Group items tagged

Overview:  Emotionally difficult or painful conversations are very common in health care. Consequently, it is quite remarkable that health care training programs do not spend more time teaching future health professionals the kinds of emotional and relational skills that are often required in these kinds of patient-provider interactions. This presentation will discuss the architecture of the painful conversation by examining : Its effect on the professional's sense of self and especially his or her need to preserve self-esteem The critical role of feelings and emotions, and The nature and value of empathy. The latter half of the presentation will consist of various strategic and practical recommendations so that emotionally challenging conversations might be conducted artfully, especially with "difficult" or "impossible" patients. Areas Covered in the Session: By the end of this presentation, learners will be able to: Relate the painful conversation to their construction of their professional "self"; Explain how an ability to control one's feelings can influence the success or failure of an emotionally difficult conversation; List a number of empathic responses that are useful in conducting difficult conversations Who Will Benefit: Any health professional who has to communicate with others. Speaker Profile John D. Banja is a Professor in the Department of Rehabilitation Medicine and a medical ethicist at the Center for Ethics at Emory University. He also directs the Section on Ethics for the Atlanta Clinical and Translational Science Institute at Emory. Dr. Banja received a doctorate degree in philosophy from Fordham University in New York and has taught and lectured on topics in medical ethics throughout the United States. He has authored or coauthored over 200 publications and has delivered over 800 invited presentations at regional, national, and international conferences. He currently serves as the Editor of the American Journal

Overview: Participants will learn how to conduct an investigation of allegations of patient privacy violations using a privacy "risk analysis" tool and steps that should be taken when a breach has been determined. Why should you Attend: You must conduct a prompt and thorough investigation of all allegations of privacy violations. A violation of a patient's privacy may result in monetary penalties, harm to your reputation and especially harm to a patient. You need to make certain your organization has the expertise to conduct a thorough privacy investigation, analyze the results and take all necessary action to mitigate and report violations when required. Areas Covered in the Session: Best practices for conducting a privacy investigation Use of the risk analysis tool Interpretation of your results Reporting requirements if necessary Recommendations of continued privacy monitoring Workforce training Who Will Benefit: Healthcare providers Compliance and Internal Audit professionals or office staff responsible for ensuring patient privacy Healthcare Administrators Business Associates and all HIPAA Covered Entities Speaker Profile : Gail Madison Brown is a registered nurse and an attorney with over 25 years of experience in health care. For the last 15 years she has focused on health care compliance and revenue cycle management operations. Gail's experience ranges from starting new compliance programs and making improvements to existing programs for physician practices to large health care organizations. Gail also has provided numerous lectures to healthcare providers, executives and professional colleagues. Gail Madison Brown will develop, implement, and oversee processes, systems, educational programs, and other activities necessary to support and grow clinical trials activities at the UT Health Science Center. The Chief Clinical Trails Officer (CCTO) provides overall strategic leadership in this area including planning, goal setting, and monitoring organ

Course "HIPAA for the Compliance Officer" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: I will be going into great detail regarding you practice or business and how it relates to the HIPAA Security/Privacy Rule, Areas covered will be history of HIPAA, privacy vs security, business associates, changes for 2016, audit process, paper based PHI, HIPAA and suing, texting, email, encryption, medical messaging, voice data and much, much, more I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition, this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why you should attend: This lesson will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2016. There are an enormous amount of issues and risks for covered entities and business associates these days. I will speak on specific experiences from over 17 years of experience in working as an outsourced compliance auditor, expert witness on HIPAA cases, and thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information. More im

Overview: Participants will understand the importance of responding to the OCR pre-audit requests and how to respond. Our discussion will cover how to prepare for an anticipated OCR HIPAA privacy audit, by discussing how to conduct an internal self-assessment of your privacy program. We will discuss how to conduct the self-assessment, whether it be the need for policies, procedures or obtaining all of your business associates information. Why should you Attend: If you have received a request from the OCR to provide the name of your entities privacy official and additional criteria, you are already aware that you are on the OCR's radar and may be the focus of an audit. If you haven't received a request yet, anticipate receiving one soon. In addition to ensuring that your HIPAA program is audit ready, you also need to ensure that you know all of your business associates and have their information readily available to provide to the OCR. Your entity needs to be ready now, as the OCR will either conduct focused desk audits, on-site audits or both in effort to review documentation of evidence of your compliance with the HIPAA regulation. Areas Covered in the Session: Office of Civil Rights "OCR" requests for privacy official and additional information and timeline for response Internal assessment criteria of privacy program in anticipation of an OCR audit Conducting the assessment using the template based upon HIPAA regulations Discuss methods to address any found deficiencies Workforce training Who Will Benefit: Healthcare providers Compliance and Internal Audit professionals or office staff responsible for ensuring patient privacy Healthcare Administrators Business Associates and all HIPAA Covered Entities Speaker Profile Gail Madison Brown is a registered nurse and an attorney with over 25 years of experience in health care. For the last 15 years she has focused on health care compliance and revenue cycle management operations. Gail's experience ranges

Course "Effective and Efficient Internal and Supplier Quality System Auditing for Medical Devices" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Do you want to understand how to do efficient and effective internal and supplier audits that meet all the requirements of your external auditors, but also add value to your company? Are you confused by all the requirements and guidance documents for medical device quality management systems and are tired of wading through all the regulatory language they contain. This course is for those who will do internal or supplier audits, manage an audit process for these or other company audits. This course will provide you with an easy to understand presentation on the auditing process as well as the requirements you will need to audit under ISO 13485 and the FDA Quality System Regulation (cGMP) Both FDA Quality System Regulation (QSR) and ISO 13485 require that companies do internal audits. However, because the FDA does not look at the content of internal audits, some companies do not get feedback on the true effectiveness of their internal audit system from the FDA during FDA Inspections. ISO 13485 auditors do look at internal audits, but are most concerned that you define a process that meets the requirements of the standard and are following your process. Both require that you define Auditor training is required, but this sometimes just requires reading the company's procedure, although most external auditors will look for more than this. Do you need to train new auditors for yours medical device quality management system or to audit your suppliers? Or do you need to improve the training of your internal and supplier auditors so that they add value to these audits? If you need to do either of these, this seminar will provide this training. In addition to auditing skills and hands-on auditing exercises, this seminar will provide an ove

Course "New HIPAA Audit and Enforcement Activities: Being Prepared to Show your Compliance " has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: We will be discussing the history and evolution of HIPAA Privacy/Security and the major points you need to understand to proactively protect your practice or business from the imminent federal auditing process: * History of HIPAA * HITECH * HIPAA Omnibus Rule * How to perform a HIPAA Security Risk Assessment * What is involved in a Federal audit and how is it conducted * Risk factors for a federal audit * How to avoid a Federal audit * Business Associates and HIPAA audits * EHR and HIPAA * Business Continuity/Disaster Recovery Planning * Assessing your contractors and sub-contractors * In depth discussions on IT down to the nuts and bolts * Risk factors that can cause an audit (low hanging fruit) * New rules which grant states ability to sue citing HIPAA on behalf of a patient * New funding measures Why should you attend : The evolutions of this enigmatic law and how what was once relative benign in terms of enforcement is now fully funded and aggressive. Learn what you can do to be prepared for an audit and how to lower risks of ever being audited. It is absolutely imperative that you are proactive and not reactive with your compliance program, this is a necessary evil and you need to protect your practice or your business and limit risks from the imminent Federal audits. Join me in keeping up with this very confusing law and take advantage of all the templates and information provided as part of the seminar. Areas Covered in the Session: * HIPAA -Brief History * HIPAA Privacy Rule vs HIPAA Security Rule * HITECH Act * Breach Notification Rule * Omnibus Rule and audits * Business Associates and audits * Current Court Cases (precedence) * Paper Based PHI Concerns and how to lower risk

Course "Risk Analysis and Design of Experiments (DOE) in Process Validation and Development" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: This course is designed to help scientists and engineers plan and conduct experiments and analyze the data to develop predictive models used to optimize processes and products and solve complex problems. DOE is an extremely efficient method to understand which variables (and interactions) affect key outcomes and allows the development of mathematical models used to optimize process and product performance. The models also provide an understanding of the impact of variability in controllable and uncontrollable factors on important responses. The concepts behind DOE are covered along with some effective types of screening experiments. Case studies will also be presented to illustrate the use of the methods. This highly interactive course will allow participants the opportunity to practice applying DOE techniques with various data sets. The objective is to provide participants with the key tools and knowledge to be able to apply the methods effectively in their process and product development efforts. Why should you attend: · Plan and conduct experiments in an effective and efficient manner · Apply good experimental practices when conducting studies · Determine statistical significance of main and interaction effects · Interpret significant main and interaction effects · Develop predictive models to explain and optimize process/product behavior · Check models for validity · Utilize models for one or more responses to find optimal solutions · Apply very efficient fractional factorial designs in screening experiments · Apply response surface designs for

Overview: Section 13411 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, requires Health and Human Services (HHS) to conduct periodic audits of providers and business associates to ensure their compliance with the HIPAA Security and Privacy Rule, and breach notification standards. To implement this mandate, the Office of Civil Rights (OCR) has conducted HIPAA/HITECH audit program with KPMG of 115 health care organizations to assess privacy and security compliance. This webinar will focus on the implementation and tracking of HIPAA audit best practices in a healthcare setup in order to prepare for the federal audit using published OCR audit protocols. Every audit begins with interviews, a questionnaire, and a thorough policy and procedures review. Presenter, with his decades of knowledge in the compliance, legal, auditing and security areas, will walk the attendees through the audit process, documentation requirements, and implementation specifications of the HIPAA privacy, security and breach rules. This presentation not only provides opportunity for the participants to prepare for the federal HIPAA audit but also to improve the security posture of their organizations by adopting to changing technology (mobile, social media, Health Information Exchange(HIE), cloud services, etc.) and threat landscape perspective as well. This presentation will uncover reasons why many health information breaches are occurring and help organizations better secure and comply with electronic protected health information by meeting the required and addressable HIPAA/HITECH security rules. The presenter will also share the best practices used for HIPAA security implementation and continuous risk assessment which is considered as "due diligence" by auditors for the HIPAA security compliance program. Areas Covered in the Session: Healthcare Technology Adoption/Trends Healthcare Regulatory (HIPAA/HITECH) and OCR/HHS Audit Overview Differences between

Overview: Have you ever had a student who was excessively dramatic or who repeatedly monopolized discussions in a know-it-all, domineering, or aggressive fashion? Perhaps you've encountered a student who was so odd or anxious that they weren't able to participate in group activities or complete assignments. It's hard to know what to do when a student's personality just seems to take over your class, but you can't just stand by and do nothing. If they are not managed effectively, students with personality disorders take up a lot of time and can move your whole class in counterproductive directions. Sometimes these challenging students have a Personality Disorder, which is a persistent pattern of perceiving, relating to, and thinking about the environment and themselves that is maladaptive, rigid, pervasive, and enduring. Personality Disorders also manifest in the student's emotional response and impulse control and can negatively impact classroom teaching and learning as well as a student's personal and academic success. Unless you are a particular student's psychiatrist, it's not your job to diagnose them as having a personality disorder, but it is helpful to recognize and understand signs of a personality disorder. This webinar will identify different personality disorders and review their common traits and characteristics. You will learn essential tools for dealing with Personality Disorders such as boundary setting, clear communication, and effective classroom management. In addition, you will review relevant mental health resources and when and how to make appropriate referrals to counseling, accessibility services, and student conduct. Why should you attend: If students with personality disorders are not managed effectively, their behavior can have a negative impact on teaching and learning. Areas Covered in the Session: Ten types of Personality Disorders Prevalence and Demographics Developmental issues Common traits and characteristics of Personality Dis

Overview: Mental health care practitioners work in today's diverse, fast-changing, multidisciplinary health care environment. Nowhere but in mental health is there such diversity of clinicians who provide the same or similar services of counseling and therapy. A potential client has a wide choice of mental health providers from whom to choose. Yet each individual mental health profession has a unique education, training, and experience requirement for practice. While similarities exist, requirements differ from state to state and even from profession to profession with a single state. What are these requirements and how do they apply? The state's authority and power over mental health practitioners often presents challenges to these mental health professionals that are not easy to navigate. Differing sources of legal and ethical authority govern each respective health care practitioner in ways that are similar but not the same. Ethics and law are similar, but not the same. All mental health practitioners must adhere to standards of state law which govern their professional practices, including the very core of the doctor-patient relationship. Codes of ethics and state law may both apply to govern the conduct of this clinician. Even some state laws are referred to as ethical codes. Complaints as to alleged misconduct or ethical failings are received and investigated by a state agency and leave the mental health practitioner with an uncertain process to handle and to defend the state action against them. With this background, this seminar empowers the full understanding and application of ethics and laws for mental health practitioners. Learn to identify and understand an ethical framework for a sound mental health practice. An ethical framework is essential to having the right perspective to examine mental health dilemmas. Compare and contrast regulatory laws and codes of ethics to understand their differing applicability. Know the difference between laws and ethics,

Course "Internal Auditing for the Medical Device Industry" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: This course provides an overview of internal auditing requirements and techniques for medical device companies as a method for risk management and quality improvement. The course will cover auditing requirements, audit planning, preparation, knowledge, auditor skills, interviews, documents and records review, objective evidence, audit report writing and corrective action. Why should you attend: Attendees should attend this seminar for risk management and improvement purposes to identify weaknesses, problems, compliance risks, and improvement opportunities. Who Will Benefit: * Quality Manager * Quality Associate * Quality Engineer * Quality Technician * Regulatory Associate Agenda: Day One Lecture 1: Overview of an auditing program, principles of quality management systems and how they related to auditing, benefits of auditing, and what is auditing. Lecture 2: Types of audits, auditor qualifications, ethics, responsibilities, audit phases, audit planning, and scheduling. Lecture 3: Conducting audits, interview techniques, objective evidence, data collection, tracing, use of checklists, and reviewing documents and records. Lecture 4: Conducting process audits, running closing meetings, audit report writing, corrective actions, and improvement Day Two Lecture 1: Overview to auditing to ISO 13485 and FDA QSR. Global differences which affect auditing approaches, auditing document control and record keeping, management responsibility, and resource management. Lecture 2: Auditing order handling, design control, purchasing, and supplier controls. Lecture 3: Auditing production, validation, and preservation. inspection and testing, control of test equipment, customer property, and sterilization Lecture 4: Auditing customer feedback, internal auditing programs, complaint

Overview: Today's educated professionals function in a maze of different educational and training requirements, which vary from state to state and from profession to profession. Nowhere than in health care is this more evident where multidisciplinary health care practitioners work together towards a common goal for the patient. What is a profession? What areas of work require the unique professional education, training, and experience that becomes mandated by the state? What work requires professional judgment and skill so as to be regulated by the government through mandatory laws applicable to an individual person practicing his or her chosen profession? State laws are enacted for the protection of the public by legislatures in all the fifty states. A list of individual professions and their applicable statues and administrative regulations takes up entire volumes of lawbooks. These state laws impose significant regulation on these professionals, and often in very different ways found in many aspects of state regulation, from the educational process, the examination requirements, the state licensure applications, and the legal standards and rules of each unique profession. Explore how state licensure boards are created and function at the state level. While most such state agencies have common, core functions and operations, there are many differences - and some requirements that are truly the opposite from profession to profession. Review the common requirements the state imposes on the health care provider. Know the basics of professional education and licensure. Understand the difference between legally binding laws and mere codes of ethics, which are aspirational and do not form the basis for legal action. Find out how to understand and navigate the challenges presented from differing and conflicting state laws governing the many health care professions. Know where key requirements exist that are common to many professions. This program

Overview: Today's educated professionals function in a maze of different educational and training requirements, which vary from state to state and from profession to profession. Nowhere than in health care is this more evident where multidisciplinary health care practitioners work together towards a common goal for the patient. What is a profession? What areas of work require the unique professional education, training, and experience that becomes mandated by the state? What work requires professional judgment and skill so as to be regulated by the government through mandatory laws applicable to an individual person practicing his or her chosen profession? State laws are enacted for the protection of the public by legislatures in all the fifty states. A list of individual professions and their applicable statues and administrative regulations takes up entire volumes of lawbooks. These state laws impose significant regulation on these professionals, and often in very different ways found in many aspects of state regulation, from the educational process, the examination requirements, the state licensure applications, and the legal standards and rules of each unique profession. Explore how state licensure boards are created and function at the state level. While most such state agencies have common, core functions and operations, there are many differences - and some requirements that are truly the opposite from profession to profession. Review the common requirements the state imposes on the health care provider. Know the basics of professional education and licensure. Understand the difference between legally binding laws and mere codes of ethics, which are aspirational and do not form the basis for legal action. Find out how to understand and navigate the challenges presented from differing and conflicting state laws governing the many health care professions. Know where key requirements exist that are common to many professions. This program

Overview: Learn how to improve your healthcare compliance program by using requirements found in corporate integrity agreements (CIAs) issued by the OIG. By proactively incorporating various features of CIAs, healthcare providers of all types can be better assured of meeting compliance standards. While there are many different types of healthcare compliance issues, probably the area of most concern is that of properly filing claims and receiving appropriate reimbursement. The OIG has issued various types of guidance including Federal Register entries, fraud alerts, and issues as listed in the OIG Work Plans. By providing such guidance, the OIG has given healthcare providers notice so that there can be no defense of not knowing about an issue. By organizing your compliance program to detect and then correcting various types of issues is a major objective of having a compliance program. Understanding systematic processes for improving your healthcare compliance program using CIA requirements can forestall possible criminal and civil monetary penalties. The hundreds of CIAs that have been developed when the OIG detects fraudulent activities can be used as a guide for developing and improving healthcare compliance programs for all types of healthcare providers. The process of statistical extrapolation is used by the OIG when conducting studies in order to determine recoupment amounts. Statistical extrapolation can also be used by healthcare providers when determining possible overpayments. However, the proper use of statistical extrapolation is a formal and complex mathematical process that must be properly applied. The OIG CIAs provide another resource for healthcare providers to study, understand, and then apply as appropriate. Why should you Attend: What are the OIG Corporate Integrity Agreements (CIAs)? Why does the OIG issue CIAs? Can I use general requirements from CIA to avoid monetary penalties or even avoid going to jail? Can any healthcare provider use

In this session Mr. Wolfe will provide an overview of the Stark Law and its 2016 changes. He will also discuss best practices for implementing and auditing physician compensation arrangements to minimize liability exposure and penalties, including conducting compliance audits, instituting policies, and establishing ongoing monitoring and review processes.

In order to become a safe and effective medicine, a compound has to travel through a lengthy process of rigorous testing. Over the last few decades, the amount of time required to develop and test a novel drug has increased drastically. However, the introduction of social media and digital technology into drug development have the ability to significantly expedite this process. This webinar will explore the policies and principles of using social media through the evolution of developing a pharmaceutical drug from its initial stages to its introduction into the market. This includes analyzing the methods in which pharmaceutical companies utilize social media during the planning process, identifying the best candidate for the lead compound in a drug, conducting animal and human testing, recruiting candidates for clinical trials.

Overview: This lesson is going to get back to the basics using multiple real life scenarios and "what if's". My goal is to make this very confusing and not well explained law easy to understand for the typical staff member. I will uncover myths versus reality as it relates to this enigmatic law based on over 1000 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also point out multiple court cases I have been affiliated with where a staff member of a hospital or clinic has been sued or even imprisoned! I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why should you Attend: Are you confused about HIPAA? Do you just want the basics and in plain English? Do you know there are civil and criminal penalties even for the rank and file staff member! Do you know what you can and can't do with protected health information? It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence

Overview: This lesson will be going into great detail regarding your practice or business information technology and how it relates to the HIPAA Security Rule, in particular portable devices. Areas covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT. I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why should you Attend: HIPAA NOW HAS TEETH! Be prepared for what's new in 2016! Protect your practice or business! What factors might spurn a HIPAA audit? …are you doing these things? Why are the Feds enforcing after all these years? It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence to minimize risk. Areas Covered in the Session: Updates for 2016 BYOD Portable devices B

Overview: The trial master file is a hard copy of all documentation relating to a clinical trial. It contains essential documents. When studies are conducted under ICH E6 Good Clinical Practices (GCP), this collection of documents must be present before, during and after the trial. These documents help provide quality assurance and help researchers evaluate their compliance with GCP, federal regulations and applicable laws. Why should you Attend: Anyone responsible for handling trial documentation or quality assurance activities. Areas Covered in the Session: Trial Master File (TMF): what is it? Essential documents required ICH guidelines and Good Clinical Practice (GCP) Food and Drug Administration (FDA) guidance and expectations Paper or electronic trial master files - what is allowable Links to useful resources Who Will Benefit: This webinar will provide valuable assistance to all personnel in: Human Subjects Research Healthcare interested in exploring the field of Clinical Research New Clinical Research Coordinator positions (1-2 years) New Principal Investigator positions Administration in charge of Clinical Research Regulatory Compliance Speaker Profile Sarah Fowler-Dixon is Education Specialist and instructor with Washington University School of Medicine. She has developed a comprehensive education program for human subject research which has served as a model for other institutions. She crafted budgets, policies, procedures, reporting, and training for the new program. She has initiated the planning, development, authorship and implementation of many human subjects research policies, practices, guidelines, submission and reviewer forms often working with state and federal authorities. She has provided consultation regarding ethical, federal, state, and institutional requirements for faculty and staff both in the design and execution of their projects and teaches research ethics and regulatory affairs and the fundamentals of research manageme

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analys

Overview: One of the major requirements of the health care organization to be HIPAA compliant is to develop and implement a set of HIPAA privacy and security policies and procedures. This can be a daunting task for those not knowing where to start and what a set of HIPAA privacy and security policies and procedures should look like. For the cost conscious health care organization, the HIPAA policies and procedures can have multiple uses: first, they can become a basis for training the health care organization workforce; second, they can be used as a basis for conducting a HIPAA self-assessment; and third, they can be used to demonstrate due diligence should there be a breach or an externalHIPAA compliance audit. In today's world it is not necessary that the health care organization spend significant funds to develop a set of HIPAA privacy and security policies and procedures from scratch. The health care organization can likely find templates on the internet that can be used as a starting point to customize HIPAA policies and procedures to be unique for the health care organization. The preparation of a well-documented set of HIPAA policies and procedures needs to be addressed through the development of Privacy and Security policies and procedures that address each of the requirements shown in the HIPAA regulations as amended by the HITECH law and the final Omnibus Regulations. The process of developing the HIPAA privacy and security policies and procedures also provides a reference for the health care organization how to consider the security addressable and required regulation requirements. Why should you attend: There are three situations where having a set of HIPAA policies and procedures are needed: First, the policies and procedures become a good reference to ensure that all areas are addressed for becoming HIPAA compliant. Second, the HIPAA regulations REQUIRE covered entities and business associates to have a set of policies and procedures directing