Group items tagged

Course "HIPAA Security & Privacy Official - Roles and Responsibilities" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Being the HIPAA Security and Privacy Official involves not only ensuring you know the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your HIPAA Security and Privacy Official needs to understand what all the HIPAA requirements are or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive seminar. Why you should attend: The HIPAA Security and Privacy Official is the backbone of any organization's compliance program. Often times this role is assigned as collateral duty in smaller organizations. Regardless the size of an organization, the HIPAA Security and Privacy Official must know all the requirements for compliance. This is a critical element of the position. Attendees will leave the course clearly understanding the role and all the requirements as the designated as a HIPAA Security and Privacy Official. This seminar will cover reviews, creation, and amending policy and procedure. After completing this course, a HIPAA Security and Privacy Official will have a clear understanding for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? The Role and Responsibilities of the HIPAA Security and Privacy Official Complying with HIPAA Requirements? What are the HIPAA Security

Course "HIPAA - Putting an Organizational Compliance Program in Place" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your healthcare practice, business, or organization needs to understand how to put HIPAA compliance program in place or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive 2 day training course. Why you should attend With an increase in HIPAA enforcement and Phase 2 audits underway, many organizations need to fully understand the requirements of a compliance program. Attendees will leave the course clearly understanding of all the requirements for a comprehensive HIPAA compliance program and what steps need to be taken to mitigate risk. The seminar will include practical exercise to assist in knowing how to develop, review, and amend HIPAA policy and procedure. After completing this course, a Covered Entity or Business Associate will have a clear roadmap for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session * Why was HIPAA created? * What is HITECH and the Omnibus Rule? * Who Must Comply with HIPAA Requirements? * What are the HIPAA Security and Privacy Rules? * What is a HIPAA Compliance Program? * What is a HIPAA Risk Management Plan? * What is meant by

Course "HIPAA - Putting an Organizational Compliance Program in Place" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your healthcare practice, business, or organization needs to understand how to put HIPAA compliance program in place or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive 2 day training course. Why you should attend: With an increase in HIPAA enforcement and Phase 2 audits underway, many organizations need to fully understand the requirements of a compliance program. Attendees will leave the course clearly understanding of all the requirements for a comprehensive HIPAA compliance program and what steps need to be taken to mitigate risk. The seminar will include practical exercise to assist in knowing how to develop, review, and amend HIPAA policy and procedure. After completing this course, a Covered Entity or Business Associate will have a clear roadmap for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: · Why was HIPAA created? · What is HITECH and the Omnibus Rule? · Who Must Comply with HIPAA Requirements? · What are the HIPAA Security and Privacy Rules? · What i

Overview: One of the major requirements of the health care organization to be HIPAA compliant is to develop and implement a set of HIPAA privacy and security policies and procedures. This can be a daunting task for those not knowing where to start and what a set of HIPAA privacy and security policies and procedures should look like. For the cost conscious health care organization, the HIPAA policies and procedures can have multiple uses: first, they can become a basis for training the health care organization workforce; second, they can be used as a basis for conducting a HIPAA self-assessment; and third, they can be used to demonstrate due diligence should there be a breach or an externalHIPAA compliance audit. In today's world it is not necessary that the health care organization spend significant funds to develop a set of HIPAA privacy and security policies and procedures from scratch. The health care organization can likely find templates on the internet that can be used as a starting point to customize HIPAA policies and procedures to be unique for the health care organization. The preparation of a well-documented set of HIPAA policies and procedures needs to be addressed through the development of Privacy and Security policies and procedures that address each of the requirements shown in the HIPAA regulations as amended by the HITECH law and the final Omnibus Regulations. The process of developing the HIPAA privacy and security policies and procedures also provides a reference for the health care organization how to consider the security addressable and required regulation requirements. Why should you attend: There are three situations where having a set of HIPAA policies and procedures are needed: First, the policies and procedures become a good reference to ensure that all areas are addressed for becoming HIPAA compliant. Second, the HIPAA regulations REQUIRE covered entities and business associates to have a set of policies and procedures directing t

Overview: The webinar will concentrate on topics that HHS has announced will be the focus of the first round of "desk audits". They reflect significant areas of non-compliance revealed in the 2012 pilot audits and HHS HIPAA violation investigations concluded by Resolution Agreements and Corrective Action Plans. They include: HIPAA Risk Analysis Risk Management based on Risk Analysis Breach Notification Notice of Privacy Practices (for Covered Entities) Minimum Necessary Standard Access of Individuals to their PHI Authorizations Workforce Training This webinar is vital because, in focusing on preparation for a HIPAA Compliance Audit, Covered Entities and Business Associates may review, prioritize and structure their HIPAA Compliance programs. If you have HIPAA Compliance documentation ready to submit on two weeks notice to HHS you are implementing an effective HIPAA Compliance program. In addition, every Covered Entity or Business Associate may face an HHS HIPAA Compliance investigation at any time due to a complaint or a Breach. If you are "audit ready" you will be ready for an investigation - and better able to avoid complaints and prevent breaches. Why should you attend: Every Covered Entity and Business Associate is liable - without prior notice - to be audited for HIPAA Compliance by HHS You will have only 2 weeks after receiving your HIPAA Compliance Audit notification and data request to upload all requested documents to an HHS HIPAA Compliance Audit Portal The HIPAA Compliance Audit data request you receive will specify content and file organization, file names and any other document submission requirements Auditors will not contact an audited entity for clarifications or ask for additional information - it is essential that submitted documents are current, accurately reflect the entity's HIPAA Compliance program and demonstrate HIPAA Compliance Only data submitted on time will be assessed Failure to respond on time may be referred to the HHS regional

Overview: One of the major requirements of the health care organization to be HIPAA compliant is to develop and implement a set of HIPAA privacy and security policies and procedures. This can be a daunting task for those not knowing where to start and what a set of HIPAA privacy and security policies and procedures should look like. For the cost conscious health care organization, the HIPAA policies and procedures can have multiple uses: first, they can become a basis for training the health care organization workforce; second, they can be used as a basis for conducting a HIPAA self-assessment; and third, they can be used to demonstrate due diligence should there be a breach or an externalHIPAA compliance audit. In today's world it is not necessary that the health care organization spend significant funds to develop a set of HIPAA privacy and security policies and procedures from scratch. The health care organization can likely find templates on the internet that can be used as a starting point to customize HIPAA policies and procedures to be unique for the health care organization. The preparation of a well-documented set of HIPAA policies and procedures needs to be addressed through the development of Privacy and Security policies and procedures that address each of the requirements shown in the HIPAA regulations as amended by the HITECH law and the final Omnibus Regulations. The process of developing the HIPAA privacy and security policies and procedures also provides a reference for the health care organization how to consider the security addressable and required regulation requirements. Why should you attend: There are three situations where having a set of HIPAA policies and procedures are needed: First, the policies and procedures become a good reference to ensure that all areas are addressed for becoming HIPAA compliant. Second, the HIPAA regulations REQUIRE covered entities and business associates to have a set of policies and procedures directing

The federal Health Insurance Portability and Accountability Act (HIPAA) was legislated in 1996 with the primary aim of ensuring that employees who are in the process of changing or leaving their jobs do not lose their health insurance benefits. Additionally, HIPAA sought to bring down health care fraud and abuse by mandating pan-industry standards for the protection of health care information and automated billing and other related processes, and for ensuring the security of Protected Health Information (PHI). What is a HIPAA Security Audit? A HIPAA Security Audit is a program under the HIPAA Privacy, Security, and Breach Notification Audit Program of the Office of Civil Rights (OCR). A HIPAA Security Audit is carried out to make sure that the policies, processes and controls on the part of Covered Entities comply with the provisions of the HITECH Act of 2009. Adherence to the requirements laid out by HITECH is mandatory. Given the high degree of continued use of new technologies that go into and will continue to go into electronic records of patients and the criticality of the data contained in them; the US Department of Health and Human Services (HHS) recognizes that there could be chances of data breach of Protected Health Information. It is to prevent the occurrence of these breaches that a HIPAA Security Audit is mandated by the HITECH Act. Reporting of data breaches is mandatory The foremost highlight of the HITECH Act is the requirement that Entities covered by HIPAA report data breaches that affect 500 or more employees to the HHS. The OCR lays out an Audit Protocol, with whose policies, protocols and processes a facility has to comply if it is said to be compliant with the HIPAA Security Audit. Why is it necessary to carry out a HIPAA/HITECH Security Audit? Compliance with HIPAA Security Audit is necessary to demonstrate that a practice or business is well protected. The most important reason for which such entities need to be HIPAA/HITECH Security

Overview: Discussions, presentation, and webinars regarding HIPAA regulations are usually addressed from the perspective of what the regulations entail, the necessity of compliance with the regulations, and the consequences of willful neglect or non-compliance. This presentation addresses HIPAA regulations from a different perspective - from a personal perspective - from the perspective of the person in charge of moving an organization or facility toward full compliance with HIPAA. The by-product of this presentation will be both an understanding of, and a detailed job description for, a position mandated in the regulations - the HIPAA Security/Privacy Officer. Why should you attend: The HIPAA regulations are numerous, complicated, often vague, and affect every person working in a healthcare facility. Compliance with HIPAA will require a unique individual to lead the charge - an individual whose education, background, experience, and demonstrated skill sets offer the opportunity for that person to succeed in achieving the goals of that position. This is a new position to most healthcare facilities. So understanding who this person should be, what is required of the person with this job title, and with whom this person will interface is vital to every healthcare organization with the goal of achieving full compliance with HIPAA. Areas Covered in the Session: Position goals Position requirements (education, experience, skill sets, etc.) Position responsibilities Stay abreast of regulations Initiate compliance with HIPAA (according to regulations) Ensure continuous progress toward full compliance Develop appropriate security/privacy policies & procedures Oversee and deliver appropriate training programs to all employees Track compliance with HIPAA regulations at the facility & individual levels Track access to PHI Investigate and resolve HIPAA violations Apply sanctions to HIPAA violators Manage any information security personnel Prepare a department budget Hold Bu

Overview: New changes modifying the HIPAA Privacy and Security Regulations are going into place to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009. The changes include establishing new rights for individuals as well as changes to the limitations on uses and disclosures. New requirements for patient access to records and requirements to notify individuals in the event of a breach are only two of the many areas affected in the new law, including new requirements for restriction and accounting of disclosures and increased enforcement activity. Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates and their subcontractors will need to establish compliance programs. And if you are required to have a HIPAA Notice of Privacy Practices, you will need to update that to show all the new rights that patients will have, such as electronic copies, new rights to restrict disclosures, and much more. Business associates are now directly covered by the HIPAA privacy and security regulations and are liable for fines and penalties if they do not comply. If a business associate supplies services that interact with the new changes to the rules, the BA will need to be aware of the new requirements. We will explain what a Business Associate needs to do differently under the new regulations. Electronic records have new demands placed on them, in both providing access and in accounting for all disclosures of health information - the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be tracked in an EHR and review the various ways patient records can be supplied electronically. The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be chang

What is HIPAA ? Compliance with the Health Insurance Portability and Accountability Act (HIPAA) is a core requirement of the stakeholders involved in health information. HIPAA has prescribed standards with which to protect critical data relating to patients. Electronic Health Records (EHRs) are important documents that contain sensitive patient data, and are thus considered Protected Health Information (PHI). Since this data is accessible to a number of players involved in the field of healthcare; it extremely important to set regulatory guidelines aimed at ensuring that patient information remains protected. HIPAA compliance is essentially about staying in compliance with these guidelines. Measures needed to show compliance with HIPAA HIPAA requires a healthcare organization dealing with PHI to implement all of the following measures and comply with them: Physical measures Network measures, and Process security measures The role of HIPAA Privacy Rule and HIPAA Security Rule HIPAA has set out two important rules that pertain to compliance. These are the HIPAA Privacy Rule and the HIPAA Security Rule. While the Privacy Rule relates to how the medical information of a patient is saved, accessed and shared; the Security Rule is about how to implement national security safeguards for protecting electronic PHI, or ePHI. Who all need to be HIPAA compliant? Since the aim of HIPAA compliance is to ensure complete safety of patient data, it has requirements for every stakeholder in the EHR process. These stakeholders comprise: Covered Entities (CE): Anyone involved in the treatment, payment and operations in healthcare Business Associates (BA): Any person who has access to patient information and is involved in supporting treatment, payment or operations. These include third-party administrators and private sector vendors Those with whom BA's work, or those that are called subcontractors Hosting providers. These typically include healthcare software pro

Overview: Discussions, presentation, and webinars regarding HIPAA regulations are usually addressed from the perspective of what the regulations entail, the necessity of compliance with the regulations, and the consequences of willful neglect or non-compliance. This presentation addresses HIPAA regulations from a different perspective - from a personal perspective - from the perspective of the person in charge of moving an organization or facility toward full compliance with HIPAA. The by-product of this presentation will be both an understanding of, and a detailed job description for, a position mandated in the regulations - the HIPAA Security/Privacy Officer. Why should you attend: The HIPAA regulations are numerous, complicated, often vague, and affect every person working in a healthcare facility. Compliance with HIPAA will require a unique individual to lead the charge - an individual whose education, background, experience, and demonstrated skill sets offer the opportunity for that person to succeed in achieving the goals of that position. This is a new position to most healthcare facilities. So understanding who this person should be, what is required of the person with this job title, and with whom this person will interface is vital to every healthcare organization with the goal of achieving full compliance with HIPAA. Areas Covered in the Session: Position goals Position requirements (education, experience, skill sets, etc.) Position responsibilities Stay abreast of regulations Initiate compliance with HIPAA (according to regulations) Ensure continuous progress toward full compliance Develop appropriate security/privacy policies & procedures Oversee and deliver appropriate training programs to all employees Track compliance with HIPAA regulations at the facility & individual levels Track access to PHI Investigate and resolve HIPAA violations Apply sanctions to HIPAA violators Manage any information security personnel Prepare a department

Overview: In 2013, The US Department of Health and Human Services made major changes to rules implementing The Health Insurance and Portability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2003 (HITECH). Among the many areas impacted by these rules (billing, marketing, research, IT security, etc.) is fund raising. The amendments significantly modify the methods and practice that hospitals, their institutionally related foundations, and other healthcare charities may or must employ when using ANY patient or client information for fund raising. The webinar will cover how to effectively implement the fund raising regulations in a manner that increases both opportunities for philanthropic support and compliant implementation of the new mandates. The rules include specific operational requirements, some of which prohibit protocols that were required under the original HIPAA regulations. The "magic words" mandated by HIPPA-related regulations changed in multiple areas. The webinar will cover all of these areas to ensure your organization is both legally compliant and operationally effective. The types of information that may be used for fund raising changed significantly. This presents numerous substantial fund raising opportunities, as well as challenges on the use and storage of such information. Among other areas to be presented are The required method for individuals to opt-out of receiving fund raising communication The methods of informing patients and clients of their right to opt-out from receiving fund raising communication The broadly expanded types of fund raising communication subject to opt-out rights How providers, hospital, and related fund raising foundation apply an opt-out election by an individual The type of patient and client information that health charities may use for fund raising The contents of provider's Notice of Privacy Practice How clinicians can assist both their patients/clients and the

Setting up a compliance program in healthcare: Organizations that set up a compliance program in healthcare should go by many voluntary regulations from the OIG, apart from those mandated by HIPAA. Setting up a compliance program in healthcare is about being compliant with standards. This entails having to be compliant with several standards, which cover a wide variety of areas. There are several voluntary and mandatory guidelines from the Office of the Inspector General (OIG), apart from standards from HIPAA. Setting up a compliance program in healthcare meeting HIPAA requirements is set out and mandated by the Patient Protection and Affordable Care Act (PPACA). Guidelines from the Office of the Inspector General (OIG) The series of compliance program guidance documents from the OIG are largely voluntary, and are meant for the different sections of the health care industry. These include Hospitals Nursing homes Third-party billers, and Durable medical equipment suppliers. These guidelines are issued with the intention of motivating healthcare units to develop and use their own internal controls aimed at helping them adhere to regulations, program requirements and statutes. The OIG issues documents, which act as guidelines for setting up a compliance program in healthcare by providing principles. These need to be adapted when healthcare organizations have to develop their own compliance program that is in tune with their best interests and needs. Another major aim is served in the implementation of these guidelines for setting up a compliance program in healthcare: They help healthcare units to understand the nature of fraud and other risks associated with abuse, when they are setting up a compliance program for their healthcare unit. HIPAA requirements Setting up a compliance program in healthcare while being compliant with HIPAA regulationsrequires a healthcare organization to put in place measures that ensure that health records must: Be confident

Overview: The primary goal of this session is to demonstrate why the health care organization needs to perform a risk assessment and how to perform the risk assessment. This includes a description of the types of breaches of protected health information that have already occurred and the reasons those breaches happened. The presentation then provides that reasons that a risk assessment is required in a health care organization and who needs to perform the assessment. There are a number of approaches available both for purchase on the web and performed by professionals on site. This discussion helps the participant determine which approach is best for their health care organization and what portions of the assessment are most important to the organization. The topic addresses the key components of a risk assessment and how to perform the risk assessment. This includes how to define the specific risks, how to know, how to assess the likelihood and impact of the risk and the final determination on the level of severity of the risk for the organization. Finally, the session explains how to interpret the results of the risk assessment, how to use the results of the risk assessment for preparing the health care organization's policies and procedures and how to conduct the HIPAA training for its staff. Why should you attend: In addition to the negative publicity and potential fines, a breach of a patient's health information often leads to litigation which is also time consuming and costly. The way to avoid these situations is to perform a Risk Assessment to understand where the health care organization is risk of an unauthorized breach and provide a basis for becoming HIPAA compliant. There are three reasons why a Risk Assessment is necessary: First, both the HIPAA Privacy and Security Regulations require a Risk Assessment for the organization to be HIPAA compliant Second, as a result of the Risk Assessment the organization knows where it needs to address its effo

Overview: Essentially, covering in 90 minutes the basics of E everything that applies to your clinical work. We will give you the questions to ask your IT people, because you should not implicitly trust them, because the law will hold you accountable more than them. We will first cover the general principles of electronic compliances as laid forth in HIPAA. We will then discuss how this applies to your desktop/laptop/iPads and smart devices, other electronic equipment such as routers and modems. We also cover the use of email, secure mail and your EHR/EMR. We will discuss the pros and cons of using the cloud for your data storage and EHR/EMR, i.e. knowing what a HIPAA compliant data center looks like. Principles in the use of encryption and passwords and other security principles will also be covered. Why should you Attend: Unless you are 100% sure you've thought through every angle of your patient's electronic PHI and you sleep like a baby never concerned about this then you need to attend. If you have any questions about the details of what electronic compliance looks like and how it's applied in day-to-day clinical and business activities, interactions with vendors, EHR/EMR, your relationship with your ISP and IT providers, use of all electronic devices, then this workshop is for you. It also gives you principles to apply in new situations which are likely to arise frequently. If you wrote the book on this it would be out of date in 24 hours, so what's important is to learn how to think about these things and use your resources to stay ahead of the game. If you are confident you have the basics covered on every item listed below then this seminar is not for you. Areas Covered in the Session: HIPAA electronic compliance Secure use of EHR/EMR Email and secure mail use Encryption and password security principles Interfacing with the public Interfacing with vendors such as ISPs and other telecommunication companies Backups Cloud use How to know your data center

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has announced relaxation in HIPAA rules for covered entities and business associates who participate in good faith in the COVID-19 testing site operation. It doesn't stop there, but HIPAA penalties won't apply to covered healthcare providers for practicing telehealth medicine using third-party applications such as Skype or Facebook Messenger

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has announced relaxation in HIPAA rules for covered entities and business associates who participate in good faith in the COVID-19 testing site operation.

Health Information Security Compliance: Health information security compliance requirements from HIPAA keep risk management at the core. These requirements also have other guidelines. Health information security compliance is a vital requirement for healthcare providers. Healthcare professionals have to ensure security and privacy of Protected Health Information (PHI) and Electronic Protected Health Information (ePHI), which are part of Electronic Health Records (EHR). The guidelines, rules and requirements are mandated by HIPAA, which is in charge of ensuring that there is privacy and security of health information. Challenges associated with health information security compliance The very fact that a lot of health information is stored in electronic records makes health information security compliance all the more challenging. The way in which information flows between various players in the sector is also a factor: shared computers and information sharing with third party associates like laboratories and billers. If a healthcare organization is not compliant with health information security, it could be held indirectly responsible for issues arising out of these. HIPAA has regulations and guidelines on how providers can keep PHI and ePHI. It suggests and strongly recommends risk analysis as the basis for health information security compliance. These are set out in the Meaningful Use requirements. Some of risk analysis methods include or relate to the following: The provider's EHR software and hardware Assessment of whether the provider's practice protocols are adequate Risk assessment of the provider's physical setting and environment Risk assessment relating to staff education and training A thorough examination of EHR access controls Risk management relating to contracts with the provider's Business Associates The healthcare provider's practices in relation to patient relations and communications Physical measures for ensuring health information security c

A professional medical billing service will always comply with HIPAA regulations. In case of any negligence in this sector, physicians and billing companies may come under the attack of penalties and a bad reputation.

In this age of technology, we have to monitor computer systems very closely because cyber-attacks are just waiting to happen. Cybersecurity

There are certain security standards that every medical billing service has to follow. Healthcare information is sensitive, and it cannot be taken lightly with underwhelming billing and security measures.