Group items tagged

Overview: In this session we will discuss the HIPAA audit and enforcement programs and how they work, and discuss the areas that caused the most issues in prior audits. We will explore what kind of issues and what kind of entities had the most problems, and show where entities need to improve their compliance the most. We will also explore the typical risk issues that lead to breaches of health information and see how those issues may be a target for auditors in the new 2016 audits. We will review the contents of the HIPAA Audit Protocol used in 2012 to show what documentation needs to be on hand should your organization be selected for an audit in the new round. We will present methods for using the contents of the HIPAA Audit Protocol to build your own compliance plan by extracting and updating the contents and relating your compliance activities directly to the questions that might be asked. In this session we will discuss the HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and business associates. We will explain the enforcement regulations and the new, increased fines and new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000. We will discuss what information and documentation must be prepared in advance so that you can be ready for an audit at any time, including sample information request forms and questions asked at prior audits. The session will also cover how to know if you may become the subject of an audit or enforcement action, and what you can do to help limit your exposure. We will discuss how most enforcement actions come about and what can be done to prevent incidents that lead to enforcement activity. The HIPAA Privacy, Security, and Breach Notification regulations (and the recent changes to them) and how they will be audited will be explained. Documentation requirements for compliance will be explored and a framework of security policies necessary

Overview: One of the major requirements of the health care organization to be HIPAA compliant is to develop and implement a set of HIPAA privacy and security policies and procedures. This can be a daunting task for those not knowing where to start and what a set of HIPAA privacy and security policies and procedures should look like. For the cost conscious health care organization, the HIPAA policies and procedures can have multiple uses: first, they can become a basis for training the health care organization workforce; second, they can be used as a basis for conducting a HIPAA self-assessment; and third, they can be used to demonstrate due diligence should there be a breach or an externalHIPAA compliance audit. In today's world it is not necessary that the health care organization spend significant funds to develop a set of HIPAA privacy and security policies and procedures from scratch. The health care organization can likely find templates on the internet that can be used as a starting point to customize HIPAA policies and procedures to be unique for the health care organization. The preparation of a well-documented set of HIPAA policies and procedures needs to be addressed through the development of Privacy and Security policies and procedures that address each of the requirements shown in the HIPAA regulations as amended by the HITECH law and the final Omnibus Regulations. The process of developing the HIPAA privacy and security policies and procedures also provides a reference for the health care organization how to consider the security addressable and required regulation requirements. Why should you attend: There are three situations where having a set of HIPAA policies and procedures are needed: First, the policies and procedures become a good reference to ensure that all areas are addressed for becoming HIPAA compliant. Second, the HIPAA regulations REQUIRE covered entities and business associates to have a set of policies and procedures directing t

Clinical information: Clinical informatics is the new exciting kid on the block. With the right mix of aptitude and attitude, professionals can look forward to many opportunities and challenges in the field. An understanding of the coining of the term "clinical informatics" gives an idea of what it is. Clinical informatics is a combination of two words, "clinical" and "informatics". Together, these relate to the knowledge of how information technology works in the healthcare sector. It is very important for clinicians to understand the functioning of IT into its domain, because with the advent of IT; there has been a major need to integrate clinical practices with it. A clinician who understands the way IT impacts the workings on in her industry is a better equipped professional when it comes to handling IT-related issues in the clinical setting. A clinical informatics professional should have a clear idea of the following approaches to IT: Analysis Design Implementation Assessment of information and communication that enhance the quality of clinical informatics Single approach to multiple health areas: One important element that needs to be understood about clinical informatics is that given the scope and breadth of the area of clinical informatics; professionals from any discipline of health -be it pathology, pharmacy, dentistry, radiology, dermatology, etc. -apply the same principles of clinical informatics to optimize the use of IT in healthcare. This requires constant coordination and cooperation with professionals and practitioners of all these areas. Clinical informatics is thus an area which is interspersed with all these other specializations and can be used and applied in any of these areas. What should a clinical informatics professional ensure? The aim of clinical informatics is to use this discipline to coordinate with nearly all the areas of medicine to provide optimal outcomes in patient care that delivers and ens

Understanding Medical Identity Theft and ways of preventing it Medical Identity Theft is a common phenomenon in today's situation, where most health records are digitized. Although a lot of precaution goes into the security and protection of these records, Medical Identity Theft is a cause for worry. medicalIdentityTheft The most common types of data that are stolen are Social Security Number (SSN), name and the Medicare number, the most potent tools with which to impersonate and manipulate data. Why do crooks steal medical data? Medical Identity Theft happens mainly because hackers and mischief-makers access protected data to lay hands on confidential information about patients, using which they obtain medical care on behalf of the person/s whose records they steal or purchase expensive medicines. In many cases, a Medical Identity Theft is detected only after one gets a bill for a purchase or service that was never made. medicalIdentityTheft Medical Identity Theft is also committed to buy drugs and obtain fake bills that are then submitted to Medicare in the name of the original holder of the medical record. These acts can significantly dent a person's credit rating. More importantly, when wrong information or fictitious diagnosis is made into the medical record, it can lead to dangerous consequences. Ways of protection of medical data The Office of the Inspector General (OIG), which comes under Health and Human Services (HHS), realizing the gravity of the problem of Medical Identity Theft, has formulated the "3D" approach to protect medical data and prevent Medical Identity Theft. These are: Deter: One of the ways of protecting medical data is to prevent Medical Identity Theft. Users should be cautious about parting with information to anyone who claims, over phone, to have a new scheme whose enrolment requires the Social Security Number. Detect:Many fraudsters accost people at accessible public places to announce supposedly "new" medical schemes. Governm

Overview: Today's health care delivery occurs in a diverse, fast-changing, multidisciplinary health care environment. This often presents challenges to the health care professional that are not easy to navigate. Medical records and their confidentiality have long been the exclusive province of state law, but has now been recognized for some time in the federal HIPAA statutes and federal regulations. Differing and even conflicting sources of requirements at the state level still exist for the retention and disposition of medical records. These sources may vary based upon the specific health care practitioner - whether physicians, dentists, psychologists, or other health care providers, including mental health practitioners. As to the specific, individual health care practitioner, state laws mandate their confidentiality, retention, and even their specific content with regards to patient, clinical records. In addition to these clinical requirements, additional state laws set forth the content and retention of other types of records kept by the professional, such as supervisory agreements with other professionals subordinate to them as well as their own unique record content requirements. With the majority of medical records moving to an electronic format, special rules now exist with regard to the confidentiality, security, retention, and disposition of electronic medical records. This is particularly important as state laws continue to allow for and regulate the provision of telemedicine by various health care practitioners. For example, while psychotherapy and mental health services are ideal treatments to offer over the internet, that is, by simultaneous audio-visual transmission between the doctor and the patient, the risks of breaches of confidentiality also vastly increase. And when the successful doctor-patient relationship is over, how does the health care practitioner providing a mental health service dispose of these electronic records? In addition to

Overview: Discussions, presentation, and webinars regarding HIPAA regulations are usually addressed from the perspective of what the regulations entail, the necessity of compliance with the regulations, and the consequences of willful neglect or non-compliance. This presentation addresses HIPAA regulations from a different perspective - from a personal perspective - from the perspective of the person in charge of moving an organization or facility toward full compliance with HIPAA. The by-product of this presentation will be both an understanding of, and a detailed job description for, a position mandated in the regulations - the HIPAA Security/Privacy Officer. Why should you attend: The HIPAA regulations are numerous, complicated, often vague, and affect every person working in a healthcare facility. Compliance with HIPAA will require a unique individual to lead the charge - an individual whose education, background, experience, and demonstrated skill sets offer the opportunity for that person to succeed in achieving the goals of that position. This is a new position to most healthcare facilities. So understanding who this person should be, what is required of the person with this job title, and with whom this person will interface is vital to every healthcare organization with the goal of achieving full compliance with HIPAA. Areas Covered in the Session: Position goals Position requirements (education, experience, skill sets, etc.) Position responsibilities Stay abreast of regulations Initiate compliance with HIPAA (according to regulations) Ensure continuous progress toward full compliance Develop appropriate security/privacy policies & procedures Oversee and deliver appropriate training programs to all employees Track compliance with HIPAA regulations at the facility & individual levels Track access to PHI Investigate and resolve HIPAA violations Apply sanctions to HIPAA violators Manage any information security personnel Prepare a department

Overview: As the healthcare industry moves toward a value based reimbursement model rather than fee for service, it is crucial that the provider and ancillary staff understand how ineffective reporting can lead to dollars lost. We will review the 3 critical areas that require skilled management. Understand that patients are more educated about their healthcare and are increasingly responsible for more out of pocket costs. High dollar deductibles may result in self pay realities and bad debt increases. Learn areas that increase your chances for an audit. Are you ready for the challenge? Why should you Attend: Revenue is dependent upon proficiency in multiple areas. In today's environment, it is risky to maintain the status quo and increasingly important to obtain and maintain skilled business staff. The granularity of the ICD-10 code set requires understanding of the official coding conventions and guidelines, the ability to apply those guidelines, and the ability to recognize when reporting may lead to revenue delay, reduction or loss. Additionally, other factors affect your revenue stream. This includes patients with high deductible plans, collection of much more than a small co-pay, and staff understanding of regulations that govern telephone collection activity. Don't leave money on the table or invite an audit into your practice. Audits are often the result of weak billing and coding skills. This program will review several areas that will cost you money if poorly handled. Areas Covered in the Session: Required specificity in coding Documentation necessary for ICD-10 reporting Why coders must frequently query for clarification How ambiguous diagnosis reporting affects you r bottom line Internal collections versus outsourcing. What should you consider Staff effective in handling problem claims? Developing appeals? Who Will Benefit: Coders Billers Revenue cycle Physicians Mid-level providers Nurses Claims follow-up Managers Managers Speaker Profil

Overview: The webinar will concentrate on topics that HHS has announced will be the focus of the first round of "desk audits". They reflect significant areas of non-compliance revealed in the 2012 pilot audits and HHS HIPAA violation investigations concluded by Resolution Agreements and Corrective Action Plans. They include: HIPAA Risk Analysis Risk Management based on Risk Analysis Breach Notification Notice of Privacy Practices (for Covered Entities) Minimum Necessary Standard Access of Individuals to their PHI Authorizations Workforce Training This webinar is vital because, in focusing on preparation for a HIPAA Compliance Audit, Covered Entities and Business Associates may review, prioritize and structure their HIPAA Compliance programs. If you have HIPAA Compliance documentation ready to submit on two weeks notice to HHS you are implementing an effective HIPAA Compliance program. In addition, every Covered Entity or Business Associate may face an HHS HIPAA Compliance investigation at any time due to a complaint or a Breach. If you are "audit ready" you will be ready for an investigation - and better able to avoid complaints and prevent breaches. Why should you attend: Every Covered Entity and Business Associate is liable - without prior notice - to be audited for HIPAA Compliance by HHS You will have only 2 weeks after receiving your HIPAA Compliance Audit notification and data request to upload all requested documents to an HHS HIPAA Compliance Audit Portal The HIPAA Compliance Audit data request you receive will specify content and file organization, file names and any other document submission requirements Auditors will not contact an audited entity for clarifications or ask for additional information - it is essential that submitted documents are current, accurately reflect the entity's HIPAA Compliance program and demonstrate HIPAA Compliance Only data submitted on time will be assessed Failure to respond on time may be referred to the HHS regional

Overview: This presentation will introduce the participants to changing role of the panoramic x-ray machine in dental offices today. Its expanding role in extra oral exposures and enhanced diagnostic capabilities is forever changing the path of dental x-ray imaging. Digital radiography is rapidly improving in diagnostic quality and loweringthe radiation exposure with ultra-low dose technology. We can have extra oral 2D bite wings and periapical x-rays with less radiation and greater diagnostic capability than traditional intraoral x-rays. The time has come that all dentists should have access to 3D-Cone Beam Computer Tomography. It is rapidly becoming the standard of care. Why should you Attend: Digital radiography is rapidly changing in today's dental offices. The new technology is revolutionizing patient flow and improving diagnosis. Dr. Jesek is at the forefront of this technology, using both 2D and 3D radiography. Seminar attendees will get easy to understand approach, which enables deep learning and provides tools they can use when they get back to the office Monday morning. Areas Covered in the Session: CBCT can be used to in areas of general dentistry to improve patient acceptance and quality of treatment outcomes. General and Restorative Dentistry Oral Surgery Implant Dentistry Endodontics Periodontics Orthodontics Sleep Apnea/Air way Who Will Benefit: Dentists Hygienists Assistants Speaker Profile : Dr. Warren Jesek graduated from Millikin University with a B.A. in biology and chemistry. After, he completed graduate work studies in anatomy at the University of Nebraska before attending Loyola University Dental School where he received his dental degree in 1979. He has maintained a private general practice in Decatur, Illinois since 1979. Unique to the area, his practice houses a crown and bridge laboratory with three technicians focusing on CAD/CAM milling technology to produce metal-free inlays, crowns and bridges. Dr. Jesek continued his training

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analys

Overview: The primary goal of this session is to demonstrate why the health care organization needs to perform a risk assessment and how to perform the risk assessment. This includes a description of the types of breaches of protected health information that have already occurred and the reasons those breaches happened. The presentation then provides that reasons that a risk assessment is required in a health care organization and who needs to perform the assessment. There are a number of approaches available both for purchase on the web and performed by professionals on site. This discussion helps the participant determine which approach is best for their health care organization and what portions of the assessment are most important to the organization. The topic addresses the key components of a risk assessment and how to perform the risk assessment. This includes how to define the specific risks, how to know, how to assess the likelihood and impact of the risk and the final determination on the level of severity of the risk for the organization. Finally, the session explains how to interpret the results of the risk assessment, how to use the results of the risk assessment for preparing the health care organization's policies and procedures and how to conduct the HIPAA training for its staff. Why should you attend: In addition to the negative publicity and potential fines, a breach of a patient's health information often leads to litigation which is also time consuming and costly. The way to avoid these situations is to perform a Risk Assessment to understand where the health care organization is risk of an unauthorized breach and provide a basis for becoming HIPAA compliant. There are three reasons why a Risk Assessment is necessary: First, both the HIPAA Privacy and Security Regulations require a Risk Assessment for the organization to be HIPAA compliant Second, as a result of the Risk Assessment the organization knows where it needs to address its effo

Overview: Participants will learn how to conduct an investigation of allegations of patient privacy violations using a privacy "risk analysis" tool and steps that should be taken when a breach has been determined. Why should you Attend: You must conduct a prompt and thorough investigation of all allegations of privacy violations. A violation of a patient's privacy may result in monetary penalties, harm to your reputation and especially harm to a patient. You need to make certain your organization has the expertise to conduct a thorough privacy investigation, analyze the results and take all necessary action to mitigate and report violations when required. Areas Covered in the Session: Best practices for conducting a privacy investigation Use of the risk analysis tool Interpretation of your results Reporting requirements if necessary Recommendations of continued privacy monitoring Workforce training Who Will Benefit: Healthcare providers Compliance and Internal Audit professionals or office staff responsible for ensuring patient privacy Healthcare Administrators Business Associates and all HIPAA Covered Entities Speaker Profile : Gail Madison Brown is a registered nurse and an attorney with over 25 years of experience in health care. For the last 15 years she has focused on health care compliance and revenue cycle management operations. Gail's experience ranges from starting new compliance programs and making improvements to existing programs for physician practices to large health care organizations. Gail also has provided numerous lectures to healthcare providers, executives and professional colleagues. Gail Madison Brown will develop, implement, and oversee processes, systems, educational programs, and other activities necessary to support and grow clinical trials activities at the UT Health Science Center. The Chief Clinical Trails Officer (CCTO) provides overall strategic leadership in this area including planning, goal setting, and monitoring organ

Setting up a compliance program in healthcare: Organizations that set up a compliance program in healthcare should go by many voluntary regulations from the OIG, apart from those mandated by HIPAA. Setting up a compliance program in healthcare is about being compliant with standards. This entails having to be compliant with several standards, which cover a wide variety of areas. There are several voluntary and mandatory guidelines from the Office of the Inspector General (OIG), apart from standards from HIPAA. Setting up a compliance program in healthcare meeting HIPAA requirements is set out and mandated by the Patient Protection and Affordable Care Act (PPACA). Guidelines from the Office of the Inspector General (OIG) The series of compliance program guidance documents from the OIG are largely voluntary, and are meant for the different sections of the health care industry. These include Hospitals Nursing homes Third-party billers, and Durable medical equipment suppliers. These guidelines are issued with the intention of motivating healthcare units to develop and use their own internal controls aimed at helping them adhere to regulations, program requirements and statutes. The OIG issues documents, which act as guidelines for setting up a compliance program in healthcare by providing principles. These need to be adapted when healthcare organizations have to develop their own compliance program that is in tune with their best interests and needs. Another major aim is served in the implementation of these guidelines for setting up a compliance program in healthcare: They help healthcare units to understand the nature of fraud and other risks associated with abuse, when they are setting up a compliance program for their healthcare unit. HIPAA requirements Setting up a compliance program in healthcare while being compliant with HIPAA regulationsrequires a healthcare organization to put in place measures that ensure that health records must: Be confident

Healthcare Rehabilitation is a vast field: The field of healthcare rehabilitation is very vast and expansive. In traditional societies, most commonly relatable to the Orient and Africa, there is the ages-old cultural belief that it is the duty of children to take care of their parents when they age. On the contrary, for us in the west, healthcare rehabilitation has emerged as a specialized branch of healthcare because of the emphasis our society places on independence of the individual. Healthcare rehabilitation is a product of social mores: Younger generations of people are not expected to spend entire years, as may be the case in some families, to look after people of their previous generations who may be in need of medical care. It is on this outlook towards life of our society that healthcare rehabilitation has come into being. However, it is also possible that younger people could also be in need of healthcare rehabilitation. Even such people are put in the care of healthcare providers which offer these services. The divisions of healthcare rehabilitation: Branching out as a fully developed field of healthcare, healthcare rehabilitation has many specializations. These are broadly the areas in which healthcare rehabilitation is offered: General rehabilitation: General rehabilitation of some or another kind is a primary aspect of healthcare rehabilitation. Those in need of this kind of care typically include patients who have lost their ability to carry out day-to-day tasks such as talking, walking, brushing, eating, etc. many a time, depending on the nature of the ailment, rehabilitation could include therapies, exercises and other activities aimed at bringing in some element of mobility in the patient. This kind of healthcare rehabilitation could also include taking care to revive the patient's memory, when patients with diseases like Alzheimer's or Parkinson's are admitted for healthcare rehabilitation. Skilled nursing: An area in which a skilled and

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analy

HIPAA Enforcement trends : Health Insurance Portability and Accountability Act (HIPAA) is a legislation of the American Congress. HIPAA enforcement consists of taking steps to confirm that rules set out in HIPAA are being complied with by the requisite entities. Primarily passed with the intention of ensuring that employees do not lose their health insurance benefits when they change or leave their current jobs; this 1996 law also has the protection and security of Protected Health Information (PHI) as one of its chief aims. The Office of Civil Rights (OCR), which enforces actions relating to HIPAA, imposes harsh penalties on healthcare organizations and Business Associates and Covered Entities that are proven to be in noncompliance of HIPAA requirements. What are HIPAA enforcement actions? The actions that the OCR takes to ensure implementation of HIPAA provisions constitute the essence of HIPAA enforcement actions. There are a good number of areas which the OCR can cite as constituting cases of HIPAA violations or noncompliance. A look at recent HIPAA enforcement actions point to a trend. These trends serve as an indicator of what to expect from HIPAA enforcement actions, which will help entities get some idea of what they should implement and what they should not and thus prevent being cited by the OCR. Security risk assessments are the foremost element of HIPAA enforcement actions: A look at recent trends suggests that HIPAA enforcement actions mainly target security risk assessments. This leads to harsh penalties, as happened in the case of New York-Presbyterian Hospital (NYP). The hefty $ 4.8 million penalty slapped in 2014 on this hospital was for data breach caused by insufficient security risk assessment. While this is the biggest sum fined; the OCR issued at least three other hospitals for putting in place inadequate security risk assessments in 2014. Risk management comes a close second: If inadequate security risk assessments come first in te

Overview: This webinar will explain the details of how to report and what to report on the OSHA Injury and Illness report. It will include an explanation of how to determine if an injury is work related, if an injury is new or ongoing, and what the differences are between first aid and medical treatment. A specific list of what constitutes injuries, illnesses and first aid treatment will be provided, along with practical examples of how to determine if an injury should be reported. In addition, examples of the forms used to report injuries, as well as annual summaries will be presented. Why should you attend: OSHA Injury and Illness Record keeping provides a window for regulators to see into your business to determine if the work environment is safe or if there are problems. Correct reporting of injury and illness data and a clear understanding of what to report and how to report it is a key necessity to avoid potential inspections and fines. Areas Covered in the Session: Injury and Illness reporting Determination of workplace relatedness Differences between first aid and medical treatment Determination of case as new or ongoing How to count total lost days Advantages that a company can provide to reduce risks of inspections and fines Who Will Benefit: Safety Personnel HR Personnel Managers Executives Speaker Profile Kenneth S. Weinberg is an independent consultant in environmental health and safety. Dr. Weinberg has consulted for several companies in the areas of OSHA Injury and Illness reporting, as well as auditing for OSHA inspections. He has worked as the Director of Safety at Mass. General Hospital in Boston for almost twelve years, and has written several books on the topics of health care safety, OSHA, and Indoor Air Quality. He has also written several articles for prominent national safety publications, and serves on the editorial advisory boards for safety publications. He Also has been Administrator of the Health Care Divisio0n of the American Socie

Overview: Essentially, covering in 90 minutes the basics of E everything that applies to your clinical work. We will give you the questions to ask your IT people, because you should not implicitly trust them, because the law will hold you accountable more than them. We will first cover the general principles of electronic compliances as laid forth in HIPAA. We will then discuss how this applies to your desktop/laptop/iPads and smart devices, other electronic equipment such as routers and modems. We also cover the use of email, secure mail and your EHR/EMR. We will discuss the pros and cons of using the cloud for your data storage and EHR/EMR, i.e. knowing what a HIPAA compliant data center looks like. Principles in the use of encryption and passwords and other security principles will also be covered. Why should you Attend: Unless you are 100% sure you've thought through every angle of your patient's electronic PHI and you sleep like a baby never concerned about this then you need to attend. If you have any questions about the details of what electronic compliance looks like and how it's applied in day-to-day clinical and business activities, interactions with vendors, EHR/EMR, your relationship with your ISP and IT providers, use of all electronic devices, then this workshop is for you. It also gives you principles to apply in new situations which are likely to arise frequently. If you wrote the book on this it would be out of date in 24 hours, so what's important is to learn how to think about these things and use your resources to stay ahead of the game. If you are confident you have the basics covered on every item listed below then this seminar is not for you. Areas Covered in the Session: HIPAA electronic compliance Secure use of EHR/EMR Email and secure mail use Encryption and password security principles Interfacing with the public Interfacing with vendors such as ISPs and other telecommunication companies Backups Cloud use How to know your data center

Course "Internal Auditing for the Medical Device Industry" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: This course provides an overview of internal auditing requirements and techniques for medical device companies as a method for risk management and quality improvement. The course will cover auditing requirements, audit planning, preparation, knowledge, auditor skills, interviews, documents and records review, objective evidence, audit report writing and corrective action. Why should you attend: Attendees should attend this seminar for risk management and improvement purposes to identify weaknesses, problems, compliance risks, and improvement opportunities. Who Will Benefit: * Quality Manager * Quality Associate * Quality Engineer * Quality Technician * Regulatory Associate Agenda: Day One Lecture 1: Overview of an auditing program, principles of quality management systems and how they related to auditing, benefits of auditing, and what is auditing. Lecture 2: Types of audits, auditor qualifications, ethics, responsibilities, audit phases, audit planning, and scheduling. Lecture 3: Conducting audits, interview techniques, objective evidence, data collection, tracing, use of checklists, and reviewing documents and records. Lecture 4: Conducting process audits, running closing meetings, audit report writing, corrective actions, and improvement Day Two Lecture 1: Overview to auditing to ISO 13485 and FDA QSR. Global differences which affect auditing approaches, auditing document control and record keeping, management responsibility, and resource management. Lecture 2: Auditing order handling, design control, purchasing, and supplier controls. Lecture 3: Auditing production, validation, and preservation. inspection and testing, control of test equipment, customer property, and sterilization Lecture 4: Auditing customer feedback, internal auditing programs, complaint