Group items tagged

Overview: Section 13411 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, requires Health and Human Services (HHS) to conduct periodic audits of providers and business associates to ensure their compliance with the HIPAA Security and Privacy Rule, and breach notification standards. To implement this mandate, the Office of Civil Rights (OCR) has conducted HIPAA/HITECH audit program with KPMG of 115 health care organizations to assess privacy and security compliance. This webinar will focus on the implementation and tracking of HIPAA audit best practices in a healthcare setup in order to prepare for the federal audit using published OCR audit protocols. Every audit begins with interviews, a questionnaire, and a thorough policy and procedures review. Presenter, with his decades of knowledge in the compliance, legal, auditing and security areas, will walk the attendees through the audit process, documentation requirements, and implementation specifications of the HIPAA privacy, security and breach rules. This presentation not only provides opportunity for the participants to prepare for the federal HIPAA audit but also to improve the security posture of their organizations by adopting to changing technology (mobile, social media, Health Information Exchange(HIE), cloud services, etc.) and threat landscape perspective as well. This presentation will uncover reasons why many health information breaches are occurring and help organizations better secure and comply with electronic protected health information by meeting the required and addressable HIPAA/HITECH security rules. The presenter will also share the best practices used for HIPAA security implementation and continuous risk assessment which is considered as "due diligence" by auditors for the HIPAA security compliance program. Areas Covered in the Session: Healthcare Technology Adoption/Trends Healthcare Regulatory (HIPAA/HITECH) and OCR/HHS Audit Overview Differences between

Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your healthcare practice, business, or organization needs to understand how to put HIPAA compliance program in place or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive course. Why should you Attend: With an increase in HIPAA enforcement and Phase 2 audits underway, many organizations need to fully understand the requirements of a compliance program. Attendees will leave the course clearly understanding of all the requirements for a comprehensive HIPAA compliance program and what steps need to taken to mitigate risk. After completing this course, a Covered Entity or Business Associate will have a clear roadmap for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? What is a HIPAA Compliance Program? What is a HIPAA Risk Management Plan? What is meant by "Required" and "Addressable" Implementation Specifications? What are Administrative, Technical, and Physical Safeguards Requirements? What is a HIPAA Risk Assessment? What are HIPAA training requirements? What is a HIPAA data breach and what happens if it occurs? What are the penalties and fines for non-compliance and how to avoid them? Creating a Culture of Compliance Questions Who Will Benefit: Com

Overview: Drug and device research is confusing and difficult on its own but when you start combining drugs with devices the regulatory landscape changes as there are more nuances to deal with. Knowing how drug and device studies are each regulated is important in navigating the challenges posed by studies that wish to use both. It is also important to be aware of current guidance affecting the use of both drugs and devices in a study as well current guidance affecting the classification of devices. Why should you attend: Information on drugs and devices is plentiful. But, it can also be daunting .The webinar will give attendees a foundation and a starting point on which they can build. Learning objectives: Define drug research Define device research Explore the differences between the two Describe requirements when drugs and devices are combined in one study Areas Covered in the Session: Defining Drug Research FDA approved drugs Investigational drugs Compassionate use Defining Device Research FDA approved devices 510 K devices Humanitarian Device Exemptions Invitro Diagnostic Devices Investigational Devices Federal regulations governing drugs and devices Guidance governing drugs and devices Combining devices and drugs into one study What are the requirements? What are the regulations and guidance? How these studies are reviewed Who Will Benefit: Investigators Researchers Research Staff Study Coordinators Auditors Research Administrators Speaker Profile Sarah Fowler-Dixon is Education Specialist and instructor with Washington University School of Medicine. She has developed a comprehensive education program for human subject research which has served as a model for other institutions. She crafted budgets, policies, procedures, reporting, and training for the new program. She has initiated the planning, development, authorship and implementation of many human subjects research policies, practices, guidelines, submission and reviewer forms often working with st

Overview: The trial master file is a hard copy of all documentation relating to a clinical trial. It contains essential documents. When studies are conducted under ICH E6 Good Clinical Practices (GCP), this collection of documents must be present before, during and after the trial. These documents help provide quality assurance and help researchers evaluate their compliance with GCP, federal regulations and applicable laws. Why should you Attend: Anyone responsible for handling trial documentation or quality assurance activities. Areas Covered in the Session: Trial Master File (TMF): what is it? Essential documents required ICH guidelines and Good Clinical Practice (GCP) Food and Drug Administration (FDA) guidance and expectations Paper or electronic trial master files - what is allowable Links to useful resources Who Will Benefit: This webinar will provide valuable assistance to all personnel in: Human Subjects Research Healthcare interested in exploring the field of Clinical Research New Clinical Research Coordinator positions (1-2 years) New Principal Investigator positions Administration in charge of Clinical Research Regulatory Compliance Speaker Profile Sarah Fowler-Dixon is Education Specialist and instructor with Washington University School of Medicine. She has developed a comprehensive education program for human subject research which has served as a model for other institutions. She crafted budgets, policies, procedures, reporting, and training for the new program. She has initiated the planning, development, authorship and implementation of many human subjects research policies, practices, guidelines, submission and reviewer forms often working with state and federal authorities. She has provided consultation regarding ethical, federal, state, and institutional requirements for faculty and staff both in the design and execution of their projects and teaches research ethics and regulatory affairs and the fundamentals of research manageme

Overview: Remember spaghetti code? The HIPAA breach area is now almost as convoluted and overlapping and confusing as spaghetti code. Sometimes you think you are both coming and going at the same time when you think through an event to determine if your organization has had a breach. For example: Is a security incident always a beach? Is an ePHI breach a security incident as well? Is a cybersecurity event always a breach? What if it does not steal any clinical information, diagnoses or procedures information, or any payment information? A security incident? Or both? Are all the necessary kinds of notice in the Breach rule? What is Cybersecurity Insurance? Is it really the finger in the dike or itself full of Swiss cheese? Can the loss of patient or member data be a HIPAA breach and identity theft plus a fraud issue? Why should you Attend: HIPAA breaches now number in the multiple thousands, if not multiple millions. Your organization needs to be prepared for the initial sense of panic, a complete investigation, and the federal, state and reputational costs of a mega breach. A breach now costs in money approximately $225/record. And this does not include any fine of any type. The loss and theft of 1000 records may cost you organization from a quarter to $1 M, or more, and 6 months to a year to resolve. You need to know the basics of what PHI and ePHI really are; what puts the event into the breach safe harbor, what breach exceptions keeps the event out of OCR's hands, what the 4 factors are and how they are used. You need to know that your organization's breach plan and your policies and procedures include the need to notify when necessary the police, the FBI and other state and federal organizations beyond the Office for Civil Rights. Your organization needs to know how to protect itself after the fact by considering Cybersecurity Insurance. Areas Covered in the Session: Definition and reporting of a Security Incident Definition of a breach Breach Guidance Br

Course "Marketing Products without Getting Hammered by FDA" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: With this seminar you will learn how to navigate FDA's legal requirements and its interpretations for enforcement purposes. The agency now applies the principles of cognitive psychology to aid in its determination of what a message really conveys. This becomes a new factor in trying to stay within FDA's legal corral. This conference will provide insight on how to manage your marketing activity and gauge what regulatory risks your business is willing to accept. You will learn how corporate management requires cooperation between marketing, regulatory affairs, legal counsel, manufacturing, engineering and finance departments. You will understand that a weak link in any department leaves the entire corporation vulnerable to FDA enforcement. Most importantly, you will understand the boundaries that FDA uses and how easy it is to cross them. With information from this course, you can step back and rationally evaluate your firm's regulatory profile for advertising and promotion. Why should you attend: If you go "off label" with advertising and promotion, you become embroiled in FDA's advertising and promotion requirements. For devices, the law is weak and lacks legal clarity. For drugs, FDA's law and regulations are extensive and have violated Constitutional protections. Depending on your point of FDA's promotion and advertising requirements can help you or hurt you? There is an inherent conflict in interests. In any case, you need to identify practical criteria to make marketing decisions. That begs the question of whether or not marketing managers and regulatory affairs managers will even try to agree on an issue. FDA's Center for Devices and Radiological Health (CDRH) has never issued a comprehensive guidance on advertising and promotion. You are on your own. CDER has esta

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analy

Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the understanding the fundamentals of a HIPAA and how you will be required to demonstrate your organization's compliance program. If your healthcare practice, business, or organization needs to understand how to be prepared for an increase in HIPAA enforcement and make sure your current safeguards are adequate and can withstand government scrutiny, please join us for this informative and interactive course. Why should you Attend: BAll most 120,000,000 individuals were affected by HIPAA data breaches in 2015. This is a significant reason why Congress has inquired about the recent and very sizeable increases in cyber-attacks that inflect the risk of medical identity theft. The HHS Office for Civil Rights not only are conducting audits but is looking to increase HIPAA enforcement. Attendees will leave the course clearly understanding of all the requirements that must be in place for HIPAA and how to demonstrate compliance if audited. After completing this course, a Covered Entity or Business Associate will be able to know what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? What are the HIPAA Security and Privacy Rules? What is a HIPAA Risk Management Plan? What is meant by "Required" and "Addressable" Implementation Specifications? What are Administrative, Technical, and Physical Safeguards Requirements? What is a HIPAA Risk Assessment? What are HIPAA training requirement

Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the understanding the fundamentals of a HIPAA compliance. If your healthcare practice, business, or organization needs to understand what is required to protect health records or make sure your current safeguards are adequate and can withstand government scrutiny, please join us for this informative and interactive course. Why should you Attend: With a substantial increase HIPAA data breaches, organizations must understand the requirements to safeguard protected health information. Attendees will leave the course clearly understanding of all the requirements that must be in place for protecting the health records their organizations maintain, create, transmit, or store. After completing this course, a Covered Entity or Business Associate will have a clear understanding for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? What is a HIPAA Risk Management Plan? What is meant by "Required" and "Addressable" Implementation Specifications? What are Administrative, Technical, and Physical Safeguards Requirements? What is a HIPAA Risk Assessment? What are HIPAA training requirements? What is a HIPAA data breach and what happens if it occurs? What are the penalties and fines for non-compliance and how to avoid them? Creating a Culture of Compliance Questions Who Will Benefit: Compliance Of

Overview: FDA 7348.811 section 1 states, "Regardless of the type of system used by the clinical site, the regulatory requirements for clinical data do not change whether clinical data are captured on paper, electronically, or using a hybrid system." What type of system is best for your program and investigator capabilities? The wrong choice yields inspectional non compliance. The right choice of electronic data capture, direct data entry, and data management depends on a sponsor assessment of the systems and procedures at the investigator site as compliant with FDA inspectional requirements. Additional source documentation procedures (origination, authorization, and signature) are required at the investigator site to address the electronic data capture process. It is these three FDA mandated inspectional criteria, applicable to every electronic data element, that generate most of the significant inspectional noncompliant findings. Some data elements are more likely to be associated with the findings of noncompliance than others. It is in fact difficult to determine which data requires or does not require original source documentation and what defines "original source documentation". Why should you attend: Investigators commonly assume that the new guidance and regulations reduce the need for source documentation in clinical trials. In fact, there are new procedural documents relevant to the electronic source documents and direct data entry that are required to comply with the current inspectional standards and the final guidance. Sponsor due diligence in choosing, training, and monitoring investigator sites to enable the use of compliant electronic data capture is required. Basic knowledge of part 11 and GCP requirements will be helpful in attending this advanced webinar. The focus will be on the additional FDA inspectional requirements for electronic data capture, and the impact of using electronic data capture on the seven FDA inspectional priority objectives

Overview: As defined by the Health Information Portability and Accountability Act (HIPAA), a Business Associate can be any organization or person working in association with or providing services to a Covered Entity who handles or discloses Protected Health Information (PHI) or Personal Health Records (PHR). With certain exceptions, a person or entity that creates, receives, maintains, or transmits PHI for a function or activity regulated by the HIPAA Privacy Rule for a Covered Entity is a Business Associate. The HITECH Act, a recent update made to overall HIPAA regulations require Business Associates to comply with HIPAA mandates regarding the handling and use of health information. As a Business Associate you must comply with a wide-range of regulatory obligations, including certain privacy obligations, security standards, and breach notification requirements. If your business needs to understand what it means to be a Business Associate and know what required safeguards, policies and procedures must be in place or make sure your current compliance program is adequate and can withstand government scrutiny, please join us for this informative and interactive session. Why should you Attend: There is a lot of confusion about the role and requirements of being a Business Associate. Organizations must be prepared prior to entering into these contracts for services as a vendor and subcontractor. Attendees will leave the course clearly understanding of all the requirements that must be in place for the Business Associate - Covered Entity arrangement. After completing this course, a Business Associate will have a clear understanding as to what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? What are the Consequences of being a Business Associate What is a HIPAA Compliance Program? What is a HIPAA Risk Mana

Overview: In 2013, The US Department of Health and Human Services made major changes to rules implementing The Health Insurance and Portability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2003 (HITECH). Among the many areas impacted by these rules (billing, marketing, research, IT security, etc.) is fund raising. The amendments significantly modify the methods and practice that hospitals, their institutionally related foundations, and other healthcare charities may or must employ when using ANY patient or client information for fund raising. The webinar will cover how to effectively implement the fund raising regulations in a manner that increases both opportunities for philanthropic support and compliant implementation of the new mandates. The rules include specific operational requirements, some of which prohibit protocols that were required under the original HIPAA regulations. The "magic words" mandated by HIPPA-related regulations changed in multiple areas. The webinar will cover all of these areas to ensure your organization is both legally compliant and operationally effective. The types of information that may be used for fund raising changed significantly. This presents numerous substantial fund raising opportunities, as well as challenges on the use and storage of such information. Among other areas to be presented are The required method for individuals to opt-out of receiving fund raising communication The methods of informing patients and clients of their right to opt-out from receiving fund raising communication The broadly expanded types of fund raising communication subject to opt-out rights How providers, hospital, and related fund raising foundation apply an opt-out election by an individual The type of patient and client information that health charities may use for fund raising The contents of provider's Notice of Privacy Practice How clinicians can assist both their patients/clients and the

Overview: The Sunshine Act, or Open Payments Program, requires manufacturers of drugs, medical devices, and biologics that participate in U.S. federal health care programs to report certain payments and items of value given to physicians and teaching hospitals. This Act was part of a healthcare reform bill adopted in March 2010. It came about due to requests for increased transparency about the financial relationships between physicians and industry. The Centers for Medicare and Medicaid (CMS) issued the final rules in 2013 which implemented the Sunshine Act. Why should you Attend: Anyone required to adhere to the Sunshine Act standards or anyone interested in knowing what must be reported and made public. Areas Covered in the Session: Purpose of the Sunshine Act Who is required to report under the Sunshine Act? What is reported? Exclusions Tracking Penalties Useful links Who Will Benefit: This webinar will provide valuable assistance to all personnel in: Human Subjects Research Healthcare interested in exploring the field of Clinical Research Clinical Research Coordinators Principal Investigators/Physicians Administration in charge of Clinical Research Regulatory Compliance Speaker Profile Sarah Fowler-Dixon is Education Specialist and instructor with Washington University School of Medicine. She has developed a comprehensive education program for human subject research which has served as a model for other institutions. She crafted budgets, policies, procedures, reporting, and training for the new program. She has initiated the planning, development, authorship and implementation of many human subjects research policies, practices, guidelines, submission and reviewer forms often working with state and federal authorities. She has provided consultation regarding ethical, federal, state, and institutional requirements for faculty and staff both in the design and execution of their projects and teaches research ethics and regulatory affairs and the fu

OSMA guidelines for physicians and patients on social media practices

The Department of Industrial Policy and Promotion (DIPP) has released a statistic affirming Foreign Direct Investment in the region of pharmaceuticals and drugs. The value of investments will be around US $ 8.81 billion that comes to about Rs 48,828.3 crore in Indian currency. It is predicted that, the biotechnology industry will surpass 11.6 billion dollars by the year 2017

Course "Tougher Import Rules for FDA Imports in 2016" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: FDA's and the Customs and Border Patrol Service (CBP) have become increasingly sophisticated and equally demanding in the submission of information and adherence to government procedures. Firm's that fail to understand and properly execute an import and export program find that their shipment is delayed, detained or refused. In 2016 entries must use the Automated Commercial Environment (ACE) entry filing system or face entry refusals and monetary penalties up to $10,000 per offense. A number of other factors can derail the expectation of a seamless import process. The course covers detailed information about the roles and responsibilities of the various parties with an import operation and how to correct the weakest link(s) in the commercial chain. The course will include tips on how to understand FDA's thinking and offer anecdotal examples of FDA's import program curiosities. Why should you attend: What happens when your product is detained? FDA will begin a legal process that can become an expensive business debacle. You must respond fully within short timeframes. This is not the time for you to be on a learning curve. You need to have a plan in place and know what you are doing. The FDA is steadily increasing the legal and prior notice information requirements. If you do not know what those requirements are and you initiate a shipment, your product is figuratively dead in the water. You must be accurate with the import coding information and understand the automated and human review process. If not, you can expect detained shipments. CBP is implemented a new "Automated Commercial Environment" computer program that changes import logistics and information reporting for FDA regulated products. Your shipment may be stopped before it is even loaded at the foreign port. What

What is Corporate Governance? In a broad sense, corporate governance can be defined as a set of processes by which corporations are run and administered. These are a collective function of the critical, core decision makers in the organization, such as Directors, CEO, managers, investors, stakeholders, shareholders, creditors, auditors and others. Corporate Governance sets out the methods and rules for making rules that govern corporate entities. Although business is the main concern and task of an organization, Corporate Governance occupies as important a position, because while the financial aspect of a business is all about profits, the Corporate Governance aspect is primarily about its integrity, values and reputation. Corporate Governance takes into consideration all aspects of the governance of the organization from critical standpoints such as ethics, regulatory aspects, policies and mission, etc. History of the growth of Corporate Governance Although Corporate Governance has been around for a number of decades in some or another form, it came to acquire proper shape and direction of late, following the collapse of very big multinationals such as Enron, WorldCom and others. It was felt that their shady dealings, which led to huge losses for their stakeholders and eventually to the businesses collapse, could have been averted if a proper regulatory framework of Corporate Governance were in place. This is the feeling that led to the passing of the Sarbanes Oxley Act, or SOX in the early 2000's. One of the core principles enunciated in SOX related to Corporate Governance. Elements of Corporate Governance As a result of the SOX Act and other legislations in other developed countries, such as the Cadbury Report of the UK and other legislations in the OECD nations; Corporate Governance is now administered through a well-defined set of principles. As a result of these legislations, Corporate Governance is now concerned with the following: Problems areas of Co

Overview: Learn how to improve your healthcare compliance program by using requirements found in corporate integrity agreements (CIAs) issued by the OIG. By proactively incorporating various features of CIAs, healthcare providers of all types can be better assured of meeting compliance standards. While there are many different types of healthcare compliance issues, probably the area of most concern is that of properly filing claims and receiving appropriate reimbursement. The OIG has issued various types of guidance including Federal Register entries, fraud alerts, and issues as listed in the OIG Work Plans. By providing such guidance, the OIG has given healthcare providers notice so that there can be no defense of not knowing about an issue. By organizing your compliance program to detect and then correcting various types of issues is a major objective of having a compliance program. Understanding systematic processes for improving your healthcare compliance program using CIA requirements can forestall possible criminal and civil monetary penalties. The hundreds of CIAs that have been developed when the OIG detects fraudulent activities can be used as a guide for developing and improving healthcare compliance programs for all types of healthcare providers. The process of statistical extrapolation is used by the OIG when conducting studies in order to determine recoupment amounts. Statistical extrapolation can also be used by healthcare providers when determining possible overpayments. However, the proper use of statistical extrapolation is a formal and complex mathematical process that must be properly applied. The OIG CIAs provide another resource for healthcare providers to study, understand, and then apply as appropriate. Why should you Attend: What are the OIG Corporate Integrity Agreements (CIAs)? Why does the OIG issue CIAs? Can I use general requirements from CIA to avoid monetary penalties or even avoid going to jail? Can any healthcare provider use

Overview: Today's health care delivery occurs in a diverse, fast-changing, multidisciplinary health care environment. This often presents challenges to the health care professional that are not easy to navigate. Medical records and their confidentiality have long been the exclusive province of state law, but has now been recognized for some time in the federal HIPAA statutes and federal regulations. Differing and even conflicting sources of requirements at the state level still exist for the retention and disposition of medical records. These sources may vary based upon the specific health care practitioner - whether physicians, dentists, psychologists, or other health care providers, including mental health practitioners. As to the specific, individual health care practitioner, state laws mandate their confidentiality, retention, and even their specific content with regards to patient, clinical records. In addition to these clinical requirements, additional state laws set forth the content and retention of other types of records kept by the professional, such as supervisory agreements with other professionals subordinate to them as well as their own unique record content requirements. With the majority of medical records moving to an electronic format, special rules now exist with regard to the confidentiality, security, retention, and disposition of electronic medical records. This is particularly important as state laws continue to allow for and regulate the provision of telemedicine by various health care practitioners. For example, while psychotherapy and mental health services are ideal treatments to offer over the internet, that is, by simultaneous audio-visual transmission between the doctor and the patient, the risks of breaches of confidentiality also vastly increase. And when the successful doctor-patient relationship is over, how does the health care practitioner providing a mental health service dispose of these electronic records? In addition to

Overview: Discussions, presentation, and webinars regarding HIPAA regulations are usually addressed from the perspective of what the regulations entail, the necessity of compliance with the regulations, and the consequences of willful neglect or non-compliance. This presentation addresses HIPAA regulations from a different perspective - from a personal perspective - from the perspective of the person in charge of moving an organization or facility toward full compliance with HIPAA. The by-product of this presentation will be both an understanding of, and a detailed job description for, a position mandated in the regulations - the HIPAA Security/Privacy Officer. Why should you attend: The HIPAA regulations are numerous, complicated, often vague, and affect every person working in a healthcare facility. Compliance with HIPAA will require a unique individual to lead the charge - an individual whose education, background, experience, and demonstrated skill sets offer the opportunity for that person to succeed in achieving the goals of that position. This is a new position to most healthcare facilities. So understanding who this person should be, what is required of the person with this job title, and with whom this person will interface is vital to every healthcare organization with the goal of achieving full compliance with HIPAA. Areas Covered in the Session: Position goals Position requirements (education, experience, skill sets, etc.) Position responsibilities Stay abreast of regulations Initiate compliance with HIPAA (according to regulations) Ensure continuous progress toward full compliance Develop appropriate security/privacy policies & procedures Oversee and deliver appropriate training programs to all employees Track compliance with HIPAA regulations at the facility & individual levels Track access to PHI Investigate and resolve HIPAA violations Apply sanctions to HIPAA violators Manage any information security personnel Prepare a department