The webcast will cover rules that continue to be revised pursuant to provisions in the HITECH Act of 2009. The regulations are designed to improve patient privacy and security protections by extending the Office for Civil Rights’ (OCR) enforcement to business associates and covered entities; strengthen individuals’ rights to request and receive their medical information in electronic form; and set new limits on the use and sale of individual’s information. The OCR has also implemented an audit program to ensure covered entities and business associates comply with HIPAA Privacy and Security Rules and Breach Notification standards. The faculty will discuss the new penalties under the HITECH Act and tips for responding to complaints, investigations and audits. They will also review frequently asked questions related to when health plans can use PHI for marketing and wellness programs, whether plans should update their business associate agreements and privacy procedures, and how other plans are conducting HIPAA training.