This 4-hour seminar takes the participants through HIPAA compliance from start to compliance.
The first presentation explains the history of HIPAA, why it came into being, and its evolution. This covers what HIPAA is, what steps have to be performed to be HIPAA compliant, and what HIPAA compliance is. It also provides definitions of key HIPAA terms, how to define a Business Associate, and how to contract with Business Associates. The second part of the first presentation is an overview of how to manage the HIPAA compliance project.
The second session describes what a Risk Assessment is and how to perform the risk assessment. The materials take the participant through the factors of HIPAA compliance and how to perform a HIPAA Risk Assessment. This encompasses taking the participants through how to do a HIPAA Privacy Risk Assessment, how to do a HIPAA Security Assessment and how to interpret the results, set priorities, and develop a plan for addressing the Risk Assessment findings.
The third session takes the participants through how to prepare a set of HIPAA Policies and Procedures. This includes how to reference the HIPAA regulations in preparing the policies and procedures, how to reference the prior HIPAA Risk Assessments and how to prepare the HIPAA training materials.
The fourth session provides the participants with an orientation on the role of the IT services in the healthcare organization in addressing the organization's HIPAA compliance. This encompasses understanding what role IT hardware and software play in the HIPAA compliance process, what responsibilities IT vendors should have, and how to work with vendors. The materials will discuss IT security in the context of an overall organization security program including the value and approach of an IT security vulnerability test.
In the last session, participants will review what a HIPAA breach is and what to do when a HIPAA breach occurs. This includes determining if a notification occurred, notification requirements, and mitigation options.
There will be a wrap-up and discussion session providing an opportunity for the participants to discuss specific issues they may have or get direction regarding particular approaches for HIPAA compliance.
The need for HIPAA compliance has evolved since the HIPAA laws were passed in 1996. In addition, as technology has advanced into more use of the internet and web-based hardware and software resources, compliance has also become more difficult and complex. Now both covered entities (providers of health care services) and their business associates (support vendors) have to implement comparable compliance measures.
Breaches are almost impossible to escape - recent studies show that approximately 90% of covered entities and business associates have had at least one breach of a patient's protected health information. And, HIPAA federal penalties can be significant.
Compounding the issue is that almost all states have incorporated the HIPAA regulations, in one form or another, into their state health care privacy laws, and/or the courts have accepted the HIPAA regulations as the standard of care for protecting a patient's health information. It is important for the health care organization to know what is expected by the regulations.
To satisfy your HIPAA compliance requirements, health care management and staff need to understand the HIPAA privacy and security regulations, understand how to assess your health care organization's HIPAA compliance status, and understand the role of each of the members of your workforce in meeting your compliance requirements and know what to do if there is a breach of your patient health data.
This seminar provides an in-depth review of these subjects and leaves the participant with a solid understanding of what has to be done to be HIPAA compliant.