With the many new developments in technology, threats to the privacy and security of health information, and stresses on compliance brought about by emergencies and pandemics, healthcare organizations are reviewing their compliance and making sure they have the proper policies, procedures, and forms in place. HIPAA Security Officers have been renewing their compliance activities and reviewing their documentation to make sure they can meet the challenges of the rules and avoid breaches and penalties for compliance violations as they survive the new stresses and demands on information systems managers and security managers across the country. Given the new realities of severe threats including ransomware and threats to patient safety, coupled with nationwide health emergencies and new technologies for communications, the work of safely meeting rules and legitimate healthcare needs can be overwhelming.
This seminar is designed to provide intensive, two-day training in HIPAA Security and Breach Notification Rule compliance designed for both the seasoned HIPAA professional as well as the individual newly appointed to the position of HIPAA Security Officer, including:
- What’s in the Security and Breach Notification regulations and what has changed?
- What are the new threats to the security of Protected Health Information?
- What are the HIPAA Security Safeguards and how do they work, particularly in emergencies when rules are relaxed?
- Where do Risk Analysis and Risk Assessment fit into the process, and what do they look like?
- What needs to be addressed for compliance by covered entities and business associates?
- What are the most important security issues?
- How does enforcement relate to the Security and Breach Notification Rules, and how might it be suspended during an emergency?
- Are HIPAA Audits continuing and how do we prepare for them?
- What needs to be done to be able to demonstrate your HIPAA compliance?
- What can happen when compliance is not adequate?
- Numerous references and sample documents will be provided.
Learning Objectives:
This Seminar is designed for the HIPAA expert and HIPAA newbie alike who wishes to stay up with changes to HIPAA and related regulations in personal information privacy and security, as well as understand the regulatory issues most frequently encountered in day-to-day operation of health care entities, as well as during emergencies. Objectives include learning related to a variety of topics, including:
In-Person Seminar going Virtual with increased learner satisfaction.
Yes, attend this seminar from anywhere. We are making it real and more interactive – Here's a sneak peek:Our enhanced delivery process and technology provides you an immersive experience and will allow you to access:
- The real-time and live presentation as in in-person events
- Private chat for company-specific conversation – the same as you would get in an in-person seminar
- Opportunities to connect with your peers to share knowledge at a different time and have group discussions
- Live workshop activities
- Live Q&A during the event and offline Q&A assistance after the event
- As usual more content, activities and case studies and now adding homework for a comprehensive understanding
- Certification
- Understand the structure of the HIPAA Regulations and how they work together
- Learn about the overall processes and objectives of the Security Rule, and how to interpret the rules
- Understand how to use Risk Analysis to make compliance decisions in the face of new threats
- Learn about using Risk Assessment and Risk Analysis to help discover and prioritize mitigation of risks
- Know what safeguards must be considered to provide security for health information
- Understand what makes a good information security policy
- Know how to respond to breaches and violations of Privacy and Security rules
- Learn how breaches occur and what steps can be taken to best avoid them
- Work through practical examples of risk analysis and breach analysis
- Learn how to deal with the modern portable technologies and communication methods
- Learn about how the HIPAA rules support the appropriate use of new technologies involving texting and telemedicine
- Find out about how rules may be relaxed in response to emergency circumstances, but must be observed otherwise
- Understand how to use policies, documentation, training, and drills to prepare for audits and incidents, and achieve good compliance
Who will Benefit
This seminar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:
- Compliance director
- CEO
- COO
- CFO
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
- Overview of HIPAA Regulations
- The Origins and Purposes of HIPAA
- Privacy Rule History and Objectives, including Responding to Emergencies
- Security Rule History and Objectives
- Breach Notification Requirements, Benefits, and Results
- HIPAA Security Rule Principles
- General Rules, Flexibility Provisions, and Responding to Emergencies
- The Role of Risk Analysis
- Security Safeguards and Enforcement, including Suspension of Enforcement for Emergencies
- Training and Documentation
- HIPAA Security Policies and Procedures and Audits
- HIPAA Security Policy Framework
- Sample Security Policy Content
- Recommended Level of Detail for Policies and Procedures
- The New HIPAA Compliance Audit Protocol
Day one sets the stage with an overview of the HIPAA regulations and then continues with presentation of the specifics of the Security Rule, the Breach Notification Rule, a Risk Analysis overview and review of the HIPAA security safeguards, detail on recommended policies and procedures, and how to be prepared for HIPAA audits.
- Risk Analysis for Security and Breach Notification
- Principles of Risk Analysis for Information Security
- Analyzing Risks for Determination of Breach Notification
- Risk Analysis Methods
- Risk Analysis Example
- Risk Mitigation, Breach Prevention, and Compliance Remediation
- Typical Security Risks and Preventing Breaches
- Social Media, Texting, e-mail, and Privacy
- Dealing with Portable Devices and Remote Access, and Telemedicine
- Compliance Planning and Decision Making During Emergencies
- Documentation, Training, Drills and Self-Audits
- How to Organize and Use Documentation to Your Advantage
- Training Methods and Compliance Improvement
- Conducting Drills in Incident and Breach Response
- Using the HIPAA Audit Protocol for Documentation and Self-Auditing
Day two begins with principles and methods of risk analysis for Security Rule and Breach Notification compliance, and continues with a discussion of typical security issues and means for avoiding breaches and meeting compliance requirements when it comes to modern technologies, such as texting, e-mail, and social media. Finally, the day concludes with a session on the essential activities of documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits.
Jim Sheldon-Dean,
Principal and Director of Compliance Services, Lewis Creek Systems, LLC
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Mr. Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
He has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Register Now
Online using Credit card
Get the Invitation
Pre-Register yourself and get the official Invite when venue and dates are announced for this seminar.
Call here to register +1-888-717-2436 or email at [email protected]
Other Registration Option
- Download the Order Form
- Fill this form with attendee details & payment details
- Fax it to +1-650-362-2367, or
- Email it to [email protected]
Payment Mode
ComplianceOnline (MetricStream, Inc),
6201 America Center Drive Suite 240
San Jose, CA 95002
USA
Register / Pay by Wire Transfer
Please contact us at +1-888-717-2436 to get details of wire transfer option.Terms & Conditions to Register for the Seminar/Conference/Event
Your registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-717-2436 or email us @ [email protected]
Payment:
Payment is required 2 days before the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. (our parent company).Cancellations and substitutions for In-person Seminars:
Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund - less a $300 administration fee. No cancellations will be accepted - nor refunds issued - within 10 calendar days before the start date of the event.On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($300) will be transferred to any future ComplianceOnline event and a credit note will be issued.
Substitutions may be made at any time. No-shows will be charged the full amount.
We discourage onsite registrations, however if you wish to register onsite, payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available, we will send the material after the conference is over.
In the event ComplianceOnline cancels the seminar, ComplianceOnline is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.