HIPAA Security and Breach Rule Compliance
With the recent implementation of new HIPAA regulations in the HIPAA Omnibus Update of 2013, healthcare organizations are reviewing their compliance and making sure they have the proper policies, procedures, and forms in place. HIPAA Security Officers have been renewing their compliance activities and reviewing their documentation to make sure they can meet the challenges of the new rules and avoid breaches and penalties for compliance violations.
- Event Type:
- May 28-29, 2020
- Charlotte , NC , USA
This seminar is designed to provide intensive, two-day training in HIPAA Security and Breach Notification Rule compliance, including:
- What’s new in the regulations?
- What’s changed recently?
- What needs to be addressed for compliance by covered entities and business associates?
- What are the most important security issues?
- What needs to be done for HIPAA compliance?
- What can happen when compliance is not adequate?
This session will also explain HIPAA Security safeguards and the role of risk analysis in effectively evaluating and implementing Security Rule compliance. Audits and enforcement will be explained, as well as security breaches and how to prevent them. Numerous references and sample documents will be provided.
- Understand the structure of the HIPAA Regulations and how they work together
- Learn what has changed in the rules based on the HIPAA Omnibus Update Rule
- What has to be modified to meet the new rules and how to interpret them
- Understand how to use Risk Analysis to make compliance decisions
- Know what safeguards must be considered to provide security for health information
- Understand what makes a good information security policy
- Know how to respond to breaches and violations of Privacy and Security rules
- Work through practical examples of risk analysis
- Learn how to deal with the modern portable technologies and communication methods
- Understand how to use policies, documentation, training, and drills to prepare for audits and incidents, and achieve good compliance
This seminar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:
- Compliance director
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
- Registration Process: 8:30 AM – 9:00 AM
- Session Start Time: 9:00 AM
Day one sets the stage with an overview of the HIPAA regulations and then continues with presentation of the specifics of Breach Notification, the Security Rule, recommended policies and procedures, how to be prepared for HIPAA audits, and principles and methods of risk analysis for Security Rule and Breach Notification compliance.
- Overview of HIPAA Regulations
- The Origins and Purposes of HIPAA
- Privacy Rule History and Objectives
- Security Rule History and Objectives
- Breach Notification Requirements, Benefits, and Results
- HIPAA Security Rule Principles
- General Rules and Flexibility Provisions
- The Role of Risk Analysis
- Security Safeguards
- Training and Documentation
- HIPAA Security Policies and Procedures and Audits
- HIPAA Security Policy Framework
- Sample Security Policy Content
- Recommended Level of Detail for Policies and Procedures
- The New HIPAA Compliance Audit Protocol
- Risk Analysis for Security and Breach Notification
- Principles of Risk Analysis for Information Security
- Analyzing Risks for Determination of Breach Notification
- Risk Analysis Methods
- Risk Analysis Example
Day two begins with a discussion of typical security issues and means for avoiding breaches and meeting compliance requirements when it comes to modern technologies, such as texting, e-mail, and social media. Finally, the day concludes with a session on the essential activities of documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits.
- Risk Mitigation, Breach Prevention, and Compliance Remediation
- Typical Security Risks and Preventing Breaches
- Social Media, Texting, e-mail, and Privacy
- Dealing with Portable Devices and Remote Access
- Compliance Planning
- Documentation, Training, Drills and Self-Audits
- How to Organize and Use Documentation to Your Advantage
- Training Methods and Compliance Improvement
- Conducting Drills in Incident and Breach Response
- Using the HIPAA Audit Protocol for Documentation and Self-Auditing
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Mr. Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
He has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.