Group items tagged

Course "Effective and Efficient Internal and Supplier Quality System Auditing for Medical Devices" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Do you want to understand how to do efficient and effective internal and supplier audits that meet all the requirements of your external auditors, but also add value to your company? Are you confused by all the requirements and guidance documents for medical device quality management systems and are tired of wading through all the regulatory language they contain. This course is for those who will do internal or supplier audits, manage an audit process for these or other company audits. This course will provide you with an easy to understand presentation on the auditing process as well as the requirements you will need to audit under ISO 13485 and the FDA Quality System Regulation (cGMP) Both FDA Quality System Regulation (QSR) and ISO 13485 require that companies do internal audits. However, because the FDA does not look at the content of internal audits, some companies do not get feedback on the true effectiveness of their internal audit system from the FDA during FDA Inspections. ISO 13485 auditors do look at internal audits, but are most concerned that you define a process that meets the requirements of the standard and are following your process. Both require that you define Auditor training is required, but this sometimes just requires reading the company's procedure, although most external auditors will look for more than this. Do you need to train new auditors for yours medical device quality management system or to audit your suppliers? Or do you need to improve the training of your internal and supplier auditors so that they add value to these audits? If you need to do either of these, this seminar will provide this training. In addition to auditing skills and hands-on auditing exercises, this seminar will provide an ove

The emerging discipline of Hospitals Management Performance Assessments Over the past few years, Hospitals Management Performance Assessments have begun to gain acceptability and credence in healthcare circles. Hospitals Management Performance Assessments came into being as a result of a conscious effort by advanced countries, mainly European, with sufficient backing from the World Health Organization (WHO) to arrive at some sort of metrics to evaluate the critical functioning levels of hospitals. The topic of Hospitals Management Performance Assessments came to acquire proper shape and structure following the heavy reference the WHO made to this discipline at the WHO European Ministerial Conference on Health Systems of June 2008. The following year, it found resonance again, when it was the theme of the World Health Day. The evaluation of Hospitals Management Performance Assessments Hospitals Management Performance Assessments started to evolve primarily to provide healthcare professionals with a tool to diagnose the quality of performance of the hospitals and other healthcare settings they work in. It was felt, over time and experience, that when strict appraisals were being made in many areas of healthcare, a set of parameters to assess the level of efficiency of hospitals would go a long way in ensuring the implementation of enhanced processes, leading to better patient outcomes. Areas of concentration for Hospitals Management Performance Assessments The core disciplines in which Hospitals Management Performance Assessments sought to bring about measurable and verifiable improvements were: The PATH approach As a result of discussions and deliberations the WHO held with many countries, primarily European, a path for charting out the course of Hospitals Management Performance Assessments was concretized in the form of what the WHO called the PATH - the Performance Assessment Tool for Quality Improvement in Hospitals. A brief understanding of PATH PATH

Course "Key Factors to Write an Effective Standard Operating Procedure (SOP) and Work Instructions (WIs)" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Writing SOPs or procedural documents can be challenging at times. However, writing SOPs is overall a straightforward process. However, enforcing what you already created and implemented in the pipeline is another story. The term SOP is very obvious. We have seen "clearly written description of how specific tasks are to be done." Another satisfactory definition would be "detailed written instructions that achieve the uniformity of the performance of a specific function." Is the firm doing what the regulations specify? Is the firm doing what their procedures specify? If you are medical device or a pharmaceutical manufacturer, these definitions come as no surprise because when it comes to FDA regulations and guidance documents "establish" means to define, to document (in writing or electronically) and to implement. The goal and emphasis with FDA is simple. Proof of "Establish" is the foundation. Is the firm doing what the regulations specify? Is the firm doing what their procedures specify? Are the procedures being followed and enforced by company personnel? SOPs are needed in regulated industries to give step-by-step instructions for performing a particular job or task. This session will provide a step-by-step overview and a snapshot of the procedure description, the process and format. The subject matter of a SOP may range from how to operate a piece of machinery to how to log into a particular software program. SOPs ensure consistency and reliability because they require training of all affected parties. This session will address recent enforcement actions for SOP related violations but no surprise. Most of our enforcement actions are documentation related, i.e., SOP or other procedural documents. We will review examples from

Overview: Have you ever had a student who was excessively dramatic or who repeatedly monopolized discussions in a know-it-all, domineering, or aggressive fashion? Perhaps you've encountered a student who was so odd or anxious that they weren't able to participate in group activities or complete assignments. It's hard to know what to do when a student's personality just seems to take over your class, but you can't just stand by and do nothing. If they are not managed effectively, students with personality disorders take up a lot of time and can move your whole class in counterproductive directions. Sometimes these challenging students have a Personality Disorder, which is a persistent pattern of perceiving, relating to, and thinking about the environment and themselves that is maladaptive, rigid, pervasive, and enduring. Personality Disorders also manifest in the student's emotional response and impulse control and can negatively impact classroom teaching and learning as well as a student's personal and academic success. Unless you are a particular student's psychiatrist, it's not your job to diagnose them as having a personality disorder, but it is helpful to recognize and understand signs of a personality disorder. This webinar will identify different personality disorders and review their common traits and characteristics. You will learn essential tools for dealing with Personality Disorders such as boundary setting, clear communication, and effective classroom management. In addition, you will review relevant mental health resources and when and how to make appropriate referrals to counseling, accessibility services, and student conduct. Why should you attend: If students with personality disorders are not managed effectively, their behavior can have a negative impact on teaching and learning. Areas Covered in the Session: Ten types of Personality Disorders Prevalence and Demographics Developmental issues Common traits and characteristics of Personality Dis

Overview: Discussions, presentation, and webinars regarding HIPAA regulations are usually addressed from the perspective of what the regulations entail, the necessity of compliance with the regulations, and the consequences of willful neglect or non-compliance. This presentation addresses HIPAA regulations from a different perspective - from a personal perspective - from the perspective of the person in charge of moving an organization or facility toward full compliance with HIPAA. The by-product of this presentation will be both an understanding of, and a detailed job description for, a position mandated in the regulations - the HIPAA Security/Privacy Officer. Why should you attend: The HIPAA regulations are numerous, complicated, often vague, and affect every person working in a healthcare facility. Compliance with HIPAA will require a unique individual to lead the charge - an individual whose education, background, experience, and demonstrated skill sets offer the opportunity for that person to succeed in achieving the goals of that position. This is a new position to most healthcare facilities. So understanding who this person should be, what is required of the person with this job title, and with whom this person will interface is vital to every healthcare organization with the goal of achieving full compliance with HIPAA. Areas Covered in the Session: Position goals Position requirements (education, experience, skill sets, etc.) Position responsibilities Stay abreast of regulations Initiate compliance with HIPAA (according to regulations) Ensure continuous progress toward full compliance Develop appropriate security/privacy policies & procedures Oversee and deliver appropriate training programs to all employees Track compliance with HIPAA regulations at the facility & individual levels Track access to PHI Investigate and resolve HIPAA violations Apply sanctions to HIPAA violators Manage any information security personnel Prepare a department

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analys

Healthcare Rehabilitation is a vast field: The field of healthcare rehabilitation is very vast and expansive. In traditional societies, most commonly relatable to the Orient and Africa, there is the ages-old cultural belief that it is the duty of children to take care of their parents when they age. On the contrary, for us in the west, healthcare rehabilitation has emerged as a specialized branch of healthcare because of the emphasis our society places on independence of the individual. Healthcare rehabilitation is a product of social mores: Younger generations of people are not expected to spend entire years, as may be the case in some families, to look after people of their previous generations who may be in need of medical care. It is on this outlook towards life of our society that healthcare rehabilitation has come into being. However, it is also possible that younger people could also be in need of healthcare rehabilitation. Even such people are put in the care of healthcare providers which offer these services. The divisions of healthcare rehabilitation: Branching out as a fully developed field of healthcare, healthcare rehabilitation has many specializations. These are broadly the areas in which healthcare rehabilitation is offered: General rehabilitation: General rehabilitation of some or another kind is a primary aspect of healthcare rehabilitation. Those in need of this kind of care typically include patients who have lost their ability to carry out day-to-day tasks such as talking, walking, brushing, eating, etc. many a time, depending on the nature of the ailment, rehabilitation could include therapies, exercises and other activities aimed at bringing in some element of mobility in the patient. This kind of healthcare rehabilitation could also include taking care to revive the patient's memory, when patients with diseases like Alzheimer's or Parkinson's are admitted for healthcare rehabilitation. Skilled nursing: An area in which a skilled and

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analy

Overview: Mental health care practitioners work in today's diverse, fast-changing, multidisciplinary health care environment. Nowhere but in mental health is there such diversity of clinicians who provide the same or similar services of counseling and therapy. A potential client has a wide choice of mental health providers from whom to choose. Yet each individual mental health profession has a unique education, training, and experience requirement for practice. While similarities exist, requirements differ from state to state and even from profession to profession with a single state. What are these requirements and how do they apply? The state's authority and power over mental health practitioners often presents challenges to these mental health professionals that are not easy to navigate. Differing sources of legal and ethical authority govern each respective health care practitioner in ways that are similar but not the same. Ethics and law are similar, but not the same. All mental health practitioners must adhere to standards of state law which govern their professional practices, including the very core of the doctor-patient relationship. Codes of ethics and state law may both apply to govern the conduct of this clinician. Even some state laws are referred to as ethical codes. Complaints as to alleged misconduct or ethical failings are received and investigated by a state agency and leave the mental health practitioner with an uncertain process to handle and to defend the state action against them. With this background, this seminar empowers the full understanding and application of ethics and laws for mental health practitioners. Learn to identify and understand an ethical framework for a sound mental health practice. An ethical framework is essential to having the right perspective to examine mental health dilemmas. Compare and contrast regulatory laws and codes of ethics to understand their differing applicability. Know the difference between laws and ethics,

Overview: Discussions, presentation, and webinars regarding HIPAA regulations are usually addressed from the perspective of what the regulations entail, the necessity of compliance with the regulations, and the consequences of willful neglect or non-compliance. This presentation addresses HIPAA regulations from a different perspective - from a personal perspective - from the perspective of the person in charge of moving an organization or facility toward full compliance with HIPAA. The by-product of this presentation will be both an understanding of, and a detailed job description for, a position mandated in the regulations - the HIPAA Security/Privacy Officer. Why should you attend: The HIPAA regulations are numerous, complicated, often vague, and affect every person working in a healthcare facility. Compliance with HIPAA will require a unique individual to lead the charge - an individual whose education, background, experience, and demonstrated skill sets offer the opportunity for that person to succeed in achieving the goals of that position. This is a new position to most healthcare facilities. So understanding who this person should be, what is required of the person with this job title, and with whom this person will interface is vital to every healthcare organization with the goal of achieving full compliance with HIPAA. Areas Covered in the Session: Position goals Position requirements (education, experience, skill sets, etc.) Position responsibilities Stay abreast of regulations Initiate compliance with HIPAA (according to regulations) Ensure continuous progress toward full compliance Develop appropriate security/privacy policies & procedures Oversee and deliver appropriate training programs to all employees Track compliance with HIPAA regulations at the facility & individual levels Track access to PHI Investigate and resolve HIPAA violations Apply sanctions to HIPAA violators Manage any information security personnel Prepare a department budget Hold Bu

Overview: You need to attend in order to control your own destiny. Get involved up front instead of being a "sitting duck". More Audits are coming and government & private payers are increasing their budgets for increased audit activity around the health care provider industry. The Department of Justice is zeroing in on providers who are aberrant. Private insurance special investigations units are also gearing up and local prosecutors who are hungering for these types of prosecutions are all part of building machinery to eliminate fraud and abuse in the nation's health care system. The concern about the audit/investigative machine that has been developed should create horrendous concern for the health care provider community, because these entities will have to come up with results. Don't become one for their "results". Areas Covered in the Session: Overview of audit risks 14 Strategies to tackling auditors: i.e. Appoint Audit Manager Appoint Audit Committee Proactively seek out info from audit visitors Respond quickly to audit visitor requests Identify On Site control person Provide strong support for onsite control person Onsite control person must be close to the visitors Audit committee to meet daily with visitors Respond quickly to early findings Request feedback from visitors Request Exit conference Carefully review preliminary findings Respond to final report Correct problem findings Who Will Benefit: Health Care Professionals Health Service Providers Compliance Officers CEO's Corporate Attorneys Speaker Profile Joseph R. Batte is president of Kristall Associates, a compliance, and risk assessment specialist for the health care provider community as well as the litigation support community. He is a former special agent with the US Office of Inspector General and participated in the development of that Departments compliance guidance's. He is a nationally known speaker on compliance and has authored the book "Doctors are from Jupiter, Compliance is from

Overview: This lesson will be going into great detail regarding you practice or business information technology and how it relates to the HIPAA Security Rule, in particular portable devices and personally owned devices. Areas covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT. I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures.  Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required.  Why should you Attend: HIPAA NOW HAS TEETH! Be prepared for what's new in 2016! Protect your practice or business! What factors might spurn a HIPAA audit? …are you doing these things? Why are the Feds enforcing after all these years?  It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence to minimize risk.  Areas Covered in the Session: Update

Health Insurance Market Reforms under Obamacare: The Patient Protection and Affordable Act (PPACA), or Obamacare, sets out a number of provisions for health insurance market reforms. Having been set in motion in March 2010; the PPACA sets out health insurance market reforms that are being implemented in stages from dates commencing generally from January 1, 2014. PPACA's health insurance market reforms are aimed at health insurance standards and group health plans. These reforms set out dates for the implementation of these reforms. They also prescribe penalties for noncompliance with these reforms. What kinds of market reforms are needed? The health insurance market reforms suggested by PPACA are almost singularly for group health plans. A group health plan is defined as one in which the employer makes a contribution into expenses accruing from the employee's health insurance plans. When an employer chooses to bring an employee's health plan under her coverage; the employer has to mandatorily comply with the provisions of the health insurance market reforms. Areas of the health insurance market reforms: These are the essential areas in which the health insurance market reforms are to be applied: Removal of lifetime and annual limits on essential health benefits: One of the primary provisions of the health insurance market reforms under PPACA is that it prohibits both lifetime and annual limits on essential health benefits, which were allowed some dollar limits prior to enactment of Obamacare. Preventive health services: An area of preventive health services that has undergone an amendment under the health insurance market reforms is that of no-cost sharing. Accordingly, employer plans are to offer preventive health services without requiring the employee to share the burden for this part of the plan. The three-month waiting period: The health insurance market reforms don't require a waiting period of over 90 days. A waiting period is the period that has

Overview: Final regulations for the new HIPAA Breach Notification Rule require much more than notifying individuals affected by a Breach of their Protected Health Information (PHI). Covered Entities and Business Associates first must follow and document a very specific process to determine if a Breach occurred. If no Breach occurred documentary proof must be kept for six years. If a Breach did occur timely notifications and other actions must be undertaken and documented. This webinar will explain: What Covered Entities and Business Associates must do to comply with the Breach Notification Rule What is and is not a Breach Three exceptions - when an acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is not a Breach How to perform a Breach Risk Assessment to determine if you can demonstrate a a low probability that the PHI was compromised Who must be notified in case of a Breach When notifications must be provided What information must be contained in each notification Other requirements in case of a Breach Investigate Mitigate harm to affected individuals Protect against further Breaches Document everything Planning and preparation for the worst - public relations and mitigation strategies to limit damage to the organization's reputation and financial well-being Why should you attend: Breaches and incidents that might be Breaches happen all the time! More than 173,000 separate breaches of Protected Health Information (PHI) affecting less than 500 individuals were reported to the U. S. Department of Health and Human Services (HHS) between September, 2009 and May 31, 2015 and in the same period HHS received approximately 1240 reports of PHI breaches that affected 500 or more individuals An acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is presumed to be a Breach unless it falls within an exception or the Covered Entity or Business Associate can demonstrate a low probability that the PHI was compromi

Overview: This lesson is going to get back to the basics using multiple real life scenarios and "what if's". My goal is to make this very confusing and not well explained law easy to understand for the typical staff member. I will uncover myths versus reality as it relates to this enigmatic law based on over 1000 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also point out multiple court cases I have been affiliated with where a staff member of a hospital or clinic has been sued or even imprisoned! I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why should you Attend: Are you confused about HIPAA? Do you just want the basics and in plain English? Do you know there are civil and criminal penalties even for the rank and file staff member! Do you know what you can and can't do with protected health information? It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence

Overview: This lesson will be going into great detail regarding your practice or business information technology and how it relates to the HIPAA Security Rule, in particular portable devices. Areas covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT. I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why should you Attend: HIPAA NOW HAS TEETH! Be prepared for what's new in 2016! Protect your practice or business! What factors might spurn a HIPAA audit? …are you doing these things? Why are the Feds enforcing after all these years? It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence to minimize risk. Areas Covered in the Session: Updates for 2016 BYOD Portable devices B

Overview: Many infectious diseases were historically confined to specific geographical regions. However, some now pose global threats due to ease of travel, globalization of trade and commerce and global warming. Government Agencies, non-Profit Organizations, Philanthropic groups and others are also funding vaccination programs for regions where infectious diseases are endemic and to deal with new outbreaks.. Such developments are stimulating research in and the development of improved vaccines, their manufacture and control. Supply Chain complexities and stability issues need to be addressed to cope with transport of vaccines to and their use in climatically hostile regions. Programs to address such challenges need to be implemented, being resourced by appropriately trained and qualified staff from a number of disciplines. Development programs for immuno oncology products also require staffing by similarly skilled professionals. Workers currently engaged in Discovery, Development and Manufacture of conventional medications , or those seeking career-change opportunities can develop an understanding of the concepts, constraints and opportunities associated with Vaccine products by attendance at the Webinar. Engineering professionals involved in facility construction, or repurposing can also benefit as can Regulatory Affairs Professionals or staff at medicines Evaluation Agencies. The subject matter is particularly suited to professionals who are expert in the various disciplines associated with conventional medications ("so-called "small molecules") who wish to expand and develop their skills by involvement in vaccine-related programs including immuno-oncology. Areas Covered in the Session: History of and development of vaccine concepts. undamentals of vaccination Vaccine Types Administration of Vaccines Future Concepts Immuno-Oncology Vaccine Manufacture Who Will Benefit: Regulatory Affair Managers Project Management Personnel QA Managers Scientists Technol

Overview: This lesson will be going into great detail regarding your practice or business information technology and how it relates to the HIPAA Security Rule, in particular portable devices. Areas covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT. I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors. I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures. Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required. Why should you Attend: HIPAA NOW HAS TEETH! Be prepared for what's new in 2016! Protect your practice or business! What factors might spurn a HIPAA audit? …are you doing these things? Why are the Feds enforcing after all these years? It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence to minimize risk. Areas Covered in the Session: Updates for 2016 BYOD Portable devices B

Overview: Essentially, covering in 90 minutes the basics of E everything that applies to your clinical work. We will give you the questions to ask your IT people, because you should not implicitly trust them, because the law will hold you accountable more than them. We will first cover the general principles of electronic compliances as laid forth in HIPAA. We will then discuss how this applies to your desktop/laptop/iPads and smart devices, other electronic equipment such as routers and modems. We also cover the use of email, secure mail and your EHR/EMR. We will discuss the pros and cons of using the cloud for your data storage and EHR/EMR, i.e. knowing what a HIPAA compliant data center looks like. Principles in the use of encryption and passwords and other security principles will also be covered. Why should you Attend: Unless you are 100% sure you've thought through every angle of your patient's electronic PHI and you sleep like a baby never concerned about this then you need to attend. If you have any questions about the details of what electronic compliance looks like and how it's applied in day-to-day clinical and business activities, interactions with vendors, EHR/EMR, your relationship with your ISP and IT providers, use of all electronic devices, then this workshop is for you. It also gives you principles to apply in new situations which are likely to arise frequently. If you wrote the book on this it would be out of date in 24 hours, so what's important is to learn how to think about these things and use your resources to stay ahead of the game. If you are confident you have the basics covered on every item listed below then this seminar is not for you. Areas Covered in the Session: HIPAA electronic compliance Secure use of EHR/EMR Email and secure mail use Encryption and password security principles Interfacing with the public Interfacing with vendors such as ISPs and other telecommunication companies Backups Cloud use How to know your data center