3-Hour Virtual Seminar on HIPAA Security and Breach Rule Compliance- Understanding Risk Analysis, Policies and Procedures and Managing Incidents

Jim Sheldon-Dean
Duration: 3 Hours
Webinar Id: 602309
Instructor: Jim Sheldon-Dean

Price Details

Recorded Webinar
$349. One Attendee
$599. Unlimited Attendees

Unlimited Attendees: Any number of participants

Recorded Version: Unlimited viewing for 6 months (Access information will be emailed 24 hours after the completion of live webinar)

Overview:

This seminar is designed to provide intensive training in HIPAA Security and Breach Notification Rule compliance designed for both the seasoned HIPAA professional as well as the individual newly appointed to the position of HIPAA Security Officer.

The session begins with a detailed examination of HIPAA Security Rule and Breach Notification requirements, including what you need to do to protect information and what you have to do if you don't. 

The discussion includes consideration of telemedicine, video tools, and Business Associate relationships, and the relaxation of enforcement relating to the adoption of video technologies during the emergency. 

The session concludes with a discussion of the essential activities of performing risk analysis, mitigating risk issues, documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits, all as part of a 10-step plan for reviewing and maintaining HIPAA compliance.

Topics include:

  • What's in the Security and Breach Notification regulations and what has changed?
  • What are the new threats to the security of Protected Health Information?
  • What are the HIPAA Security Safeguards and how do they work, particularly in emergencies when rules are relaxed?
  • Where do Risk Analysis and Risk Assessment fit into the process, and what do they look like?
  • What needs to be addressed for compliance by covered entities and business associates?
  • What are the most important security issues?
  • How does enforcement relate to the Security and Breach Notification Rules, and how might it be suspended during an emergency?
  • Are HIPAA Audits continuing and how do we prepare for them?
  • What needs to be done to be able to demonstrate your HIPAA compliance?
  • What can happen when compliance is not adequate?
  • Numerous references and sample documents will be provided

Why you should Attend:

This Seminar is designed for the HIPAA expert and HIPAA newbie alike who wishes to stay up with changes to HIPAA and related regulations in personal information privacy and security, as well as understand the regulatory issues most frequently encountered in day-to-day operation of health care entities, as well as during emergencies.

Objectives include learning related to a variety of topics, including:

  • Understand the structure of the HIPAA Regulations and how they work together
  • Learn about the overall processes and objectives of the Security Rule, and how to interpret the rules
  • Understand how to use Risk Analysis to make compliance decisions in the face of new threats
  • Learn about using Risk Assessment and Risk Analysis to help discover and prioritize mitigation of risks
  • Know what safeguards must be considered to provide security for health information
  • Understand what makes a good information security policy
  • Know how to respond to breaches and violations of Privacy and Security rules
  • Learn how breaches occur and what steps can be taken to best avoid them
  • Work through practical examples of risk analysis and breach analysis
  • Learn how to deal with the modern portable technologies and communication methods
  • Learn about how the HIPAA rules support the appropriate use of new technologies involving texting and telemedicine
  • Find out about how rules may be relaxed in response to emergency circumstances, but must be observed otherwise
  • Understand how to use policies, documentation, training, and drills to prepare for audits and incidents, and achieve good compliance

Areas Covered in the Session:

Part one sets the stage with an overview of the HIPAA regulations and then continues with presentation of the specifics of the Security Rule, the Breach Notification Rule, a Risk Analysis overview and review of the HIPAA security safeguards, detail on recommended policies and procedures, and how to be prepared for HIPAA audits.

  • Overview of HIPAA Regulations
  • The Origins and Purposes of HIPAA
  • Privacy Rule History and Objectives, including Responding to Emergencies
  • Security Rule History and Objectives
  • Breach Notification Requirements, Benefits, and Results
  • HIPAA Security Rule Principles
  • General Rules, Flexibility Provisions, and Responding to Emergencies
  • The Role of Risk Analysis
  • Security Safeguards and Enforcement, including Suspension of Enforcement for Emergencies
  • Training and Documentation
  • HIPAA Security Policies and Procedures and Audits
    HIPAA Security Policy Framework
  • Sample Security Policy Content
  • Recommended Level of Detail for Policies and Procedures
  • The New HIPAA Compliance Audit Protocol

Part two begins with principles and methods of risk analysis for Security Rule and Breach Notification compliance, and continues with a discussion of typical security issues and means for avoiding breaches and meeting compliance requirements when it comes to modern technologies, such as texting, e-mail, and social media.

Finally, the day concludes with a session on the essential activities of documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits.

  • Risk Analysis for Security and Breach Notification
  • Principles of Risk Analysis for Information Security
  • Analyzing Risks for Determination of Breach Notification
  • Risk Analysis Methods
  • Risk Analysis Example
  • Risk Mitigation, Breach Prevention, and Compliance Remediation
  • Typical Security Risks and Preventing Breaches
  • Social Media, Texting, e-mail, and Privacy
  • Dealing with Portable Devices and Remote Access, and Telemedicine
  • Compliance Planning and Decision Making During Emergencies
  • Documentation, Training, Drills and Self-Audits
  • How to Organize and Use Documentation to Your Advantage
  • Training Methods and Compliance Improvement
  • Conducting Drills in Incident and Breach Response
  • Using the HIPAA Audit Protocol for Documentation and Self-Auditing

Who Will Benefit:

  • CEO
  • HIPAA Privacy Officers
  • HIPAA Security Officers
  • Information Security Officers
  • Risk Managers
  • Compliance Officers
  • Privacy Officers
  • Health Information Managers
  • Information Technology Managers
  • Information Systems Managers
  • Medical Office Managers
  • Chief Financial Officers
  • Systems Managers
  • Chief Information Officer
  • Healthcare Counsel/lawyer
  • Operations Directors

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to health care firms and businesses throughout the Northeast and nationally. Sheldon-Dean’s firm provides a variety of advisory, training, assessment, policy development, project management and mitigation services for a number of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and co-chairs the WEDI HIPAA Updates sub-workgroup. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of New York City, New York State, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Sign Up for Our Newsletter