation Content:

Hear directly from the Deputy Director for Health Information Privacy at OCR on the latest news and trends related to HIPAA.  A lot has been happening over the last year with the announcement of the NPRM regarding HIPAA changes.  Comments have been received and are currently under review by OCR.

Hear about other updates on OCR rulemaking and guidance that directly impacts your HIM release of information operations.  Learn about the recent trends in breach reporting to OCR and what you can do to make sure your organization stays clear of being reported to OCR.   Mr. Noonan will also inform the attendees of recent HIPAA settlements and civil monetary penalties.

Attending this very informative webinar will help you learn where things are and where they are going under HIPAA and how to keep your organization compliant. 

Learning Outcomes:

  1. Understand about OCR rulemaking and learn how this directly impacts you in HIM.
  2. Learn the latest trends in breach reporting and how to avoid a breach in your organization.
  3. Understand what the latest HIPAA settlements are and how they could have been avoided.
Patient Request for Amendments – The Impact of Increased Patient Access to EHI

Patient Request for Amendments – The Impact of Increased Patient Access to EHI

Date: May 18, 2:00 – 3:00 PM EDT


Mercy del Rey
Assistant Vice President/Chief Privacy Officer, Baptist Health South Florida

Barbara Carr, RHIA
HIM Advisor, Verisma Systems, Inc.

The 21st Century Cures Act’s goal of increasing information sharing and enabling patients to have their healthcare data delivered conveniently to their computers, cell phones, and mobile applications has increased privacy and security worries for many healthcare organizations. Having the right data security in place to enable information sharing is forefront, the opening up of access and sharing has also increased the volume of patients’ requests to amend their healthcare information.

Baptist Health South Florida is a large multi-facility health system in South Florida that treats over 1.5 million patients per year.  Hear from Mercy Del Ray, Baptist’s VP and Chief Privacy Officer, how Baptist Health protects patient privacy and patient rights and what processes they have implemented to handle the increased patient requests for amendments.

Learning Objectives:

• Learn from Baptist Health South Florida experience on how they have met the demands and are processing requests for amendments.   

• Learn how centralizing the amendment process has benefited the healthcare organization and patients.

Pre-Approved for 1 AHIMA CEU Credit.



WEBINAR: Saint Luke’s Health System: Transforming ROI From Siloed to Enterprise-Wide Function

Date: December 13th, 2017 2:00 pm – 3:00 pm EST


Heidi Hale, RHIA, Release of Information Manager, Saint Luke’s Health System

Linda Kloss, MA, RHIA, President, Kloss Strategic Advisors, Inc.

Today, Release of Information (ROI) practices are inconsistent in many health system areas. Hospital ROI may be uniform and compliant; however, ambulatory, home care, and other settings use inconsistent, ad hoc methods. These siloed ROI practices are risky and costly. With growing volumes and request types, reduced revenue, and new compliance risks, fragmented ROI is no longer adequate. Health systems need a solution that automates ROI across the enterprise.

During this presentation, Heidi Hale, Release of Information Manager at Saint Luke’s Health System and Linda Kloss, President of Kloss Strategic Advisors will provide a real world example of how HIM spearheaded a successful ROI transformation project, migrating from fragmented to unified in less than a year.

Join the webinar to learn how the HIM department led:

  • The successful migration from siloed to enterprise ROI in a compressed timeframe
  • The automation of their ROI workflow and aligned people, policy, processes, and technology across the enterprise
  • The expansion of secure patient access to health data – while advancing compliance with the 2016 HHS Patient Access guidance and Saint Luke’s goals and values
  • An effective cross-functional team collaboration and initiative to advance system-level change

Approved for 1 AHIMA CEU Credit: Management Development