Attendees of this session will learn how complying with the HIPAA security rule is different from complying with earlier HIPAA mandates, what are the requirements for health information security under HIPAA privacy and security rules, and what's involved with understanding how health information flows through your organization and why that's important to health information privacy and security.
This session will also enable participants to identify methods and components in performing a risk analysis - the foundation for compliance with HIPAA security. Methodologies reviewed include the National Security Agency (NSA) Information Security (InfoSec) Assessment Methodology (IAM), the International Standard for Organization (ISO) 17799 for Code of Practice for Information Security Management, and the National Institute of Technology (NIST) Special Publication 800-26 Security Self-Assessment Guide for Information Technology Systems.
- HIPAA security rule: concepts, details, and compliance planning
- Emerging technologies and the electronic health record
- Overcoming cultural implementation barriers with innovation
- Risk analysis concepts and methods
- Using information flow analysis to identify security risks
- Due diligence and information security
- The attendee will be able to discuss the regulations pertaining to HIPAA and how to comply.
- The attendee will be able to identify what an electronic medical record consists of.
- The attendee will be able to explain the significance of keeping electronic medical records confidential.
9:00 a.m. - 11:00 a.m. (Break 10:00 a.m. - 10:15 a.m.)
I. Introduction To The HIPAA Security Rule And Health Information
A. Information Security Requirements Under The HIPAA Privacy Rule
B. Major Concepts Of The HIPAA Security Rule And The Compliance Process
C. Security Rule Details And Some Good News/Bad News Stories
D. Performing Information Flow Analysis – The First Step To Security Compliance
E. Understanding Your Health Information Flows And Their Security
11:00 a.m. - 2:00 p.m. [Lunch (On Your Own) 12:00 p.m. - 1:00 p.m.]
II. Risk Analysis And Standards For HIPAA Security Compliance
A. Basic Threats, Vulnerabilities, And Risks
B. How The Standard Of Due Diligence May Apply
C. Mapping And Inventorying Of Electronic Protected Health Information
D. Approaches To Risk Analysis
E. Standards For Baseline Controls
F. Steps To Conducting A Risk Analysis
2:00 p.m. - 4:00 p.m. (Break 3:00 p.m. - 3:15 p.m.)
III. The Impact Of Emerging Technologies On The Electronic Health
A. Emerging Healthcare Technologies Depend On The Electronic Health Record
B. The Benefits Of Emerging Technologies Do Not Accrue To The Purchasers Who Use Them
C. Achieving Emerging Technologies As 'Best Practice'
D. Organizations Overcome Cultural Implementation Barriers With An Innovative Solution
4:00 p.m. - 4:30 p.m.
IV. Question And Answer