Group items tagged

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analys

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analy

Basics of the Anti-Kickback Statute : The Anti-Kickback Statute is aimed at curbing abuse and fraud in the Medicare and Medicaid systems by professionals who offer services and benefit in direct or indirect ways. In order to protect Medicare and Medicaid patients, as well as federal health care programs from abuse and fraud; the Anti-Kickback Statute was enacted. The core act that the Anti-Kickback Statute considered as fraud and abuse is the unlawful acceptance or diversion of money into influencing medical decision-making. The Anti-Kickback Statute is very clear on this. It states that anyone in the healthcare industry, who consciously and deliberately accepts a fee or remuneration of any kind or offers the same with the intention of manipulating the course of a medical decision-making, is liable to punishment. What acts attract penalties? Acts of various kinds attract penalties under the Anti-Kickback Statute. Some of these include: Carrying out advertising or marketing activities for promoting the brand of health care providers Participating in affiliate programs or pay per click commissions Working out promotion agreements with multiple companies Taking part in sponsorships Working out strategic alliances with healthcare providers Licensing content or technology Selling a healthcare provider's brands of products or services Taking a cut in the advertising revenue The nature of penalties under the Anti-Kickback Statute The Anti-Kickback Statute states major penalties for acts it prohibits. The Anti-Kickback Statute prescribes these major penalties: Up to five years in prison This has the potential to attract additional monetary fines of up to $25,000 Administrative civil money penalties that can go up to $50,000 In addition, the Office of Inspector General (OIG) could initiate administrative proceedings and take steps aimed at prohibiting anyone convicted of an Anti-Kickback violation from participating in State and federal programs. The OIG could also impose

Overview: New changes modifying the HIPAA Privacy and Security Regulations are going into place to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009. The changes include establishing new rights for individuals as well as changes to the limitations on uses and disclosures. New requirements for patient access to records and requirements to notify individuals in the event of a breach are only two of the many areas affected in the new law, including new requirements for restriction and accounting of disclosures and increased enforcement activity. Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates and their subcontractors will need to establish compliance programs. And if you are required to have a HIPAA Notice of Privacy Practices, you will need to update that to show all the new rights that patients will have, such as electronic copies, new rights to restrict disclosures, and much more. Business associates are now directly covered by the HIPAA privacy and security regulations and are liable for fines and penalties if they do not comply. If a business associate supplies services that interact with the new changes to the rules, the BA will need to be aware of the new requirements. We will explain what a Business Associate needs to do differently under the new regulations. Electronic records have new demands placed on them, in both providing access and in accounting for all disclosures of health information - the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be tracked in an EHR and review the various ways patient records can be supplied electronically. The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be chang

Overview: In this session we will discuss the HIPAA audit and enforcement programs and how they work, and discuss the areas that caused the most issues in prior audits. We will explore what kind of issues and what kind of entities had the most problems, and show where entities need to improve their compliance the most. We will also explore the typical risk issues that lead to breaches of health information and see how those issues may be a target for auditors in the new 2016 audits. We will review the contents of the HIPAA Audit Protocol used in 2012 to show what documentation needs to be on hand should your organization be selected for an audit in the new round. We will present methods for using the contents of the HIPAA Audit Protocol to build your own compliance plan by extracting and updating the contents and relating your compliance activities directly to the questions that might be asked. In this session we will discuss the HIPAA audit and enforcement regulations and processes, and how they apply to HIPAA covered entities and business associates. We will explain the enforcement regulations and the new, increased fines and new penalty levels, including new penalties for willful neglect of compliance that begin at $10,000. We will discuss what information and documentation must be prepared in advance so that you can be ready for an audit at any time, including sample information request forms and questions asked at prior audits. The session will also cover how to know if you may become the subject of an audit or enforcement action, and what you can do to help limit your exposure. We will discuss how most enforcement actions come about and what can be done to prevent incidents that lead to enforcement activity. The HIPAA Privacy, Security, and Breach Notification regulations (and the recent changes to them) and how they will be audited will be explained. Documentation requirements for compliance will be explored and a framework of security policies necessary

Health Insurance Market Reforms under Obamacare: The Patient Protection and Affordable Act (PPACA), or Obamacare, sets out a number of provisions for health insurance market reforms. Having been set in motion in March 2010; the PPACA sets out health insurance market reforms that are being implemented in stages from dates commencing generally from January 1, 2014. PPACA's health insurance market reforms are aimed at health insurance standards and group health plans. These reforms set out dates for the implementation of these reforms. They also prescribe penalties for noncompliance with these reforms. What kinds of market reforms are needed? The health insurance market reforms suggested by PPACA are almost singularly for group health plans. A group health plan is defined as one in which the employer makes a contribution into expenses accruing from the employee's health insurance plans. When an employer chooses to bring an employee's health plan under her coverage; the employer has to mandatorily comply with the provisions of the health insurance market reforms. Areas of the health insurance market reforms: These are the essential areas in which the health insurance market reforms are to be applied: Removal of lifetime and annual limits on essential health benefits: One of the primary provisions of the health insurance market reforms under PPACA is that it prohibits both lifetime and annual limits on essential health benefits, which were allowed some dollar limits prior to enactment of Obamacare. Preventive health services: An area of preventive health services that has undergone an amendment under the health insurance market reforms is that of no-cost sharing. Accordingly, employer plans are to offer preventive health services without requiring the employee to share the burden for this part of the plan. The three-month waiting period: The health insurance market reforms don't require a waiting period of over 90 days. A waiting period is the period that has

Overview: Learn how to improve your healthcare compliance program by using requirements found in corporate integrity agreements (CIAs) issued by the OIG. By proactively incorporating various features of CIAs, healthcare providers of all types can be better assured of meeting compliance standards. While there are many different types of healthcare compliance issues, probably the area of most concern is that of properly filing claims and receiving appropriate reimbursement. The OIG has issued various types of guidance including Federal Register entries, fraud alerts, and issues as listed in the OIG Work Plans. By providing such guidance, the OIG has given healthcare providers notice so that there can be no defense of not knowing about an issue. By organizing your compliance program to detect and then correcting various types of issues is a major objective of having a compliance program. Understanding systematic processes for improving your healthcare compliance program using CIA requirements can forestall possible criminal and civil monetary penalties. The hundreds of CIAs that have been developed when the OIG detects fraudulent activities can be used as a guide for developing and improving healthcare compliance programs for all types of healthcare providers. The process of statistical extrapolation is used by the OIG when conducting studies in order to determine recoupment amounts. Statistical extrapolation can also be used by healthcare providers when determining possible overpayments. However, the proper use of statistical extrapolation is a formal and complex mathematical process that must be properly applied. The OIG CIAs provide another resource for healthcare providers to study, understand, and then apply as appropriate. Why should you Attend: What are the OIG Corporate Integrity Agreements (CIAs)? Why does the OIG issue CIAs? Can I use general requirements from CIA to avoid monetary penalties or even avoid going to jail? Can any healthcare provider use

HIPAA Enforcement trends : Health Insurance Portability and Accountability Act (HIPAA) is a legislation of the American Congress. HIPAA enforcement consists of taking steps to confirm that rules set out in HIPAA are being complied with by the requisite entities. Primarily passed with the intention of ensuring that employees do not lose their health insurance benefits when they change or leave their current jobs; this 1996 law also has the protection and security of Protected Health Information (PHI) as one of its chief aims. The Office of Civil Rights (OCR), which enforces actions relating to HIPAA, imposes harsh penalties on healthcare organizations and Business Associates and Covered Entities that are proven to be in noncompliance of HIPAA requirements. What are HIPAA enforcement actions? The actions that the OCR takes to ensure implementation of HIPAA provisions constitute the essence of HIPAA enforcement actions. There are a good number of areas which the OCR can cite as constituting cases of HIPAA violations or noncompliance. A look at recent HIPAA enforcement actions point to a trend. These trends serve as an indicator of what to expect from HIPAA enforcement actions, which will help entities get some idea of what they should implement and what they should not and thus prevent being cited by the OCR. Security risk assessments are the foremost element of HIPAA enforcement actions: A look at recent trends suggests that HIPAA enforcement actions mainly target security risk assessments. This leads to harsh penalties, as happened in the case of New York-Presbyterian Hospital (NYP). The hefty $ 4.8 million penalty slapped in 2014 on this hospital was for data breach caused by insufficient security risk assessment. While this is the biggest sum fined; the OCR issued at least three other hospitals for putting in place inadequate security risk assessments in 2014. Risk management comes a close second: If inadequate security risk assessments come first in te

The federal Health Insurance Portability and Accountability Act (HIPAA) was legislated in 1996 with the primary aim of ensuring that employees who are in the process of changing or leaving their jobs do not lose their health insurance benefits. Additionally, HIPAA sought to bring down health care fraud and abuse by mandating pan-industry standards for the protection of health care information and automated billing and other related processes, and for ensuring the security of Protected Health Information (PHI). What is a HIPAA Security Audit? A HIPAA Security Audit is a program under the HIPAA Privacy, Security, and Breach Notification Audit Program of the Office of Civil Rights (OCR). A HIPAA Security Audit is carried out to make sure that the policies, processes and controls on the part of Covered Entities comply with the provisions of the HITECH Act of 2009. Adherence to the requirements laid out by HITECH is mandatory. Given the high degree of continued use of new technologies that go into and will continue to go into electronic records of patients and the criticality of the data contained in them; the US Department of Health and Human Services (HHS) recognizes that there could be chances of data breach of Protected Health Information. It is to prevent the occurrence of these breaches that a HIPAA Security Audit is mandated by the HITECH Act. Reporting of data breaches is mandatory The foremost highlight of the HITECH Act is the requirement that Entities covered by HIPAA report data breaches that affect 500 or more employees to the HHS. The OCR lays out an Audit Protocol, with whose policies, protocols and processes a facility has to comply if it is said to be compliant with the HIPAA Security Audit. Why is it necessary to carry out a HIPAA/HITECH Security Audit? Compliance with HIPAA Security Audit is necessary to demonstrate that a practice or business is well protected. The most important reason for which such entities need to be HIPAA/HITECH Security

Dealing with Medicare and Medicaid Overpayments : Medicare and Medicaid overpayments are pretty common. If they are not dealt with properly, they invite penalties. Medicare and Medicaid Overpayments happen when a person, provider or supplier receives a payment that is in excess of the amount due to him or her under Medicare statutes and regulations. This overpayment becomes a federal debt that is owed by the individual to the State. So, Centers for Medicare and Medicaid Services (CMS) is required by federal law to recover this amount. Overpayments routinely occur in Medicare and Medicaid. Many a time, these are unintended and are usually a result of oversight, but could also happen due to intent. Some of the most common reasons for which Medicare and Medicaid overpayments occur can be when: Duplicate submissions of the same service or claim are made Excessive or non-covered services are billed or furnished for billing Services that are not necessary medically or are excluded are paid for The wrong payee gets paid. How are Medicare and Medicaid overpayments processed? Obamacare has amended the federal False Claims Act (FCA), which is part of the Fraud Enforcement Recovery Act of 2009 (FERA), to add provisions relating to recovery of Medicare and Medicaid overpayments. This is how the process of Medicare and Medicaid overpayments works: Whenever Medicare comes to know that any overpayment of $10 (raised to $25 from July 2014) or more is made, it directs the Medicare Administrative Contractor (MAC) to initiate the process of recovery of this overpayment. The MAC starts the process by initially mailing a demand letter in which repayment is requested If no action is taken, a second and third demand letters are mailed in a month following the first one. Contents of a demand mail from Medicare/Medicaid: The demand letter sent by the MAC will explain the details of the Medicare and/or overpayment. When repayment is not made in full within 30 days, interest starts get

Overview: This webinar will cover the changes to the PQRS program in 2016 and will provide tips and strategies to help you select the best measures and reporting approach for your practice. Why should you Attend: Your future Medicare payments are at risk. Failing to report quality measures to CMS for Calendar Year 2016 will result in a reduction of up to 6% in your 2018 Medicare payments. The PQRS program carries a potential 2% penalty for each provider who does not report quality measures to CMS - physicians, mid-level providers, therapists, psychologists, social workers, even dieticians. In addition, if your practice has physicians and mid-levels, at least half the physicians must meet the PQRS requirements or the group will face an additional 2-4% penalty from the Value Based Modifier program. Areas Covered in the Session: Understand the difference between a reporting rate and a performance rate? Get access to useful tools to help you identify measures applicable to your specialty. Learn how to choose among the various reporting approaches - what are the pros and cons of each. Understand how CMS will evaluate your submission if you report less than 9 measures. Who Will Benefit: Practice Administrators All providers who bill to Medicare including Physicians (All specialties), Podiatrists, Physician Assistants, Nurse Practitioners, Psychologists, LCSW, Physical and Occupational Therapists, Speech/Language Pathologists, etc. Quality Officers Nurse leaders Finance Directors Speaker Profile Jeanne J. Chamberlin Jeanne Chamberlin is currently a Practice Management Consultant with MSOC Health. During her 30 years in the healthcare industry, Jeanne has worked in independent medical practices, health systems, state government, and software development. She holds a Masters Degree in Public Policy from Duke University and is a fellow in the American College of Medical Practice Executives. She has been a leader in both state and local MGMA chapters. As practice ad

Avoid up to 9% penalty and earn up to 5% incentives with successful MIPS data submission. P3Care, being one of the leading MIPS Qualified Registries, is your partner to decode high points.

Penalties and consequences of DUI (driving under the influence of alcohol or drugs) in Florida state include fines, loss of licenses, vehicular immobilization, increase rate of insurance fees, community service, and even jail time…

Course "HIPAA Security & Privacy Official - Roles and Responsibilities" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Being the HIPAA Security and Privacy Official involves not only ensuring you know the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your HIPAA Security and Privacy Official needs to understand what all the HIPAA requirements are or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive seminar. Why you should attend: The HIPAA Security and Privacy Official is the backbone of any organization's compliance program. Often times this role is assigned as collateral duty in smaller organizations. Regardless the size of an organization, the HIPAA Security and Privacy Official must know all the requirements for compliance. This is a critical element of the position. Attendees will leave the course clearly understanding the role and all the requirements as the designated as a HIPAA Security and Privacy Official. This seminar will cover reviews, creation, and amending policy and procedure. After completing this course, a HIPAA Security and Privacy Official will have a clear understanding for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? The Role and Responsibilities of the HIPAA Security and Privacy Official Complying with HIPAA Requirements? What are the HIPAA Security

Course "Tougher Import Rules for FDA Imports in 2016" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: FDA's and the Customs and Border Patrol Service (CBP) have become increasingly sophisticated and equally demanding in the submission of information and adherence to government procedures. Firm's that fail to understand and properly execute an import and export program find that their shipment is delayed, detained or refused. In 2016 entries must use the Automated Commercial Environment (ACE) entry filing system or face entry refusals and monetary penalties up to $10,000 per offense. A number of other factors can derail the expectation of a seamless import process. The course covers detailed information about the roles and responsibilities of the various parties with an import operation and how to correct the weakest link(s) in the commercial chain. The course will include tips on how to understand FDA's thinking and offer anecdotal examples of FDA's import program curiosities. Why should you attend: What happens when your product is detained? FDA will begin a legal process that can become an expensive business debacle. You must respond fully within short timeframes. This is not the time for you to be on a learning curve. You need to have a plan in place and know what you are doing. The FDA is steadily increasing the legal and prior notice information requirements. If you do not know what those requirements are and you initiate a shipment, your product is figuratively dead in the water. You must be accurate with the import coding information and understand the automated and human review process. If not, you can expect detained shipments. CBP is implemented a new "Automated Commercial Environment" computer program that changes import logistics and information reporting for FDA regulated products. Your shipment may be stopped before it is even loaded at the foreign port. What

In this session Mr. Wolfe will provide an overview of the Stark Law and its 2016 changes. He will also discuss best practices for implementing and auditing physician compensation arrangements to minimize liability exposure and penalties, including conducting compliance audits, instituting policies, and establishing ongoing monitoring and review processes.

Overview: This lesson is going to get back to the basics using multiple real life scenarios and "what if's". My goal is to make this very confusing and not well explained law easy to understand for the typical staff member. I will uncover myths versus reality as it relates to this enigmatic law based on over 1000 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also point out multiple court cases I have been affiliated with where a staff member of a hospital or clinic has been sued or even imprisoned! I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why should you Attend: Are you confused about HIPAA? Do you just want the basics and in plain English? Do you know there are civil and criminal penalties even for the rank and file staff member! Do you know what you can and can't do with protected health information? It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence

HIPAA Breach Notification Rules and its new version : Let us begin at the beginning: What is breach notification? The term is pretty simple to understand. It means notifying the authorities whenever there is a breach of Protected Health Information (PHI). Covered Entities (CE's) and Business Associates (BA's), who are closely associated with PHI, and individuals whose PHI data are breached, are required to bring such data breaches to the notice of the authorities, whenever there is one. A breach notification is a mechanism that is aimed at ensuring that BA's and CE's meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA). To whom should the affected individuals and CE's and BA's complain? Whenever there is a breach of PHI by a CE or a BA, or if there is violation of the Privacy, Security, or Breach Notification Rules, the affected individual can complain to the Office for Civil Rights (OCR), which will initiate investigation into these complaints. Whenever a CE or a BA detects a breach, it can complain to the Secretary of Health and Human Services (HHS). In addition, the HIPAA breach notification rules have clear guidelines on how to report breaches in the following classifications: HIPAA's definition of a breach A breach of PHI is said to have taken place when any unpermitted use or disclosure that compromises the security of the data in the PHI takes place. Any such action, resulting in the breach of any kind of data contained in a PHI, big or small, is considered a breach, unless the CE or BA can explain that the data that got breached into was not serious enough, from its risk assessment point of view, to warrant immediate intervention. The new HIPAA breach notification rules The HHS embarked on a new HIPAA breach notification program, the HIPAA Privacy, Security, and Breach Notification Audit Program, with which it seeks to bring a few changes into the existing HIPAA breach notification rules. This new Audit Pr

Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your healthcare practice, business, or organization needs to understand how to put HIPAA compliance program in place or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive course. Why should you Attend: With an increase in HIPAA enforcement and Phase 2 audits underway, many organizations need to fully understand the requirements of a compliance program. Attendees will leave the course clearly understanding of all the requirements for a comprehensive HIPAA compliance program and what steps need to taken to mitigate risk. After completing this course, a Covered Entity or Business Associate will have a clear roadmap for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? What is a HIPAA Compliance Program? What is a HIPAA Risk Management Plan? What is meant by "Required" and "Addressable" Implementation Specifications? What are Administrative, Technical, and Physical Safeguards Requirements? What is a HIPAA Risk Assessment? What are HIPAA training requirements? What is a HIPAA data breach and what happens if it occurs? What are the penalties and fines for non-compliance and how to avoid them? Creating a Culture of Compliance Questions Who Will Benefit: Com

Overview: One of the major requirements of the health care organization to be HIPAA compliant is to develop and implement a set of HIPAA privacy and security policies and procedures. This can be a daunting task for those not knowing where to start and what a set of HIPAA privacy and security policies and procedures should look like. For the cost conscious health care organization, the HIPAA policies and procedures can have multiple uses: first, they can become a basis for training the health care organization workforce; second, they can be used as a basis for conducting a HIPAA self-assessment; and third, they can be used to demonstrate due diligence should there be a breach or an externalHIPAA compliance audit. In today's world it is not necessary that the health care organization spend significant funds to develop a set of HIPAA privacy and security policies and procedures from scratch. The health care organization can likely find templates on the internet that can be used as a starting point to customize HIPAA policies and procedures to be unique for the health care organization. The preparation of a well-documented set of HIPAA policies and procedures needs to be addressed through the development of Privacy and Security policies and procedures that address each of the requirements shown in the HIPAA regulations as amended by the HITECH law and the final Omnibus Regulations. The process of developing the HIPAA privacy and security policies and procedures also provides a reference for the health care organization how to consider the security addressable and required regulation requirements. Why should you attend: There are three situations where having a set of HIPAA policies and procedures are needed: First, the policies and procedures become a good reference to ensure that all areas are addressed for becoming HIPAA compliant. Second, the HIPAA regulations REQUIRE covered entities and business associates to have a set of policies and procedures directing