The A to Z's of HIPAA Compliance
Course "The A to Z´s of HIPAA Compliance" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant´s RAC recertification upon full completion.
Overview: This two day seminar takes the participants through HIPAA compliance from start to compliance. The presentations explain the history of HIPAA, why it came to being and its evolution. This covers what HIPAA is, what steps have to be performed to be HIPAA compliant and what HIPAA compliance is. It also provides definitions to key HIPAA terms, how to define a Business Associate and how to contract with Business Associates.
The second session describes what a Risk Assessment is and how to perform the risk assessment. The materials take the participant through the factors of HIPAA compliance and how to perform a HIPAA Risk Assessment. This encompasses taking the participants through how to do a HIPAA Privacy Risk Assessment, how to do a HIPAA Security Assessment and how to interpret the results, set priorities and develop a plan for addressing the Risk Assessment findings. The end of this session will encompass a short workshop demonstrating how to use the Risk Assessment tools discussed in the presentation
The third session takes the participants through how to prepare a set of HIPAA Policies and Procedures. This includes how to reference the HIPAA regulations in preparing the policies and procedures, how to reference the prior HIPAA Risk Assessments and how to prepare the HIPAA training materials.
The day´s last session shows the participants how to develop and give a HIPAA training session. The materials present the basics of what needs to be included in the training program, who has to be trained and how to conduct the training.
The first session of the second day provides the participants with an orientation of the role the IT services in the healthcare organization in addressing the organization´s HIPAA compliance. This encompasses understanding what role IT hardware and software plays in the HIPAA compliance process, what responsibilities IT vendors should have and how to work with vendors. The materials will discuss IT security in the context of an overall organization security program including the value and approach of an IT security vulnerability test.
The second session of the second focuses on an area often missed in performing HIPAA assessments: the business continuation and disaster recovery planning. This session takes the participants through the process of considering what can/may happen that could put the healthcare organization out of business and how to develop methods for mitigating those risks.
In the third session, participants will review what a HIPAA breach is and what to do when a HIPAA breach occurs. This includes determining if a notification occurred, notification requirements and mitigation options.
The last session will be a wrap up and discussion session providing an opportunity for the participants to discuss specific issues they may have or get direction regarding particular approaches for HIPAA compliance.
Why should you attend?
Although healthcare news and the internet is replete with articles and descriptions of the HIPAA privacy and security regulations, there remain many misconceptions of what these regulations mean to healthcare organizations and what they, and their business associates, need to do to become compliant. Healthcare organizations know they have to secure patient health care information. However, a number of questions need to be answered to meet that goal.
What does this mean? Do the HIPAA regulations apply to the organization? What are the organization´s risks and how does the organization mitigate these risks? What does the organization have to do and how does the organization do it? What role does the organization´s computer resources have in the risks? How safe is my computer and paper patient information? How does the organization know if its computer resources provide the needed features and functions for the organization to become compliant? What resources are needed and what do these resources need to do? What is a Risk Assessment and why does the organization need one? Does the organization need an attorney or a consultant? How does the organization know if it is compliant? What is a breach and how does the health care organization know if a breach occurred? What happens if there is a breach? What effect do the use of social media (Facebook, Twitter, etc.) and mobile devices (iphones, ipads and laptops) have on the organization´s ability to be HIPAA compliant? What is a Business Associate and how does the organization work with the Business Associates? What are the potential penalties - both organizational and individual? Should the organization consider HIPAA insurance?
Should a breach occur, the penalties will depend upon the diligence the organization used to answer these questions and become compliant. Answering these questions and developing and executing a plan to become compliant is critical to ensuring that the organization commits the needed resources and attains the desired result.
Areas Covered in the Session:
• What is HIPAA, who is covered and what is HIPAA Compliance
• Why the healthcare organization should be concerned about HIPAA compliance
• How to perform a HIPAA Risk Assessment
• How to prepare HIPAA Policies and Procedures
• How to perform HIPAA Training
• What is IT´s role in the healthcare organization´s HIPAA Compliance
• How to prepare a Business Continuation/Disaster Recovery Plan
• How to handle a potential HIPAA Breach
Day 1 Schedule:
Lecture 1: Introduction of History of HIPAA
Lecture 2: How to Perform a HIPAA Risk Assessment
Lecture 3: Developing HIPAA Policies and Procedures
Lecture 4: Performing HIPAA Training
Day 2 Schedule:
Lecture 1: IT Roll in HIPAA Compliance
Lecture 2: How to Develop a Disaster Recovery/Business Continuation Plan
Lecture 3: How to Handle a HIPAA Breach
Lecture 4: Wrap Up and Discussion
HIPAA Professional, GPSJWB, LLC
Jim Wener has over 40 years of experience in assisting health care organizations - both providers and payers- in identifying their automation requirements and helping these organizations select and successfully implement the automation most applicable for their needs.