Description
HIPAA Security and Breach Rule Compliance- Understanding Risk Analysis, Policies and Procedures and Managing Incidents
With the many new developments in technology, threats to the privacy and security of health information, and stresses on compliance brought about by emergencies and pandemics, healthcare organizations are reviewing their compliance and making sure they have the proper policies, procedures, and forms in place. HIPAA Security Officers have been renewing their compliance activities and reviewing their documentation to make sure they can meet the challenges of the rules and avoid breaches and penalties for compliance violations as they survive the new stresses and demands on information systems managers and security managers across the country. Given the new realities of severe threats including ransomware and threats to patient safety, coupled with nationwide health emergencies and new technologies for communications, the work of safely meeting rules and legitimate healthcare needs can be overwhelming.
This session is designed to provide intensive, two-day training in HIPAA Security and Breach Notification Rule compliance designed for both the seasoned HIPAA professional as well as the individual newly appointed to the position of HIPAA Security Officer, including:
- What’s in the Security and Breach Notification regulations and what has changed?
- What are the new threats to the security of Protected Health Information?
- What are the HIPAA Security Safeguards and how do they work, particularly in emergencies when rules are relaxed?
- Where do Risk Analysis and Risk Assessment fit into the process, and what do they look like?
- What needs to be addressed for compliance by covered entities and business associates?
- What are the most important security issues?
- How does enforcement relate to the Security and Breach Notification Rules, and how might it be suspended during an emergency?
- Are HIPAA Audits continuing and how do we prepare for them?
- What needs to be done to be able to demonstrate your HIPAA compliance?
- What can happen when compliance is not adequate?
- Numerous references and sample documents will be provided.
Learning Objectives:-
This session is designed for the HIPAA expert and HIPAA newbie alike who wishes to stay up with changes to HIPAA and related regulations in personal information privacy and security, as well as understand the regulatory issues most frequently encountered in the day-to-day operation of health care entities, as well as during emergencies. Objectives include learning related to a variety of topics, including:
- Understand the structure of the HIPAA Regulations and how they work together
- Learn about the overall processes and objectives of the Security Rule, and how to interpret the rules
- Understand how to use Risk Analysis to make compliance decisions in the face of new threats
- Learn about using Risk Assessment and Risk Analysis to help discover and prioritize mitigation of risks
- Know what safeguards must be considered to provide security for health information
- Understand what makes a good information security policy
- Know how to respond to breaches and violations of Privacy and Security rules
- Learn how breaches occur and what steps can be taken to best avoid them
- Work through practical examples of risk analysis and breach analysis
- Learn how to deal with modern portable technologies and communication methods
- Learn about how the HIPAA rules support the appropriate use of new technologies involving texting and telemedicine
- Find out about how rules may be relaxed in response to emergency circumstances, but must be observed otherwise
- Understand how to use policies, documentation, training, and drills to prepare for audits and incidents, and achieve good compliance
Agenda:-
Day 01 (11:00 AM EST - 05:00 PM EST)
Day one sets the stage with an overview of the HIPAA regulations and then continues with the presentation of the specifics of the Security Rule, the Breach Notification Rule, a Risk Analysis overview and review of the HIPAA security safeguards, detail on recommended policies and procedures, and how to be prepared for HIPAA audits.
- Overview of HIPAA Regulations
- The Origins and Purposes of HIPAA
- Privacy Rule History and Objectives, including Responding to Emergencies
- Security Rule History and Objectives
- Breach Notification Requirements, Benefits, and Results
- HIPAA Security Rule Principles
- General Rules, Flexibility Provisions, and Responding to Emergencies
- The Role of Risk Analysis
- Security Safeguards and Enforcement, including Suspension of Enforcement for Emergencies
- Training and Documentation
- HIPAA Security Policies and Procedures and Audits
- HIPAA Security Policy Framework
- Sample Security Policy Content
- Recommended Level of Detail for Policies and Procedures
- The New HIPAA Compliance Audit Protocol
Day 02 (11:00 AM EST - 05:00 PM EST)
Day two begins with principles and methods of risk analysis for Security Rule and Breach Notification compliance and continues with a discussion of typical security issues and means for avoiding breaches and meeting compliance requirements when it comes to modern technologies, such as texting, e-mail, and social media. Finally, the day concludes with a session on the essential activities of documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits.
- Risk Analysis for Security and Breach Notification
- Principles of Risk Analysis for Information Security
- Analyzing Risks for Determination of Breach Notification
- Risk Analysis Methods
- Risk Analysis Example
- Risk Mitigation, Breach Prevention, and Compliance Remediation
- Typical Security Risks and Preventing Breaches
- Social Media, Texting, e-mail, and Privacy
- Dealing with Portable Devices and Remote Access, and Telemedicine
- Compliance Planning and Decision Making During Emergencies
- Documentation, Training, Drills, and Self-Audits
- How to Organize and Use Documentation to Your Advantage
- Training Methods and Compliance Improvement
- Conducting Drills in Incident and Breach Response
- Using the HIPAA Audit Protocol for Documentation and Self-Auditing
Who Will Benefit?
This session will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:
- Compliance director
- CEO
- COO
- CFO
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager