Group items tagged

Course "The A to Z's of HIPAA Privacy, Security, and Breach Notification Rules" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: This session is designed to provide intensive, two-day training in HIPAA compliance, including what's new in the regulations, what's changed recently, and what needs to be addressed for compliance by covered entities and business associates. The session provides the background and details for any manager of healthcare information privacy and security to know what are the most important privacy and security issues, what needs to be done for HIPAA compliance, and what can happen when compliance is not adequate. Audits and enforcement will be explained, as well as privacy and security breaches and how to prevent them. Numerous references and sample documents will be provided. Who Will Benefit: * Information Security Officers * Risk Managers * Compliance Officers * Privacy Officers * Health Information Managers * Information Technology Managers * Medical Office Managers * Chief Financial Officers * Systems Managers * Legal Counsel * Operations Directors Agenda: Day One Day one sets the stage with an overview of the HIPAA regulations and then continues with presentation of the specifics of the Privacy Rule, recent changes to the rules, and the basics of the Security Rule Lecture 1: Overview of HIPAA Regulations * The Origins and Purposes of HIPAA * Privacy Rule History and Objectives * Security Rule History and Objectives * Breach Notification Requirements, Benefits, and Results Lecture 2: HIPAA Privacy Rule Principles, Policies and Procedures * Patient Rights under HIPAA * Limitations on Uses and Disclosures * Required Policies and Procedures * Training and Documentation Requirements Lecture 3: Recent and Proposed Changes to the HIPAA Rules * New Penalty Structure * New HIPAA Audit Program * New Patient Rights

Overview: Final regulations for the new HIPAA Breach Notification Rule require much more than notifying individuals affected by a Breach of their Protected Health Information (PHI). Covered Entities and Business Associates first must follow and document a very specific process to determine if a Breach occurred. If no Breach occurred documentary proof must be kept for six years. If a Breach did occur timely notifications and other actions must be undertaken and documented. This webinar will explain: What Covered Entities and Business Associates must do to comply with the Breach Notification Rule What is and is not a Breach Three exceptions - when an acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is not a Breach How to perform a Breach Risk Assessment to determine if you can demonstrate a a low probability that the PHI was compromised Who must be notified in case of a Breach When notifications must be provided What information must be contained in each notification Other requirements in case of a Breach Investigate Mitigate harm to affected individuals Protect against further Breaches Document everything Planning and preparation for the worst - public relations and mitigation strategies to limit damage to the organization's reputation and financial well-being Why should you attend: Breaches and incidents that might be Breaches happen all the time! More than 173,000 separate breaches of Protected Health Information (PHI) affecting less than 500 individuals were reported to the U. S. Department of Health and Human Services (HHS) between September, 2009 and May 31, 2015 and in the same period HHS received approximately 1240 reports of PHI breaches that affected 500 or more individuals An acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is presumed to be a Breach unless it falls within an exception or the Covered Entity or Business Associate can demonstrate a low probability that the PHI was compromi

Overview: New changes modifying the HIPAA Privacy and Security Regulations are going into place to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009. The changes include establishing new rights for individuals as well as changes to the limitations on uses and disclosures. New requirements for patient access to records and requirements to notify individuals in the event of a breach are only two of the many areas affected in the new law, including new requirements for restriction and accounting of disclosures and increased enforcement activity. Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates and their subcontractors will need to establish compliance programs. And if you are required to have a HIPAA Notice of Privacy Practices, you will need to update that to show all the new rights that patients will have, such as electronic copies, new rights to restrict disclosures, and much more. Business associates are now directly covered by the HIPAA privacy and security regulations and are liable for fines and penalties if they do not comply. If a business associate supplies services that interact with the new changes to the rules, the BA will need to be aware of the new requirements. We will explain what a Business Associate needs to do differently under the new regulations. Electronic records have new demands placed on them, in both providing access and in accounting for all disclosures of health information - the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be tracked in an EHR and review the various ways patient records can be supplied electronically. The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be chang

Course "New HIPAA Audit and Enforcement Activities: Being Prepared to Show your Compliance " has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: We will be discussing the history and evolution of HIPAA Privacy/Security and the major points you need to understand to proactively protect your practice or business from the imminent federal auditing process: * History of HIPAA * HITECH * HIPAA Omnibus Rule * How to perform a HIPAA Security Risk Assessment * What is involved in a Federal audit and how is it conducted * Risk factors for a federal audit * How to avoid a Federal audit * Business Associates and HIPAA audits * EHR and HIPAA * Business Continuity/Disaster Recovery Planning * Assessing your contractors and sub-contractors * In depth discussions on IT down to the nuts and bolts * Risk factors that can cause an audit (low hanging fruit) * New rules which grant states ability to sue citing HIPAA on behalf of a patient * New funding measures Why should you attend : The evolutions of this enigmatic law and how what was once relative benign in terms of enforcement is now fully funded and aggressive. Learn what you can do to be prepared for an audit and how to lower risks of ever being audited. It is absolutely imperative that you are proactive and not reactive with your compliance program, this is a necessary evil and you need to protect your practice or your business and limit risks from the imminent Federal audits. Join me in keeping up with this very confusing law and take advantage of all the templates and information provided as part of the seminar. Areas Covered in the Session: * HIPAA -Brief History * HIPAA Privacy Rule vs HIPAA Security Rule * HITECH Act * Breach Notification Rule * Omnibus Rule and audits * Business Associates and audits * Current Court Cases (precedence) * Paper Based PHI Concerns and how to lower risk

HIPAA Breach Notification Rules and its new version : Let us begin at the beginning: What is breach notification? The term is pretty simple to understand. It means notifying the authorities whenever there is a breach of Protected Health Information (PHI). Covered Entities (CE's) and Business Associates (BA's), who are closely associated with PHI, and individuals whose PHI data are breached, are required to bring such data breaches to the notice of the authorities, whenever there is one. A breach notification is a mechanism that is aimed at ensuring that BA's and CE's meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA). To whom should the affected individuals and CE's and BA's complain? Whenever there is a breach of PHI by a CE or a BA, or if there is violation of the Privacy, Security, or Breach Notification Rules, the affected individual can complain to the Office for Civil Rights (OCR), which will initiate investigation into these complaints. Whenever a CE or a BA detects a breach, it can complain to the Secretary of Health and Human Services (HHS). In addition, the HIPAA breach notification rules have clear guidelines on how to report breaches in the following classifications: HIPAA's definition of a breach A breach of PHI is said to have taken place when any unpermitted use or disclosure that compromises the security of the data in the PHI takes place. Any such action, resulting in the breach of any kind of data contained in a PHI, big or small, is considered a breach, unless the CE or BA can explain that the data that got breached into was not serious enough, from its risk assessment point of view, to warrant immediate intervention. The new HIPAA breach notification rules The HHS embarked on a new HIPAA breach notification program, the HIPAA Privacy, Security, and Breach Notification Audit Program, with which it seeks to bring a few changes into the existing HIPAA breach notification rules. This new Audit Pr

Course "Texting and E-mail with Patients: Patient Requests and Complying with HIPAA " has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: With the recent advances in portable technology, more and more organizations and their users are taking advantage of mobile devices to save time and get work done more efficiently. Texting, portable e-mail, and Apps are revolutionizing the ways health care providers interact with their patients and get their work done. But the use of these devices comes with hidden costs of compliance, especially if they lead to a reportable breach under HIPAA or state laws. HIPAA Privacy and Security Officers have been struggling to keep up with the use of the devices to protect patient privacy and avoid compliance issues. Even if these devices aren't in formal use in your organization, you need to act now to anticipate their use and make sure they are used properly. This session is designed to provide intensive, two-day training in HIPAA compliance as it relates to the use of mobile devices, including how to use them with Protected Health Information, the policies and procedures you need to have in place to use them securely, and how to manage issues of the "BYOD" phenomenon. The session provides the background and details for any manager of health information privacy and security to know what issues to look for with mobile devices, what needs to be done for HIPAA compliance, and what can happen when compliance is not adequate. Audits and enforcement will be explained, as well as privacy and security breaches and how to prevent them. Numerous references and sample documents will be provided. The session will be valuable for both newcomers to HIPAA compliance as well as seasoned veterans. HIPAA compliance will be explained and discussed in detail, from the basics through the latest changes and new technology issues, so that the attendee will have a coherent u

Overview: With the recent advances in portable technology, more and more organizations and their users are taking advantage of mobile devices to save time and get work done more efficiently. Texting, portable e-mail, and Apps are revolutionizing the ways health care providers interact with their patients and get their work done. But the use of these devices comes with hidden costs of compliance, especially if they lead to a reportable breach under HIPAA or state laws. HIPAA Privacy and Security Officers have been struggling to keep up with the use of the devices to protect patient privacy and avoid compliance issues. Even if these devices aren't in formal use in your organization, you need to act now to anticipate their use and make sure they are used properly. This session is designed to provide intensive, two-day training in HIPAA compliance as it relates to the use of mobile devices, including how to use them with Protected Health Information, the policies and procedures you need to have in place to use them securely, and how to manage issues of the "BYOD" phenomenon. The session provides the background and details for any manager of health information privacy and security to know what issues to look for with mobile devices, what needs to be done for HIPAA compliance, and what can happen when compliance is not adequate. Audits and enforcement will be explained, as well as privacy and security breaches and how to prevent them. Numerous references and sample documents will be provided. The session will be valuable for both newcomers to HIPAA compliance as well as seasoned veterans. HIPAA compliance will be explained and discussed in detail, from the basics through the latest changes and new technology issues, so that the attendee will have a coherent understanding of not only the rules, but also how to think about compliance and make sound compliance decisions on a day-to-day basis in the context of mobile devices. Agenda Day One Day one sets the stage with an ov

Course "HIPAA for the Compliance Officer" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: I will be going into great detail regarding you practice or business and how it relates to the HIPAA Security/Privacy Rule, Areas covered will be history of HIPAA, privacy vs security, business associates, changes for 2016, audit process, paper based PHI, HIPAA and suing, texting, email, encryption, medical messaging, voice data and much, much, more I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition, this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why you should attend: This lesson will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2016. There are an enormous amount of issues and risks for covered entities and business associates these days. I will speak on specific experiences from over 17 years of experience in working as an outsourced compliance auditor, expert witness on HIPAA cases, and thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information. More im

Overview: Today's health care delivery occurs in a diverse, fast-changing, multidisciplinary health care environment. This often presents challenges to the health care professional that are not easy to navigate. Medical records and their confidentiality have long been the exclusive province of state law, but has now been recognized for some time in the federal HIPAA statutes and federal regulations. Differing and even conflicting sources of requirements at the state level still exist for the retention and disposition of medical records. These sources may vary based upon the specific health care practitioner - whether physicians, dentists, psychologists, or other health care providers, including mental health practitioners. As to the specific, individual health care practitioner, state laws mandate their confidentiality, retention, and even their specific content with regards to patient, clinical records. In addition to these clinical requirements, additional state laws set forth the content and retention of other types of records kept by the professional, such as supervisory agreements with other professionals subordinate to them as well as their own unique record content requirements. With the majority of medical records moving to an electronic format, special rules now exist with regard to the confidentiality, security, retention, and disposition of electronic medical records. This is particularly important as state laws continue to allow for and regulate the provision of telemedicine by various health care practitioners. For example, while psychotherapy and mental health services are ideal treatments to offer over the internet, that is, by simultaneous audio-visual transmission between the doctor and the patient, the risks of breaches of confidentiality also vastly increase. And when the successful doctor-patient relationship is over, how does the health care practitioner providing a mental health service dispose of these electronic records? In addition to

HIPAA Privacy Myths: HIPAA, the most comprehensive and as of now, the only truly Pan-American federal statute on health information, is unfortunately, still a target of misconceptions and myths. In particular, the Privacy Rule, which is the cornerstone of HIPAA's rule on confidentiality of patient information, offers room for many misconceptions. A few common HIPAA Privacy Myths: HIPAA Privacy Myths regarding communication between the patient and physician A common HIPAA Privacy Myth relates to the communication of mails between the patient and the physician. It is a common misconception that since the Privacy Rule is about ensuring the patient's privacy; it disallows email communication between the doctor and the patient. HIPAA Privacy Rule does allow this form of communication, so that the requisite safeguards are built into the communication aimed at ensuring the confidentiality and integrity of the mails. Transmission of the patient's protected health information Another of the common HIPAA Privacy Myths pertains to the transmission of patient information from one healthcare facility to another. Fact is, no permission is required for Covered Entities to disclose patient information from one clinic to another. The Covered Entity can also share Protected Health Information about the patient for legitimate purposes without the patient's consent or knowledge. Cumbersome and expensive HIPAA Privacy Rule regulations Many people tend to believe that the HIPAA Privacy Rule is a tangled web of regulations that are so complex and painstaking in terms of the administrative detail that implementation of the HIPAA Privacy Rule on a national scale is going to burn a hole in the national exchequer. This is completely untrue. On the contrary, over the years, implementation of the HIPAA Privacy Rule has been bringing down the administrative costs quite significantly, resulting in saving of a few billion dollars in the long run on administrative tasks like transactions

Overview: Today's health care delivery occurs in a diverse, fast-changing, multidisciplinary health care environment. This often presents challenges to the health care professional that are not easy to navigate. Medical records and their confidentiality have long been the exclusive province of state law, but has now been recognized for some time in the federal HIPAA statutes and federal regulations. Differing and even conflicting sources of requirements at the state level still exist for the retention and disposition of medical records. These sources may vary based upon the specific health care practitioner - whether physicians, dentists, psychologists, or other health care providers, including mental health practitioners. As to the specific, individual health care practitioner, state laws mandate their confidentiality, retention, and even their specific content with regards to patient, clinical records. In addition to these clinical requirements, additional state laws set forth the content and retention of other types of records kept by the professional, such as supervisory agreements with other professionals subordinate to them as well as their own unique record content requirements. With the majority of medical records moving to an electronic format, special rules now exist with regard to the confidentiality, security, retention, and disposition of electronic medical records. This is particularly important as state laws continue to allow for and regulate the provision of telemedicine by various health care practitioners. For example, while psychotherapy and mental health services are ideal treatments to offer over the internet, that is, by simultaneous audio-visual transmission between the doctor and the patient, the risks of breaches of confidentiality also vastly increase. And when the successful doctor-patient relationship is over, how does the health care practitioner providing a mental health service dispose of these electronic records? In addit

What is HIPAA ? Compliance with the Health Insurance Portability and Accountability Act (HIPAA) is a core requirement of the stakeholders involved in health information. HIPAA has prescribed standards with which to protect critical data relating to patients. Electronic Health Records (EHRs) are important documents that contain sensitive patient data, and are thus considered Protected Health Information (PHI). Since this data is accessible to a number of players involved in the field of healthcare; it extremely important to set regulatory guidelines aimed at ensuring that patient information remains protected. HIPAA compliance is essentially about staying in compliance with these guidelines. Measures needed to show compliance with HIPAA HIPAA requires a healthcare organization dealing with PHI to implement all of the following measures and comply with them: Physical measures Network measures, and Process security measures The role of HIPAA Privacy Rule and HIPAA Security Rule HIPAA has set out two important rules that pertain to compliance. These are the HIPAA Privacy Rule and the HIPAA Security Rule. While the Privacy Rule relates to how the medical information of a patient is saved, accessed and shared; the Security Rule is about how to implement national security safeguards for protecting electronic PHI, or ePHI. Who all need to be HIPAA compliant? Since the aim of HIPAA compliance is to ensure complete safety of patient data, it has requirements for every stakeholder in the EHR process. These stakeholders comprise: Covered Entities (CE): Anyone involved in the treatment, payment and operations in healthcare Business Associates (BA): Any person who has access to patient information and is involved in supporting treatment, payment or operations. These include third-party administrators and private sector vendors Those with whom BA's work, or those that are called subcontractors Hosting providers. These typically include healthcare software pro

Overview: Upon completing this course participants will leave with a preliminary preventive control implementation plan and will: * Understand US FDA final rules for the Preventive Controls for Human and Animal Foods * Define and review your current system to identify gaps in your preventive controls planning. * Be able to develop and implement a valid preventive control company food safety plan to close any gaps * Write and implement appropriate procedures. * Know your requirements for control over your supply chain * Be able to plan and implement HARPC * Be able to perform environmental monitoring * Know how cross contamination can impact your preventive control plan * Know the difference between validation and verification * Understand and be able to use statistical process controls basics * Be able to plan and implement a team approach to preventive controls * Be able to help your food importers to jump through FDA hoops * Develop a system to risk rank your suppliers * Have a plan in hand that will pass any validation check for preventive controls * Understand some of the technology and costs that can help you establish preventive controls * Prove that your system actually prevents food safety problems * Be able to document and report results to upper management, external food safety auditors and FDA auditors * Save your company money Establish simple, low cost complete data collection and reporting systems. * Establish teambuilding between food safety and quality personnel to develop and implement changes to your current system * Understand food safety, security and recall responsibilities in light of cargo theft, adulteration and temperature failures * Learn how to use your system to get some ROI and improve your marketing position * Review current and future technologies designed to improve and simplify data collection * Establish a completely documented system Why should you attend: Validation of preventive co

HIPAA Survival Guide: The HIPAA Survival Guide is a set of practical help guides that seek to make compliance with HIPAA and HITECH easy for providers. This kit is some kind of checklist on what to keep in mind and implement to survive a HIPAA audit. The HIPAA Survival Guide was created as a need to comply with the HIPAA audit requirements. It evolved as a response to simplifying the HIPAA Privacy Rule and HIPAA Security Rule without its legal complexity. In other words, the framers of this Guide have developed this concept strictly as a guide, rather than as a legally enforceable set of rules. "Forest from the trees" approach: The HIPAA Survival Guide came into being in order to help users understand HIPAA and HITECH better. The approach the developers of this Guide adapted was what was called the "forest from the trees" way, because the aim was to help users navigate and wade through the complex text. It was aimed at helping them chaff and finesse the parts that required their compliance into simple terms. HIPAA Survival Guide is thus not a strict, legislative Act that lays down rules for conformity. No wonder, it was developed by the joint efforts of a Registered Nurse and an Attorney, who wanted to facilitate a greater understanding of the legislation's audit requirements. The basis on which this Guide came into existence was the HIPAA and HITECH background. It concerns itself with only the part of HIPAA and HITECH relating to a part of Covered Entities, namely providers. This is deliberate, since the aim of this Guide is to help small providers with guidelines aimed at simplifying their task. Important steps for HIPAA survival: The fundamental goal of the HIPAA Survival Guide is to equip providers with the knowledge of what needs to be kept in order and fine-tuned if they have to meet regulatory requirements. These are the thumb rules for the HIPAA Survival Guide: Documenting the provider's privacy, security and breach policies and revie

Course "HIPAA - Putting an Organizational Compliance Program in Place" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your healthcare practice, business, or organization needs to understand how to put HIPAA compliance program in place or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive 2 day training course. Why you should attend With an increase in HIPAA enforcement and Phase 2 audits underway, many organizations need to fully understand the requirements of a compliance program. Attendees will leave the course clearly understanding of all the requirements for a comprehensive HIPAA compliance program and what steps need to be taken to mitigate risk. The seminar will include practical exercise to assist in knowing how to develop, review, and amend HIPAA policy and procedure. After completing this course, a Covered Entity or Business Associate will have a clear roadmap for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session * Why was HIPAA created? * What is HITECH and the Omnibus Rule? * Who Must Comply with HIPAA Requirements? * What are the HIPAA Security and Privacy Rules? * What is a HIPAA Compliance Program? * What is a HIPAA Risk Management Plan? * What is meant by

Course "HIPAA - Putting an Organizational Compliance Program in Place" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your healthcare practice, business, or organization needs to understand how to put HIPAA compliance program in place or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive 2 day training course. Why you should attend: With an increase in HIPAA enforcement and Phase 2 audits underway, many organizations need to fully understand the requirements of a compliance program. Attendees will leave the course clearly understanding of all the requirements for a comprehensive HIPAA compliance program and what steps need to be taken to mitigate risk. The seminar will include practical exercise to assist in knowing how to develop, review, and amend HIPAA policy and procedure. After completing this course, a Covered Entity or Business Associate will have a clear roadmap for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: · Why was HIPAA created? · What is HITECH and the Omnibus Rule? · Who Must Comply with HIPAA Requirements? · What are the HIPAA Security and Privacy Rules? · What i

Overview: In 2013, The US Department of Health and Human Services made major changes to rules implementing The Health Insurance and Portability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2003 (HITECH). Among the many areas impacted by these rules (billing, marketing, research, IT security, etc.) is fund raising. The amendments significantly modify the methods and practice that hospitals, their institutionally related foundations, and other healthcare charities may or must employ when using ANY patient or client information for fund raising. The webinar will cover how to effectively implement the fund raising regulations in a manner that increases both opportunities for philanthropic support and compliant implementation of the new mandates. The rules include specific operational requirements, some of which prohibit protocols that were required under the original HIPAA regulations. The "magic words" mandated by HIPPA-related regulations changed in multiple areas. The webinar will cover all of these areas to ensure your organization is both legally compliant and operationally effective. The types of information that may be used for fund raising changed significantly. This presents numerous substantial fund raising opportunities, as well as challenges on the use and storage of such information. Among other areas to be presented are The required method for individuals to opt-out of receiving fund raising communication The methods of informing patients and clients of their right to opt-out from receiving fund raising communication The broadly expanded types of fund raising communication subject to opt-out rights How providers, hospital, and related fund raising foundation apply an opt-out election by an individual The type of patient and client information that health charities may use for fund raising The contents of provider's Notice of Privacy Practice How clinicians can assist both their patients/clients and the

Overview: The webinar will concentrate on topics that HHS has announced will be the focus of the first round of "desk audits". They reflect significant areas of non-compliance revealed in the 2012 pilot audits and HHS HIPAA violation investigations concluded by Resolution Agreements and Corrective Action Plans. They include: HIPAA Risk Analysis Risk Management based on Risk Analysis Breach Notification Notice of Privacy Practices (for Covered Entities) Minimum Necessary Standard Access of Individuals to their PHI Authorizations Workforce Training This webinar is vital because, in focusing on preparation for a HIPAA Compliance Audit, Covered Entities and Business Associates may review, prioritize and structure their HIPAA Compliance programs. If you have HIPAA Compliance documentation ready to submit on two weeks notice to HHS you are implementing an effective HIPAA Compliance program. In addition, every Covered Entity or Business Associate may face an HHS HIPAA Compliance investigation at any time due to a complaint or a Breach. If you are "audit ready" you will be ready for an investigation - and better able to avoid complaints and prevent breaches. Why should you attend: Every Covered Entity and Business Associate is liable - without prior notice - to be audited for HIPAA Compliance by HHS You will have only 2 weeks after receiving your HIPAA Compliance Audit notification and data request to upload all requested documents to an HHS HIPAA Compliance Audit Portal The HIPAA Compliance Audit data request you receive will specify content and file organization, file names and any other document submission requirements Auditors will not contact an audited entity for clarifications or ask for additional information - it is essential that submitted documents are current, accurately reflect the entity's HIPAA Compliance program and demonstrate HIPAA Compliance Only data submitted on time will be assessed Failure to respond on time may be referred to the HHS regional

Course "HIPAA Security & Privacy Official - Roles and Responsibilities" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Being the HIPAA Security and Privacy Official involves not only ensuring you know the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your HIPAA Security and Privacy Official needs to understand what all the HIPAA requirements are or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive seminar. Why you should attend: The HIPAA Security and Privacy Official is the backbone of any organization's compliance program. Often times this role is assigned as collateral duty in smaller organizations. Regardless the size of an organization, the HIPAA Security and Privacy Official must know all the requirements for compliance. This is a critical element of the position. Attendees will leave the course clearly understanding the role and all the requirements as the designated as a HIPAA Security and Privacy Official. This seminar will cover reviews, creation, and amending policy and procedure. After completing this course, a HIPAA Security and Privacy Official will have a clear understanding for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? The Role and Responsibilities of the HIPAA Security and Privacy Official Complying with HIPAA Requirements? What are the HIPAA Security

Overview: Section 13411 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, requires Health and Human Services (HHS) to conduct periodic audits of providers and business associates to ensure their compliance with the HIPAA Security and Privacy Rule, and breach notification standards. To implement this mandate, the Office of Civil Rights (OCR) has conducted HIPAA/HITECH audit program with KPMG of 115 health care organizations to assess privacy and security compliance. This webinar will focus on the implementation and tracking of HIPAA audit best practices in a healthcare setup in order to prepare for the federal audit using published OCR audit protocols. Every audit begins with interviews, a questionnaire, and a thorough policy and procedures review. Presenter, with his decades of knowledge in the compliance, legal, auditing and security areas, will walk the attendees through the audit process, documentation requirements, and implementation specifications of the HIPAA privacy, security and breach rules. This presentation not only provides opportunity for the participants to prepare for the federal HIPAA audit but also to improve the security posture of their organizations by adopting to changing technology (mobile, social media, Health Information Exchange(HIE), cloud services, etc.) and threat landscape perspective as well. This presentation will uncover reasons why many health information breaches are occurring and help organizations better secure and comply with electronic protected health information by meeting the required and addressable HIPAA/HITECH security rules. The presenter will also share the best practices used for HIPAA security implementation and continuous risk assessment which is considered as "due diligence" by auditors for the HIPAA security compliance program. Areas Covered in the Session: Healthcare Technology Adoption/Trends Healthcare Regulatory (HIPAA/HITECH) and OCR/HHS Audit Overview Differences between