Group items tagged

Overview: The presentation takes the participant through the steps needed to ensure a successful health care computer system implementation. Once presented the participant will see the logic of the tools and processes and be able to apply them to their system implementation. The tools and processes presented in this material have been developed by implementing health care systems for over 40 years and seeing what has worked and WHY it has worked. These tools and processes have been equally and successfully applied to the implementation of large, complex systems and smaller, simpler systems for large, multidepartment organizations and for small health care organizations. The process focuses on establishing the project's implementation expectations, identifying meaningful metrics for success, establishing project plans, assigning individual accountabilities and responsibilities, establishing and executing project tasks, monitoring project progress and validating project success. To establish viable project expectations, the presentation addresses the need for bringing all of the stakeholders (organization owners, providers and management, operations staff, IT staff and the vendor) into establishing common and realizable expectations. These are reviewed in context of the organization's current environment and its short and long term goals and are considered as a critical part of the implementation completion process. In the case of turning around an already troubled or failed system implementation, the process emphasizes the tasks of reassessing the project stakeholder expectations - why they decided the system would help the organization and what they expected to get from the system. Next the process shows the participant how to convert these expectations to realistic and measurable project success metrics. The process focuses on learning how to separate "so what" metrics from meaningful and measurable metrics. In addition, the process provides direction regardin

Overview: Today's educated professionals function in a maze of different educational and training requirements, which vary from state to state and from profession to profession. Nowhere than in health care is this more evident where multidisciplinary health care practitioners work together towards a common goal for the patient. What is a profession? What areas of work require the unique professional education, training, and experience that becomes mandated by the state? What work requires professional judgment and skill so as to be regulated by the government through mandatory laws applicable to an individual person practicing his or her chosen profession? State laws are enacted for the protection of the public by legislatures in all the fifty states. A list of individual professions and their applicable statues and administrative regulations takes up entire volumes of lawbooks. These state laws impose significant regulation on these professionals, and often in very different ways found in many aspects of state regulation, from the educational process, the examination requirements, the state licensure applications, and the legal standards and rules of each unique profession. Explore how state licensure boards are created and function at the state level. While most such state agencies have common, core functions and operations, there are many differences - and some requirements that are truly the opposite from profession to profession. Review the common requirements the state imposes on the health care provider. Know the basics of professional education and licensure. Understand the difference between legally binding laws and mere codes of ethics, which are aspirational and do not form the basis for legal action. Find out how to understand and navigate the challenges presented from differing and conflicting state laws governing the many health care professions. Know where key requirements exist that are common to many professions. This program offers an obje

Elements of an efficient Healthcare computer system implementation Healthcare computer system implementation lies at the heart of a healthcare delivery information system. The processing and dissemination of information in extremely quick time is indispensable to healthcare, given the number of processes that go into the healthcare information system, and the improvement in care this can bring about. A healthcare computer system, which can be described as the ecosystem of a healthcare delivery information system, is thus a critical component, because this healthcare computer system implementation is what decides between the efficiency of a healthcare information system and lack of it. A healthcare computer system implementation should cover all the core areas that are part of a healthcare delivery information system, such as the patient, the caregiver, the medical records concerning the patient, the healthcare organization, and other aspects of administration, such as admission, billing and so on. What goes into an efficient healthcare computer system implementation? An efficient healthcare computer system implementation consists of taking into account all the major elements of a healthcare delivery information system. It should have the ability to synchronize, coordinate and integrate vital data from across departments and systems. An efficient healthcare computer system implementation should also take into account the technologies that go into them. Technologies keep changing rapidly. New ones come into being and render the old ones obsolete in no time. A healthcare computer system implementation has to take into account the nature of these changes, and should implement them in quick time. Technologies and technological tools that are doing the rounds today include the cloud, mobile technologies and the social media. So, a healthcare computer system implementation has to integrate these. In the particular context of the American healthcare system, healthca

Overview: Upon completing this course participants will leave with a preliminary preventive control implementation plan and will: * Understand US FDA final rules for the Preventive Controls for Human and Animal Foods * Define and review your current system to identify gaps in your preventive controls planning. * Be able to develop and implement a valid preventive control company food safety plan to close any gaps * Write and implement appropriate procedures. * Know your requirements for control over your supply chain * Be able to plan and implement HARPC * Be able to perform environmental monitoring * Know how cross contamination can impact your preventive control plan * Know the difference between validation and verification * Understand and be able to use statistical process controls basics * Be able to plan and implement a team approach to preventive controls * Be able to help your food importers to jump through FDA hoops * Develop a system to risk rank your suppliers * Have a plan in hand that will pass any validation check for preventive controls * Understand some of the technology and costs that can help you establish preventive controls * Prove that your system actually prevents food safety problems * Be able to document and report results to upper management, external food safety auditors and FDA auditors * Save your company money Establish simple, low cost complete data collection and reporting systems. * Establish teambuilding between food safety and quality personnel to develop and implement changes to your current system * Understand food safety, security and recall responsibilities in light of cargo theft, adulteration and temperature failures * Learn how to use your system to get some ROI and improve your marketing position * Review current and future technologies designed to improve and simplify data collection * Establish a completely documented system Why should you attend: Validation of preventive co

Quality Management in Healthcare: Quality management in healthcare is a critical requirement for healthcare organizations. Making quality management patient-centric comes first. Adapting and implementing standards and tools is the next step towards this. Quality management in healthcare is of critical importance to the healthcare industry and the patient. Everyone in the loop -from physicians to practitioners to support staff -needs to be aware of the importance of quality management in healthcare. The most basic purpose of imparting high quality management in healthcare is to make sure that the patient is well taken care of. For this to happen, the healthcare setting has to implement systems and processes. Quality management centers on process management. If organizations have to ensure that meaningful quality management in healthcare is being implemented; they have to adhere to processes. Adapting standards and instilling processes into the healthcare system is how healthcare providers can assure quality in healthcare. Patient is at the center of quality management in healthcare Obviously, the first step in the direction of implementing quality management in healthcare is to make the healthcare setting's care and processes patient-oriented and patient-centric. Quality management in healthcare begins with the patient and should be fully tuned to her needs. As patients' requirements and expectations vary over time; quality management has to keep upgrading itself to keep up with the changing needs and demands. In line with this, the following means can go a long way in ensuring quality management in healthcare: The healthcare setting has to identify goals for ensuring quality management in healthcare. Each department has to be given measurable goals to reach. Implementing quality standards goes a long way in ensuring that quality management in healthcare is imparted in the organization. Six Sigma, ISO 9001 and ANOVA are some of the popular standards a

Quality Management in Healthcare: Quality management in healthcare is a critical requirement for healthcare organizations. Making quality management patient-centric comes first. Adapting and implementing standards and tools is the next step towards this. Quality management in healthcare is of critical importance to the healthcare industry and the patient. Everyone in the loop -from physicians to practitioners to support staff -needs to be aware of the importance of quality management in healthcare. The most basic purpose of imparting high quality management in healthcare is to make sure that the patient is well taken care of. For this to happen, the healthcare setting has to implement systems and processes. Quality management centers on process management. If organizations have to ensure that meaningful quality management in healthcare is being implemented; they have to adhere to processes. Adapting standards and instilling processes into the healthcare system is how healthcare providers can assure quality in healthcare. Patient is at the center of quality management in healthcare Obviously, the first step in the direction of implementing quality management in healthcare is to make the healthcare setting's care and processes patient-oriented and patient-centric. Quality management in healthcare begins with the patient and should be fully tuned to her needs. As patients' requirements and expectations vary over time; quality management has to keep upgrading itself to keep up with the changing needs and demands. In line with this, the following means can go a long way in ensuring quality management in healthcare: The healthcare setting has to identify goals for ensuring quality management in healthcare. Each department has to be given measurable goals to reach. Implementing quality standards goes a long way in ensuring that quality management in healthcare is imparted in the organization. Six Sigma, ISO 9001 and ANOVA are some of the popular standards a

Course "Fundamentals of Statistical Process Control: Implementation and Assurance of SPC" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: This 2-day seminar provides the information you need to use one of the most powerful tools in quality, statistical process control. It will help people in design, quality, and production understand the concepts and effectively implement them. The examples and issues in the seminar come primarily from the medical device industry, but the material is applicable to any production environment. Production process must be controlled to help ensure they are stable. While there are many control methods, the most powerful and often used is statistical process control, SPC. It uses data from the process itself to detect changes - changes that could result from an unstable process. SPC helps determine if a process continues to operate the way it was set up. If not, SPC produces a signal that calls attention to the problem. One very important application is process capability analysis. With a stable process, SPC data can help determine if the process is capable of meeting the product specifications. These are often expressed as process capability indices. Continuous improvement programs can use the information generated by SPC to monitor process variation and identify its causes. These methods can reduce cost, improve product, and enhance customer satisfaction. Why should you attend: Manufacturing companies, especially medical device manufacturers, must control process. Not only is this a regulatory requirement, but is a good business practice. Without a solid understanding of SPC, you put yourself and your company at a disadvantage. On a personal basis, the material in this seminar will help improve your skills; it aligns with the ASQ Body of Knowledge for the Certified Quality Engineer, Green Belt, and Black Belt. These are areas you should master

Course "Supplier Management for Medical Device Manufacturers" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Supplier selection and management is one of the critical issues for medical device manufacturers. Suppliers provide materials and services to the device manufacturer, which means that they can be critical to performance and delivery of your device. Neither the FDA nor your notified body regulates your suppliers (with a few exceptions). They expect you to have an effective process to ensure your suppliers perform in the regulatory environment. How well do you understand the requirements for supplier management? Could you pass a regulatory audit or inspection without any issues? This course delivers the tools, templates, and methods to help participants implement an effective and efficient supplier management program. This two-day hands-on course provides a clear understanding of the underlying principles of supplier management. The course uses exercises to solidify understanding. In addition, the course uses FDA Warning Letters to illustrate the points and help you learn from others. As part of the practical implementation, the course includes receiving acceptance activities, outsourced processes, process validation at the suppliers' location, supplier auditing techniques, and supplier issues in management review. The course uses the Global Harmonization Task Force (GHTF) framework, but expands it to cover other issues and techniques important in effective implementation. Why should you attend: Since FDA regulations do not allow them to audit your suppliers unless they make finished medical devices, they require that you have sufficient control over them. But from time to time the FDA makes a reinterpretation of what this means. This happened within the last f 5 years, so if you supplier management program is older than that, you need to make major changes in you supp

Quality Management in Healthcare: Quality management in healthcare is a critical requirement for healthcare organizations. Making quality management patient-centric comes first. Adapting and implementing standards and tools is the next step towards this. Quality management in healthcare is of critical importance to the healthcare industry and the patient. Everyone in the loop -from physicians to practitioners to support staff -needs to be aware of the importance of quality management in healthcare. The most basic purpose of imparting high quality management in healthcare is to make sure that the patient is well taken care of. For this to happen, the healthcare setting has to implement systems and processes. Quality management centers on process management. If organizations have to ensure that meaningful quality management in healthcare is being implemented; they have to adhere to processes. Adapting standards and instilling processes into the healthcare system is how healthcare providers can assure quality in healthcare. Patient is at the center of quality management in healthcare: Obviously, the first step in the direction of implementing quality management in healthcare is to make the healthcare setting's care and processes patient-oriented and patient-centric. Quality management in healthcare begins with the patient and should be fully tuned to her needs. As patients' requirements and expectations vary over time; quality management has to keep upgrading itself to keep up with the changing needs and demands. In line with this, the following means can go a long way in ensuring quality management in healthcare: The healthcare setting has to identify goals for ensuring quality management in healthcare. Each department has to be given measurable goals to reach. Implementing quality standards goes a long way in ensuring that quality management in healthcare is imparted in the organization. Six Sigma, ISO 9001 and ANOVA are some of the popular standards and tools t

Overview: Section 13411 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, requires Health and Human Services (HHS) to conduct periodic audits of providers and business associates to ensure their compliance with the HIPAA Security and Privacy Rule, and breach notification standards. To implement this mandate, the Office of Civil Rights (OCR) has conducted HIPAA/HITECH audit program with KPMG of 115 health care organizations to assess privacy and security compliance. This webinar will focus on the implementation and tracking of HIPAA audit best practices in a healthcare setup in order to prepare for the federal audit using published OCR audit protocols. Every audit begins with interviews, a questionnaire, and a thorough policy and procedures review. Presenter, with his decades of knowledge in the compliance, legal, auditing and security areas, will walk the attendees through the audit process, documentation requirements, and implementation specifications of the HIPAA privacy, security and breach rules. This presentation not only provides opportunity for the participants to prepare for the federal HIPAA audit but also to improve the security posture of their organizations by adopting to changing technology (mobile, social media, Health Information Exchange(HIE), cloud services, etc.) and threat landscape perspective as well. This presentation will uncover reasons why many health information breaches are occurring and help organizations better secure and comply with electronic protected health information by meeting the required and addressable HIPAA/HITECH security rules. The presenter will also share the best practices used for HIPAA security implementation and continuous risk assessment which is considered as "due diligence" by auditors for the HIPAA security compliance program. Areas Covered in the Session: Healthcare Technology Adoption/Trends Healthcare Regulatory (HIPAA/HITECH) and OCR/HHS Audit Overview Differences between

Overview: One of the major requirements of the health care organization to be HIPAA compliant is to develop and implement a set of HIPAA privacy and security policies and procedures. This can be a daunting task for those not knowing where to start and what a set of HIPAA privacy and security policies and procedures should look like. For the cost conscious health care organization, the HIPAA policies and procedures can have multiple uses: first, they can become a basis for training the health care organization workforce; second, they can be used as a basis for conducting a HIPAA self-assessment; and third, they can be used to demonstrate due diligence should there be a breach or an externalHIPAA compliance audit. In today's world it is not necessary that the health care organization spend significant funds to develop a set of HIPAA privacy and security policies and procedures from scratch. The health care organization can likely find templates on the internet that can be used as a starting point to customize HIPAA policies and procedures to be unique for the health care organization. The preparation of a well-documented set of HIPAA policies and procedures needs to be addressed through the development of Privacy and Security policies and procedures that address each of the requirements shown in the HIPAA regulations as amended by the HITECH law and the final Omnibus Regulations. The process of developing the HIPAA privacy and security policies and procedures also provides a reference for the health care organization how to consider the security addressable and required regulation requirements. Why should you attend: There are three situations where having a set of HIPAA policies and procedures are needed: First, the policies and procedures become a good reference to ensure that all areas are addressed for becoming HIPAA compliant. Second, the HIPAA regulations REQUIRE covered entities and business associates to have a set of policies and procedures directing

Overview: In 2013, The US Department of Health and Human Services made major changes to rules implementing The Health Insurance and Portability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2003 (HITECH). Among the many areas impacted by these rules (billing, marketing, research, IT security, etc.) is fund raising. The amendments significantly modify the methods and practice that hospitals, their institutionally related foundations, and other healthcare charities may or must employ when using ANY patient or client information for fund raising. The webinar will cover how to effectively implement the fund raising regulations in a manner that increases both opportunities for philanthropic support and compliant implementation of the new mandates. The rules include specific operational requirements, some of which prohibit protocols that were required under the original HIPAA regulations. The "magic words" mandated by HIPPA-related regulations changed in multiple areas. The webinar will cover all of these areas to ensure your organization is both legally compliant and operationally effective. The types of information that may be used for fund raising changed significantly. This presents numerous substantial fund raising opportunities, as well as challenges on the use and storage of such information. Among other areas to be presented are The required method for individuals to opt-out of receiving fund raising communication The methods of informing patients and clients of their right to opt-out from receiving fund raising communication The broadly expanded types of fund raising communication subject to opt-out rights How providers, hospital, and related fund raising foundation apply an opt-out election by an individual The type of patient and client information that health charities may use for fund raising The contents of provider's Notice of Privacy Practice How clinicians can assist both their patients/clients and the

Overview: One of the major requirements of the health care organization to be HIPAA compliant is to develop and implement a set of HIPAA privacy and security policies and procedures. This can be a daunting task for those not knowing where to start and what a set of HIPAA privacy and security policies and procedures should look like. For the cost conscious health care organization, the HIPAA policies and procedures can have multiple uses: first, they can become a basis for training the health care organization workforce; second, they can be used as a basis for conducting a HIPAA self-assessment; and third, they can be used to demonstrate due diligence should there be a breach or an externalHIPAA compliance audit. In today's world it is not necessary that the health care organization spend significant funds to develop a set of HIPAA privacy and security policies and procedures from scratch. The health care organization can likely find templates on the internet that can be used as a starting point to customize HIPAA policies and procedures to be unique for the health care organization. The preparation of a well-documented set of HIPAA policies and procedures needs to be addressed through the development of Privacy and Security policies and procedures that address each of the requirements shown in the HIPAA regulations as amended by the HITECH law and the final Omnibus Regulations. The process of developing the HIPAA privacy and security policies and procedures also provides a reference for the health care organization how to consider the security addressable and required regulation requirements. Why should you attend: There are three situations where having a set of HIPAA policies and procedures are needed: First, the policies and procedures become a good reference to ensure that all areas are addressed for becoming HIPAA compliant. Second, the HIPAA regulations REQUIRE covered entities and business associates to have a set of policies and procedures directing t

Implementation of Regulatory Aspects of Clinical Research is critical One of the prime areas of clinical studies is regulatory aspects of clinical research. This applies in almost equal measure to medical research as a whole. The FDA and other regulatory bodies have spelt out a number of regulations that have to be complied with if the clinical research is to be approved. These regulatory requirements cover all aspects of clinical research. A look at some of these regulatory aspects would be instructive: FDA requirements on regulatory aspects of clinical research The FDA has an exhaustive list of regulations relating to Good Clinical Practice (GCP), the area which forms the backbone of regulatory aspects of clinical research. The FDA has a series of regulations that are aimed at bringing in discipline and process into clinical research. It implements all the laws relating to GCP passed by the American Congress. At present, there are a huge number of regulatory standards and requirements that have to be complied with by those undertaking clinical research in the US. These regulations are codified in the 21 CFR series. Notable sections of the 21 CFR series relating to regulatory aspects of clinical research include: 21 CFR Part 11 21 CFR Part 16 21 CFR Part 50 21 CFR Parts 50 and 56 21 CFR Part 54 21 CFR Part 58 21 CFR Part 312 21 CFR 312.120 21 CFR Part 314 21 CFR Part 320 21 CFR Part 511 21 CFR Part 514 21 CFR Part 601 21 CFR Part 812 21 CFR Part 814 EU requirements on regulatory aspects of clinical research In the EU, the core aspect of regulatory aspects of clinical research relates to the primary importance given to the subjects in a clinical research. For example, regulatory aspects of clinical research France are guided by the Public Health Code and Civil Code. This Code contains a list of regulatory conditions clinicians are obliged to adhere to. These regulations are to be monitored by a number of regulation enforcement bodies that the French governm

A look at disruptive practitioner behavior policies: One of the very important factors needed for a healthcare unit to maintain its decorum and uphold its reputation is the implementation of disruptive practitioner behavior policies. The declaration and implementation of disruptive practitioner behavior policies goes a long way in ensuring that the hospital or healthcare center doesn't lose face. What are disruptive practitioner behavior policies? First, an understanding of disruptive practitioner behavior policies: Disruptive practitioner behavior policies may be termed as the putting in place in a healthcare providing unit a set of policies that are aimed at checking the errant and rude behavior of its staff members towards the patients and other people that use the services rendered by these centers. Who all carry out disruptive practitioner behaviors? Anyone in the healthcare setting can behave in an unbecoming and ungainly fashion with patients or those attending on them. Some of the typical types associated with disruptive practitioner behavior include shouting at them, bullying, intimidating, scolding loudly, being aggressive towards them, gesturing lewdly to them, and so on. This kind of behavior reflects very badly on the healthcare provider. Since there is intense competition in the healthcare providing industry; it is natural for patients to look for other centers when they face this kind of behavior. It is after all human to expect to be treated nicely. If one provider doesn't do that; patients look for other providers. Losing the patient, bad though it is, is not the only loss: When this becomes public, which is all the easier given the extensive reach of the social media; the healthcare unit's name goes for a toss. The role of disruptive practitioner behavior policies It is to curb this kind of behavior that disruptive practitioner behavior policies need to be put in place. Disruptive practitioner behavior policies can go a long way in reining i

Practical steps to compliance with HIPAA Computer Policy: That the HIPAA has a clear and stringent policy on computers is absolutely understandable, because computers constitute the very soul of HIPAA. Ensuring security of patient data is one of the core causes for which HIPAA was enacted; so, it is only natural that Computer Policy should be at the center of HIPAA compliance. A HIPAA Computer Policy rule came into effect in 2005. The nub of this enactment is to ensure that there are technical, physical and administrative security procedures that must be adhered with. These are meant for Covered Entities to ensure that the data they have of patients, namely electronic Protected Health Information (PHI) is safe and secure. Understand the reason for HIPAA Computer Policy Any implementation has to start with an understanding of the rationale for the action, right? The same goes for something as important and big as implementation of HIPAA compliance into systems. HIPAA Computer Policy is in place for a specific and critical reason ���protection of patient data, loss of which can lead to hefty penalties that can affect the business very adversely. So, installing the necessary protections is the first step to protecting vital data and with it, one's own business or practice, as well. Implement a sound access policy A strong access policy is at the heart of HIPAA Computer Policy. It is in the computer systems that all the data relating to the patient are stored. So, making sure who in the organization has access to these and how and when, is very important. Not only should access be restricted to only designated and permitted personnel in the organization; there should be a system by which tracking of access is easily determined. This is to find out who accessed which record, when, what action followed, what happened as a result of this access, and so on. Keep a record of all system components This is another step to ensuring compliance with HIPAA Computer Po

Course "Verification vs. Validation - Product Process Software and QMS" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: This course will review the company Master Validation Plan for major key inputs and CGMP deficiencies. It will address the FDA's newer and tougher regulatory stance. This course's aim is to prove "Product Risk Based V&V" by sufficient, targeted and documented risk-based V&V test case elements/scripts. It will teach participants to evaluate its elements against ISO 14971 and ICH Q9 for hazard analysis and product risk management. This course will evaluate different field-tested, U.S. FDA-reviewed V&V protocols; how to employ equipment/process Requirements Specs / DQs, IQs, OQs, and PQs, or their equivalents per ASTM E2500, all against a background of limited company resources. It will review a matrix that simplifies "as-product", in-product", process and equipment, et al, software VT&V, to assure key FDA requirements are not overlooked. While considering the QMS and 21 CFR Part 11; this course will make practical application of these same in two hands-on sessions. Why you should attend: This session helps participants: * Understand Verification and Validation, differences and how they work together; * Discuss recent regulatory expectations; * Know how to document a "risk-based" rationale, and use it in a resource-constrained environment; * Determine key "milestones" and "tasks" in a project; * Locate and document key subject "inputs"; * Compile "generic" Master and Individual Validation Plans; * Learn the key element of a Product V&V File/Protocol; * Understand how to develop Process and/or Production/Test Equipment V&V Files/Protocols; * Get a grasp of basic Test Case construction; * Understand sample sizes and their justification; * Learn the key elements of Software V&V expected by the FDA and how to document; * Deal with hardwa

HIPAA Enforcement trends : Health Insurance Portability and Accountability Act (HIPAA) is a legislation of the American Congress. HIPAA enforcement consists of taking steps to confirm that rules set out in HIPAA are being complied with by the requisite entities. Primarily passed with the intention of ensuring that employees do not lose their health insurance benefits when they change or leave their current jobs; this 1996 law also has the protection and security of Protected Health Information (PHI) as one of its chief aims. The Office of Civil Rights (OCR), which enforces actions relating to HIPAA, imposes harsh penalties on healthcare organizations and Business Associates and Covered Entities that are proven to be in noncompliance of HIPAA requirements. What are HIPAA enforcement actions? The actions that the OCR takes to ensure implementation of HIPAA provisions constitute the essence of HIPAA enforcement actions. There are a good number of areas which the OCR can cite as constituting cases of HIPAA violations or noncompliance. A look at recent HIPAA enforcement actions point to a trend. These trends serve as an indicator of what to expect from HIPAA enforcement actions, which will help entities get some idea of what they should implement and what they should not and thus prevent being cited by the OCR. Security risk assessments are the foremost element of HIPAA enforcement actions: A look at recent trends suggests that HIPAA enforcement actions mainly target security risk assessments. This leads to harsh penalties, as happened in the case of New York-Presbyterian Hospital (NYP). The hefty $ 4.8 million penalty slapped in 2014 on this hospital was for data breach caused by insufficient security risk assessment. While this is the biggest sum fined; the OCR issued at least three other hospitals for putting in place inadequate security risk assessments in 2014. Risk management comes a close second: If inadequate security risk assessments come first in te

HIPAA Survival Guide: The HIPAA Survival Guide is a set of practical help guides that seek to make compliance with HIPAA and HITECH easy for providers. This kit is some kind of checklist on what to keep in mind and implement to survive a HIPAA audit. The HIPAA Survival Guide was created as a need to comply with the HIPAA audit requirements. It evolved as a response to simplifying the HIPAA Privacy Rule and HIPAA Security Rule without its legal complexity. In other words, the framers of this Guide have developed this concept strictly as a guide, rather than as a legally enforceable set of rules. "Forest from the trees" approach: The HIPAA Survival Guide came into being in order to help users understand HIPAA and HITECH better. The approach the developers of this Guide adapted was what was called the "forest from the trees" way, because the aim was to help users navigate and wade through the complex text. It was aimed at helping them chaff and finesse the parts that required their compliance into simple terms. HIPAA Survival Guide is thus not a strict, legislative Act that lays down rules for conformity. No wonder, it was developed by the joint efforts of a Registered Nurse and an Attorney, who wanted to facilitate a greater understanding of the legislation's audit requirements. The basis on which this Guide came into existence was the HIPAA and HITECH background. It concerns itself with only the part of HIPAA and HITECH relating to a part of Covered Entities, namely providers. This is deliberate, since the aim of this Guide is to help small providers with guidelines aimed at simplifying their task. Important steps for HIPAA survival: The fundamental goal of the HIPAA Survival Guide is to equip providers with the knowledge of what needs to be kept in order and fine-tuned if they have to meet regulatory requirements. These are the thumb rules for the HIPAA Survival Guide: Documenting the provider's privacy, security and breach policies and revie

Course "Key Factors to Write an Effective Standard Operating Procedure (SOP) and Work Instructions (WIs)" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Writing SOPs or procedural documents can be challenging at times. However, writing SOPs is overall a straightforward process. However, enforcing what you already created and implemented in the pipeline is another story. The term SOP is very obvious. We have seen "clearly written description of how specific tasks are to be done." Another satisfactory definition would be "detailed written instructions that achieve the uniformity of the performance of a specific function." Is the firm doing what the regulations specify? Is the firm doing what their procedures specify? If you are medical device or a pharmaceutical manufacturer, these definitions come as no surprise because when it comes to FDA regulations and guidance documents "establish" means to define, to document (in writing or electronically) and to implement. The goal and emphasis with FDA is simple. Proof of "Establish" is the foundation. Is the firm doing what the regulations specify? Is the firm doing what their procedures specify? Are the procedures being followed and enforced by company personnel? SOPs are needed in regulated industries to give step-by-step instructions for performing a particular job or task. This session will provide a step-by-step overview and a snapshot of the procedure description, the process and format. The subject matter of a SOP may range from how to operate a piece of machinery to how to log into a particular software program. SOPs ensure consistency and reliability because they require training of all affected parties. This session will address recent enforcement actions for SOP related violations but no surprise. Most of our enforcement actions are documentation related, i.e., SOP or other procedural documents. We will review examples from

Overview: This webinar will focus on the major fraud and abuse laws, including the Stark Law, the Anti-Kickback Statute, and the False Claims Act. In this webinar Mr. Wolfe will provide an overview of the health care regulatory issues related to implementing value-based physician compensation models. Why should you Attend: Given the substantial awards and settlements in recent Stark Law enforcement actions, Stark Law compliance has become more than just a compliance issue: it is an enterprise risk management issue. As medical groups, hospitals, and health systems transition to value-based physician compensation arrangements, they will need to make sure their arrangements continue to be compliant with the Stark Law. Areas Covered in the Session: Provide a general overview of the Stark Law, Anti-Kickback Statute and the False Claims Act. Explain the requirements for compliance with key regulatory exceptions and safe harbors. Compensation and valuation issues unique to the group practice model Discuss best practices when implementing value-based physician compensation models. Summarize the recent changes to the Stark Law for 2016. Who Will Benefit: In-House Counsel Health Care Compliance Officers Health Care Human Resources Health Care CFOs Health Care executives Speaker Profile Joseph Wolfe is an attorney with Hall, Render, Killian, Heath & Lyman, P.C., the largest health care focused law firm in the country. Mr. Wolfe provides advice and counsel to some of the nation's largest health systems, hospitals and medical groups on a variety of health care issues. He regularly counsels clients on a national basis regarding compliance-focused physician compensation and alignment strategies. He is a frequent speaker on issues related to the physician self-referral statute (Stark Law), hospital-physician transactions, physician compensation governance and health care valuation issues. Before attending law school at the University of Wisconsin, he served as a combat engi