Overview:
This seminar is designed to provide intensive training in HIPAA Security and Breach Notification Rule compliance designed for both the seasoned HIPAA professional as well as the individual newly appointed to the position of HIPAA Security Officer.
The session begins with a detailed examination of HIPAA Security Rule and Breach Notification requirements, including what you need to do to protect information and what you have to do if you don't.
The discussion includes consideration of telemedicine, video tools, and Business Associate relationships, and the relaxation of enforcement relating to the adoption of video technologies during the emergency.
The session concludes with a discussion of the essential activities of performing risk analysis, mitigating risk issues, documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits, all as part of a 10-step plan for reviewing and maintaining HIPAA compliance.
Topics include:
- What's in the Security and Breach Notification regulations and what has changed?
- What are the new threats to the security of Protected Health Information?
- What are the HIPAA Security Safeguards and how do they work, particularly in emergencies when rules are relaxed?
- Where do Risk Analysis and Risk Assessment fit into the process, and what do they look like?
- What needs to be addressed for compliance by covered entities and business associates?
- What are the most important security issues?
- How does enforcement relate to the Security and Breach Notification Rules, and how might it be suspended during an emergency?
- Are HIPAA Audits continuing and how do we prepare for them?
- What needs to be done to be able to demonstrate your HIPAA compliance?
- What can happen when compliance is not adequate?
- Numerous references and sample documents will be provided
Why you should Attend:
This Seminar is designed for the HIPAA expert and HIPAA newbie alike who wishes to stay up with changes to HIPAA and related regulations in personal information privacy and security, as well as understand the regulatory issues most frequently encountered in day-to-day operation of health care entities, as well as during emergencies.
Objectives include learning related to a variety of topics, including:
- Understand the structure of the HIPAA Regulations and how they work together
- Learn about the overall processes and objectives of the Security Rule, and how to interpret the rules
- Understand how to use Risk Analysis to make compliance decisions in the face of new threats
- Learn about using Risk Assessment and Risk Analysis to help discover and prioritize mitigation of risks
- Know what safeguards must be considered to provide security for health information
- Understand what makes a good information security policy
- Know how to respond to breaches and violations of Privacy and Security rules
- Learn how breaches occur and what steps can be taken to best avoid them
- Work through practical examples of risk analysis and breach analysis
- Learn how to deal with the modern portable technologies and communication methods
- Learn about how the HIPAA rules support the appropriate use of new technologies involving texting and telemedicine
- Find out about how rules may be relaxed in response to emergency circumstances, but must be observed otherwise
- Understand how to use policies, documentation, training, and drills to prepare for audits and incidents, and achieve good compliance
Areas Covered in the Session:
Part one sets the stage with an overview of the HIPAA regulations and then continues with presentation of the specifics of the Security Rule, the Breach Notification Rule, a Risk Analysis overview and review of the HIPAA security safeguards, detail on recommended policies and procedures, and how to be prepared for HIPAA audits.
- Overview of HIPAA Regulations
- The Origins and Purposes of HIPAA
- Privacy Rule History and Objectives, including Responding to Emergencies
- Security Rule History and Objectives
- Breach Notification Requirements, Benefits, and Results
- HIPAA Security Rule Principles
- General Rules, Flexibility Provisions, and Responding to Emergencies
- The Role of Risk Analysis
- Security Safeguards and Enforcement, including Suspension of Enforcement for Emergencies
- Training and Documentation
- HIPAA Security Policies and Procedures and Audits
HIPAA Security Policy Framework - Sample Security Policy Content
- Recommended Level of Detail for Policies and Procedures
- The New HIPAA Compliance Audit Protocol
Part two begins with principles and methods of risk analysis for Security Rule and Breach Notification compliance, and continues with a discussion of typical security issues and means for avoiding breaches and meeting compliance requirements when it comes to modern technologies, such as texting, e-mail, and social media.
Finally, the day concludes with a session on the essential activities of documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits.
- Risk Analysis for Security and Breach Notification
- Principles of Risk Analysis for Information Security
- Analyzing Risks for Determination of Breach Notification
- Risk Analysis Methods
- Risk Analysis Example
- Risk Mitigation, Breach Prevention, and Compliance Remediation
- Typical Security Risks and Preventing Breaches
- Social Media, Texting, e-mail, and Privacy
- Dealing with Portable Devices and Remote Access, and Telemedicine
- Compliance Planning and Decision Making During Emergencies
- Documentation, Training, Drills and Self-Audits
- How to Organize and Use Documentation to Your Advantage
- Training Methods and Compliance Improvement
- Conducting Drills in Incident and Breach Response
- Using the HIPAA Audit Protocol for Documentation and Self-Auditing
Who Will Benefit:
- CEO
- HIPAA Privacy Officers
- HIPAA Security Officers
- Information Security Officers
- Risk Managers
- Compliance Officers
- Privacy Officers
- Health Information Managers
- Information Technology Managers
- Information Systems Managers
- Medical Office Managers
- Chief Financial Officers
- Systems Managers
- Chief Information Officer
- Healthcare Counsel/lawyer
- Operations Directors