Group items tagged

In order to become a safe and effective medicine, a compound has to travel through a lengthy process of rigorous testing. Over the last few decades, the amount of time required to develop and test a novel drug has increased drastically. However, the introduction of social media and digital technology into drug development have the ability to significantly expedite this process. This webinar will explore the policies and principles of using social media through the evolution of developing a pharmaceutical drug from its initial stages to its introduction into the market. This includes analyzing the methods in which pharmaceutical companies utilize social media during the planning process, identifying the best candidate for the lead compound in a drug, conducting animal and human testing, recruiting candidates for clinical trials.

Overview: Final regulations for the new HIPAA Breach Notification Rule require much more than notifying individuals affected by a Breach of their Protected Health Information (PHI). Covered Entities and Business Associates first must follow and document a very specific process to determine if a Breach occurred. If no Breach occurred documentary proof must be kept for six years. If a Breach did occur timely notifications and other actions must be undertaken and documented. This webinar will explain: What Covered Entities and Business Associates must do to comply with the Breach Notification Rule What is and is not a Breach Three exceptions - when an acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is not a Breach How to perform a Breach Risk Assessment to determine if you can demonstrate a a low probability that the PHI was compromised Who must be notified in case of a Breach When notifications must be provided What information must be contained in each notification Other requirements in case of a Breach Investigate Mitigate harm to affected individuals Protect against further Breaches Document everything Planning and preparation for the worst - public relations and mitigation strategies to limit damage to the organization's reputation and financial well-being Why should you attend: Breaches and incidents that might be Breaches happen all the time! More than 173,000 separate breaches of Protected Health Information (PHI) affecting less than 500 individuals were reported to the U. S. Department of Health and Human Services (HHS) between September, 2009 and May 31, 2015 and in the same period HHS received approximately 1240 reports of PHI breaches that affected 500 or more individuals An acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is presumed to be a Breach unless it falls within an exception or the Covered Entity or Business Associate can demonstrate a low probability that the PHI was compromi

Overview: This lesson is going to get back to the basics using multiple real life scenarios and "what if's". My goal is to make this very confusing and not well explained law easy to understand for the typical staff member. I will uncover myths versus reality as it relates to this enigmatic law based on over 1000 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also point out multiple court cases I have been affiliated with where a staff member of a hospital or clinic has been sued or even imprisoned! I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why should you Attend: Are you confused about HIPAA? Do you just want the basics and in plain English? Do you know there are civil and criminal penalties even for the rank and file staff member! Do you know what you can and can't do with protected health information? It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence

HIPAA Breach Notification Rules and its new version : Let us begin at the beginning: What is breach notification? The term is pretty simple to understand. It means notifying the authorities whenever there is a breach of Protected Health Information (PHI). Covered Entities (CE's) and Business Associates (BA's), who are closely associated with PHI, and individuals whose PHI data are breached, are required to bring such data breaches to the notice of the authorities, whenever there is one. A breach notification is a mechanism that is aimed at ensuring that BA's and CE's meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA). To whom should the affected individuals and CE's and BA's complain? Whenever there is a breach of PHI by a CE or a BA, or if there is violation of the Privacy, Security, or Breach Notification Rules, the affected individual can complain to the Office for Civil Rights (OCR), which will initiate investigation into these complaints. Whenever a CE or a BA detects a breach, it can complain to the Secretary of Health and Human Services (HHS). In addition, the HIPAA breach notification rules have clear guidelines on how to report breaches in the following classifications: HIPAA's definition of a breach A breach of PHI is said to have taken place when any unpermitted use or disclosure that compromises the security of the data in the PHI takes place. Any such action, resulting in the breach of any kind of data contained in a PHI, big or small, is considered a breach, unless the CE or BA can explain that the data that got breached into was not serious enough, from its risk assessment point of view, to warrant immediate intervention. The new HIPAA breach notification rules The HHS embarked on a new HIPAA breach notification program, the HIPAA Privacy, Security, and Breach Notification Audit Program, with which it seeks to bring a few changes into the existing HIPAA breach notification rules. This new Audit Pr

Rationale for Clinical Trial Regulations Clinical trials, as we all know, are carried out to test the efficacy of a new drug or device being developed for a specific condition or disease. Clinical trials are experiments that have a high degree of risk if they are not properly implemented. For this reason, it is necessary for regulatory bodies to regulate clinical trials. The core rationale for regulating the various stages of clinical trials is that human subjects, who are part of the research, have to be protected. These clinical trial regulations are legislated at all stages: local, State, national and international. Clinical trial regulations are in force in different countries of the world. Common clinical trial regulations are also made globally by the International Conference on Harmonization (ICH), which has the mandate of setting out good practices for clinical trial regulations for trials done in global cooperation. These regulations cover the administrative, procedural and ethical aspects of clinical trials. Briefly, these are the areas in which there are clinical trial regulations for each of these aspects of clinical trials: Administrative: The administrative aspects of clinical trial regulations pertain to the way the clinical trials are run, and the way they are tracked and monitored throughout their lifecycle. A clinical trial is usually monitored by a sponsoring company or a Contract Research Organization (CRO), which the former hires at times for reasons of convenience and cost cutting. Clinical trial regulations in this area is obviously of importance because if something goes wrong at any administrative stage; these can be rectified. Procedural: Procedural aspects of clinical trial regulations relate to ways by which subjects are chosen for a clinical trial. Proper care has to be taken to ensure that the subjects are appropriate for the clinical study, are from the prescribed age, geographical, demographic, racial and gender-related cl

Overview: This lesson will be going into great detail regarding your practice or business information technology and how it relates to the HIPAA Security Rule, in particular portable devices. Areas covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT. I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why should you Attend: HIPAA NOW HAS TEETH! Be prepared for what's new in 2016! Protect your practice or business! What factors might spurn a HIPAA audit? …are you doing these things? Why are the Feds enforcing after all these years? It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence to minimize risk. Areas Covered in the Session: Updates for 2016 BYOD Portable devices B

Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your healthcare practice, business, or organization needs to understand how to put HIPAA compliance program in place or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive course. Why should you Attend: With an increase in HIPAA enforcement and Phase 2 audits underway, many organizations need to fully understand the requirements of a compliance program. Attendees will leave the course clearly understanding of all the requirements for a comprehensive HIPAA compliance program and what steps need to taken to mitigate risk. After completing this course, a Covered Entity or Business Associate will have a clear roadmap for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? What is a HIPAA Compliance Program? What is a HIPAA Risk Management Plan? What is meant by "Required" and "Addressable" Implementation Specifications? What are Administrative, Technical, and Physical Safeguards Requirements? What is a HIPAA Risk Assessment? What are HIPAA training requirements? What is a HIPAA data breach and what happens if it occurs? What are the penalties and fines for non-compliance and how to avoid them? Creating a Culture of Compliance Questions Who Will Benefit: Com

Overview: The connection between the Body, its physiology and particularly biochemistry, have been linked to the mind with particular emphasis upon emotions and stress. This can be easily substantiated in common everyday situations. Anyone who has observed a facial red flush triggered by some sort of embarrassment can attest to the foregoing connection. The emotions and stress play a key role in many if not all diseases and disorders: due to the vastness of the subject, we will focus on the application of the mind/body connection(MBC) to skin. This serves as an introduction to the field of psych dermatology which, although still in its infancy in the USA, is expanding as evidence with regard to the psychological component related to the etiology of skin diseases continues to grow. Concurrently, the field of Alternative techniques IN mind/body treatments continue to grow in leaps and bounds providing effective methods for integration with conventional cosmetic and dermaceutical treatment. This provides a dual complimentary pathway both for prevention and treatment of any/most skin disorders. Expanding on this model, we have already shown how the mind influences the body as per the above example. This general proposition can be extended to include specific skin disorders such as acne rosacea psoriasis eczema and atopic dermatitis to name a few. We will concentrate on Acne for the sake of this discussion. First, focusing on the B component of the BMC model, the primary lesion associated with acne is the formation microcomodones, which are small enough to proceed undetected until larger comodones appear later in the cycle. The latter cycle is initiated by peroxidation of squalene and unsaturated fatty acids present in human sebum. This leads to the foregoing lesions and pro- inflammatory mediators such as cytokines and interleukins followed by an increase of p.acnes on the epithelial cell wall together with increased film formation of the p.acnes is the same area This

Overview: This webinar will focus on the major fraud and abuse laws, including the Stark Law, the Anti-Kickback Statute, and the False Claims Act. In this webinar Mr. Wolfe will provide an overview of the health care regulatory issues related to implementing value-based physician compensation models. Why should you Attend: Given the substantial awards and settlements in recent Stark Law enforcement actions, Stark Law compliance has become more than just a compliance issue: it is an enterprise risk management issue. As medical groups, hospitals, and health systems transition to value-based physician compensation arrangements, they will need to make sure their arrangements continue to be compliant with the Stark Law. Areas Covered in the Session: Provide a general overview of the Stark Law, Anti-Kickback Statute and the False Claims Act. Explain the requirements for compliance with key regulatory exceptions and safe harbors. Compensation and valuation issues unique to the group practice model Discuss best practices when implementing value-based physician compensation models. Summarize the recent changes to the Stark Law for 2016. Who Will Benefit: In-House Counsel Health Care Compliance Officers Health Care Human Resources Health Care CFOs Health Care executives Speaker Profile Joseph Wolfe is an attorney with Hall, Render, Killian, Heath & Lyman, P.C., the largest health care focused law firm in the country. Mr. Wolfe provides advice and counsel to some of the nation's largest health systems, hospitals and medical groups on a variety of health care issues. He regularly counsels clients on a national basis regarding compliance-focused physician compensation and alignment strategies. He is a frequent speaker on issues related to the physician self-referral statute (Stark Law), hospital-physician transactions, physician compensation governance and health care valuation issues. Before attending law school at the University of Wisconsin, he served as a combat engi

Overview: I will be talking to specifics of HIPAA in the hospital setting, , do's and don'ts as well as dispelling myth vs reality. This lesson will be addressing how compliance officers need to get their HIPAA house in order as HIPAA is now fully enforced and the government is not using kid gloves any more. It will also address major changes under the Omnibus Rule and any other applicable updates for 2016 and beyond. There are an enormous amount of issues and risks for hospitals these days especially with the new legislation involving patient cash remedies for wrongful disclosure. I will speak on specific experiences from over 17 years of experience in working as an outsourced compliance auditor, expert witness on HIPAA cases within the hospital setting, ER setting, and thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information. More importantly I will show you how to limit those risks by simply taking proactive steps and utilizing best practices. Why should you Attend: What can and can't we do in the hospital setting with patient information? What are the new liabilities involved? How can we ensure security but also ensure patient care? This once rarely enforced law has changed and you need to know what's going on! - there are new liabilities! What factors might spurn a HIPAA audit? …are you doing these things? Why are the Feds strictly enforcing after all these years? State laws are now much tougher increasing liability for patient remedies! We will be discussing some of the changes taking place in Washington with the Health and Human Services in regards to the enforcement of the HIPAA laws already on the books. I will go over some of the new changes specifically affecting the hospital as well as the emergency room setting I will also be discussing factors might cause an unwanted visit or letter from the Office of Civil Rights and how to prepare for a potential audit Areas Covered in the Sessi

Course "The A to Z's of HIPAA Privacy, Security, and Breach Notification Rules" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: This session is designed to provide intensive, two-day training in HIPAA compliance, including what's new in the regulations, what's changed recently, and what needs to be addressed for compliance by covered entities and business associates. The session provides the background and details for any manager of healthcare information privacy and security to know what are the most important privacy and security issues, what needs to be done for HIPAA compliance, and what can happen when compliance is not adequate. Audits and enforcement will be explained, as well as privacy and security breaches and how to prevent them. Numerous references and sample documents will be provided. Who Will Benefit: * Information Security Officers * Risk Managers * Compliance Officers * Privacy Officers * Health Information Managers * Information Technology Managers * Medical Office Managers * Chief Financial Officers * Systems Managers * Legal Counsel * Operations Directors Agenda: Day One Day one sets the stage with an overview of the HIPAA regulations and then continues with presentation of the specifics of the Privacy Rule, recent changes to the rules, and the basics of the Security Rule Lecture 1: Overview of HIPAA Regulations * The Origins and Purposes of HIPAA * Privacy Rule History and Objectives * Security Rule History and Objectives * Breach Notification Requirements, Benefits, and Results Lecture 2: HIPAA Privacy Rule Principles, Policies and Procedures * Patient Rights under HIPAA * Limitations on Uses and Disclosures * Required Policies and Procedures * Training and Documentation Requirements Lecture 3: Recent and Proposed Changes to the HIPAA Rules * New Penalty Structure * New HIPAA Audit Program * New Patient Rights

A look at disruptive practitioner behavior policies: One of the very important factors needed for a healthcare unit to maintain its decorum and uphold its reputation is the implementation of disruptive practitioner behavior policies. The declaration and implementation of disruptive practitioner behavior policies goes a long way in ensuring that the hospital or healthcare center doesn't lose face. What are disruptive practitioner behavior policies? First, an understanding of disruptive practitioner behavior policies: Disruptive practitioner behavior policies may be termed as the putting in place in a healthcare providing unit a set of policies that are aimed at checking the errant and rude behavior of its staff members towards the patients and other people that use the services rendered by these centers. Who all carry out disruptive practitioner behaviors? Anyone in the healthcare setting can behave in an unbecoming and ungainly fashion with patients or those attending on them. Some of the typical types associated with disruptive practitioner behavior include shouting at them, bullying, intimidating, scolding loudly, being aggressive towards them, gesturing lewdly to them, and so on. This kind of behavior reflects very badly on the healthcare provider. Since there is intense competition in the healthcare providing industry; it is natural for patients to look for other centers when they face this kind of behavior. It is after all human to expect to be treated nicely. If one provider doesn't do that; patients look for other providers. Losing the patient, bad though it is, is not the only loss: When this becomes public, which is all the easier given the extensive reach of the social media; the healthcare unit's name goes for a toss. The role of disruptive practitioner behavior policies It is to curb this kind of behavior that disruptive practitioner behavior policies need to be put in place. Disruptive practitioner behavior policies can go a long way in reining i

Course "HIPAA - Putting an Organizational Compliance Program in Place" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your healthcare practice, business, or organization needs to understand how to put HIPAA compliance program in place or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive 2 day training course. Why you should attend With an increase in HIPAA enforcement and Phase 2 audits underway, many organizations need to fully understand the requirements of a compliance program. Attendees will leave the course clearly understanding of all the requirements for a comprehensive HIPAA compliance program and what steps need to be taken to mitigate risk. The seminar will include practical exercise to assist in knowing how to develop, review, and amend HIPAA policy and procedure. After completing this course, a Covered Entity or Business Associate will have a clear roadmap for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session * Why was HIPAA created? * What is HITECH and the Omnibus Rule? * Who Must Comply with HIPAA Requirements? * What are the HIPAA Security and Privacy Rules? * What is a HIPAA Compliance Program? * What is a HIPAA Risk Management Plan? * What is meant by

Course "Effective and Efficient Internal and Supplier Quality System Auditing for Medical Devices" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Do you want to understand how to do efficient and effective internal and supplier audits that meet all the requirements of your external auditors, but also add value to your company? Are you confused by all the requirements and guidance documents for medical device quality management systems and are tired of wading through all the regulatory language they contain. This course is for those who will do internal or supplier audits, manage an audit process for these or other company audits. This course will provide you with an easy to understand presentation on the auditing process as well as the requirements you will need to audit under ISO 13485 and the FDA Quality System Regulation (cGMP) Both FDA Quality System Regulation (QSR) and ISO 13485 require that companies do internal audits. However, because the FDA does not look at the content of internal audits, some companies do not get feedback on the true effectiveness of their internal audit system from the FDA during FDA Inspections. ISO 13485 auditors do look at internal audits, but are most concerned that you define a process that meets the requirements of the standard and are following your process. Both require that you define Auditor training is required, but this sometimes just requires reading the company's procedure, although most external auditors will look for more than this. Do you need to train new auditors for yours medical device quality management system or to audit your suppliers? Or do you need to improve the training of your internal and supplier auditors so that they add value to these audits? If you need to do either of these, this seminar will provide this training. In addition to auditing skills and hands-on auditing exercises, this seminar will provide an ove

Course "Texting and E-mail with Patients: Patient Requests and Complying with HIPAA " has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: With the recent advances in portable technology, more and more organizations and their users are taking advantage of mobile devices to save time and get work done more efficiently. Texting, portable e-mail, and Apps are revolutionizing the ways health care providers interact with their patients and get their work done. But the use of these devices comes with hidden costs of compliance, especially if they lead to a reportable breach under HIPAA or state laws. HIPAA Privacy and Security Officers have been struggling to keep up with the use of the devices to protect patient privacy and avoid compliance issues. Even if these devices aren't in formal use in your organization, you need to act now to anticipate their use and make sure they are used properly. This session is designed to provide intensive, two-day training in HIPAA compliance as it relates to the use of mobile devices, including how to use them with Protected Health Information, the policies and procedures you need to have in place to use them securely, and how to manage issues of the "BYOD" phenomenon. The session provides the background and details for any manager of health information privacy and security to know what issues to look for with mobile devices, what needs to be done for HIPAA compliance, and what can happen when compliance is not adequate. Audits and enforcement will be explained, as well as privacy and security breaches and how to prevent them. Numerous references and sample documents will be provided. The session will be valuable for both newcomers to HIPAA compliance as well as seasoned veterans. HIPAA compliance will be explained and discussed in detail, from the basics through the latest changes and new technology issues, so that the attendee will have a coherent u

Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the understanding the fundamentals of a HIPAA and how you will be required to demonstrate your organization's compliance program. If your healthcare practice, business, or organization needs to understand how to be prepared for an increase in HIPAA enforcement and make sure your current safeguards are adequate and can withstand government scrutiny, please join us for this informative and interactive course. Why should you Attend: BAll most 120,000,000 individuals were affected by HIPAA data breaches in 2015. This is a significant reason why Congress has inquired about the recent and very sizeable increases in cyber-attacks that inflect the risk of medical identity theft. The HHS Office for Civil Rights not only are conducting audits but is looking to increase HIPAA enforcement. Attendees will leave the course clearly understanding of all the requirements that must be in place for HIPAA and how to demonstrate compliance if audited. After completing this course, a Covered Entity or Business Associate will be able to know what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? What are the HIPAA Security and Privacy Rules? What is a HIPAA Risk Management Plan? What is meant by "Required" and "Addressable" Implementation Specifications? What are Administrative, Technical, and Physical Safeguards Requirements? What is a HIPAA Risk Assessment? What are HIPAA training requirement

The federal Health Insurance Portability and Accountability Act (HIPAA) was legislated in 1996 with the primary aim of ensuring that employees who are in the process of changing or leaving their jobs do not lose their health insurance benefits. Additionally, HIPAA sought to bring down health care fraud and abuse by mandating pan-industry standards for the protection of health care information and automated billing and other related processes, and for ensuring the security of Protected Health Information (PHI). What is a HIPAA Security Audit? A HIPAA Security Audit is a program under the HIPAA Privacy, Security, and Breach Notification Audit Program of the Office of Civil Rights (OCR). A HIPAA Security Audit is carried out to make sure that the policies, processes and controls on the part of Covered Entities comply with the provisions of the HITECH Act of 2009. Adherence to the requirements laid out by HITECH is mandatory. Given the high degree of continued use of new technologies that go into and will continue to go into electronic records of patients and the criticality of the data contained in them; the US Department of Health and Human Services (HHS) recognizes that there could be chances of data breach of Protected Health Information. It is to prevent the occurrence of these breaches that a HIPAA Security Audit is mandated by the HITECH Act. Reporting of data breaches is mandatory The foremost highlight of the HITECH Act is the requirement that Entities covered by HIPAA report data breaches that affect 500 or more employees to the HHS. The OCR lays out an Audit Protocol, with whose policies, protocols and processes a facility has to comply if it is said to be compliant with the HIPAA Security Audit. Why is it necessary to carry out a HIPAA/HITECH Security Audit? Compliance with HIPAA Security Audit is necessary to demonstrate that a practice or business is well protected. The most important reason for which such entities need to be HIPAA/HITECH Security

Overview: New changes modifying the HIPAA Privacy and Security Regulations are going into place to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009. The changes include establishing new rights for individuals as well as changes to the limitations on uses and disclosures. New requirements for patient access to records and requirements to notify individuals in the event of a breach are only two of the many areas affected in the new law, including new requirements for restriction and accounting of disclosures and increased enforcement activity. Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates and their subcontractors will need to establish compliance programs. And if you are required to have a HIPAA Notice of Privacy Practices, you will need to update that to show all the new rights that patients will have, such as electronic copies, new rights to restrict disclosures, and much more. Business associates are now directly covered by the HIPAA privacy and security regulations and are liable for fines and penalties if they do not comply. If a business associate supplies services that interact with the new changes to the rules, the BA will need to be aware of the new requirements. We will explain what a Business Associate needs to do differently under the new regulations. Electronic records have new demands placed on them, in both providing access and in accounting for all disclosures of health information - the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be tracked in an EHR and review the various ways patient records can be supplied electronically. The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be chang

Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your organization needs to understand the role of the HIPAA Security Official, the requirements, and make sure the current compliance program is adequate and can withstand government scrutiny, please join us for this informative and interactive course. Why should you Attend: The role of the HIPAA Security Official is critically important in complying with the HIPAA Security Rule. Besides being responsible for many of the daily operations within an organization, the Security Official is tasked with managing the HIPAA compliance program. Knowing what is required is part of the Security Official's duties. Attendees will leave the course clearly understanding of all the requirements for a comprehensive HIPAA compliance program and to make sure on organization has the proper policies and procedures in place. After completing this course, a HIPAA Security Official will have a clear understanding for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? The Role of the HIPAA Security Official What is a HIPAA Compliance Program? What is a HIPAA Risk Management Plan? What is meant by "Required" and "Addressable" Implementation Specifications? What are Administrative, Technical, and Physical Safeguards Requirements? What is a HIPAA Risk Asses

Overview: This lesson will be going into great detail regarding your practice or business information technology and how it relates to the HIPAA Security Rule, in particular portable devices. Areas covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT. I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why should you Attend: HIPAA NOW HAS TEETH! Be prepared for what's new in 2016! Protect your practice or business! What factors might spurn a HIPAA audit? …are you doing these things? Why are the Feds enforcing after all these years? It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence to minimize risk. Areas Covered in the Session: Updates for 2016 BYOD Portable devices B