This two-day seminar takes the participants through HIPAA compliance from start to compliance.
The first presentation explains the history of HIPAA, why it came to being, and its evolution. This covers what HIPAA is, what steps have to be performed to be HIPAA compliant and what HIPAA compliance is. It also provides definitions to key HIPAA terms, how to define a Business Associate and how to contract with Business Associates. The second part of the first presentation is an overview of how to manage the HIPAA compliance project. At the end of these presentations there will be a workshop to demonstrate how to use these tools.
The second session describes what a Risk Assessment is and how to perform the risk assessment. The materials take the participant through the factors of HIPAA compliance and how to perform a HIPAA Risk Assessment. This encompasses taking the participants through how to do a HIPAA Privacy Risk Assessment, how to do a HIPAA Security Assessment and how to interpret the results, set priorities and develop a plan for addressing the Risk Assessment findings. The end of this session will encompass a short workshop demonstrating how to use the Risk Assessment tools discussed in the presentation
The third session takes the participants through how to prepare a set of HIPAA Policies and Procedures. This includes how to reference the HIPAA regulations in preparing the policies and procedures, how to reference the prior HIPAA Risk Assessments and how to prepare the HIPAA training materials. At the end of the session, there will be participant workshop on how to prepare a HIPAA policy and procedure.
The day's last session shows the participants how to develop and give a HIPAA training session. The materials present the basics of what needs to be included in the training program, who has to be trained and how to conduct the training.
The first session of the second day provides the participants with an orientation of the role the IT services in the healthcare organization in addressing the organization's HIPAA compliance. This encompasses understanding what role IT hardware and software play in the HIPAA compliance process, what responsibilities IT vendors should have, and how to work with vendors. The materials will discuss IT security in the context of an overall organization security program including the value and approach of an IT security vulnerability test. At the end of this session, there will be a discussion of issues facing the participants and how they can use the information in this session in their own organizations.
The second session of the second day focuses on an area often missed in performing HIPAA assessments: the business continuation and disaster recovery planning. This session takes the participants through the process of considering what can/may happen that could put the healthcare organization out of business and how to develop methods for mitigating those risks. At the end of this session, there will be a sample assessment discussion and workshop.
In the third session, participants will review what a HIPAA breach is and what to do when a HIPAA breach occurs. This includes determining if a notification occurred, notification requirements and mitigation options. At the end of this session, there will be a round table discussion of the issues related to breaches as they affect the participants.
The last session will be a wrap up and discussion session providing an opportunity for the participants to discuss specific issues they may have or get direction regarding particular approaches for HIPAA compliance.
Why you should attend:
Although healthcare news and the Internet are replete with articles and descriptions of the HIPAA privacy and security regulations, there remain many misconceptions of what these regulations mean to healthcare organizations and what they, and their Business Associates, need to do to become compliant. Healthcare organizations know they have to secure patient health care information. However, a number of questions need to be answered to meet that goal.
What does this mean? Do the HIPAA regulations apply to the organization? What are the organization's risks and how does the organization mitigate these risks? What does the organization have to do and how does the organization do it? What role does the organization's computer resources have in the risks? How safe is my computer and paper patient information? How does the organization know if its computer resources provide the needed features and functions for the organization to become compliant? What resources are needed and what do these resources need to do? What is a Risk Assessment and why does the organization need one? Does the organization need an attorney or a consultant? How does the organization know if it is compliant? What is a breach and how does the health care organization know if a breach occurred? What happens if there is a breach? What effect do the use of social media (Facebook, Twitter, etc.) and mobile devices (iphones, ipads and laptops) have on the organization's ability to be HIPAA compliant? What is a Business Associate and how does the organization work with the Business Associates? What are the potential penalties - both organizational and individual? Should the organization consider HIPAA insurance?
Should a breach occur, the penalties will depend upon the diligence the organization used to answer these questions and become compliant. Answering these questions and developing and executing a plan to become compliant is critical to ensuring that the organization commits the needed resources and attains the desired result.
Areas Covered in the Session:
• What is HIPAA, who is covered and what is HIPAA Compliance
• Why the healthcare organization should be concerned about HIPAA compliance
• How to perform a HIPAA Risk Assessment
• How to prepare HIPAA Policies and Procedures
• How to perform HIPAA Training
• What is IT's role in the healthcare organization's HIPAA Compliance
• How to prepare a Business Continuation/Disaster Recovery Plan
• How to handle a potential HIPAA Breach
Who Will Benefit:
• Health Care Organization Ownership and Senior Management
• Office Management
• Business Associates
• Ancillary Service Organizations (Pharmacies, Labs, Radiology)
• HIPAA Compliance Professions
• Health Care System Vendors
Day 1 Schedule
Introduction of History of HIPAA; How to Manage the HIPAA Compliance Project
How to Perform a HIPAA Risk Assessment
Developing HIPAA Policies and Procedures
Performing HIPAA Training
Day 2 Schedule
IT role in HIPAA compliance
How to Develop a Disaster Recovery/Business Continuation Plan
How to Handle a HIPAA Breach
Wrap Up and Discussion
HIPAA Professional, GPSJWB, LLC
Jim Wener has over 40 years of experience in assisting health care organizations - both providers and payers- in identifying their automation requirements and helping these organizations select and successfully implement the automation most applicable for their needs. Since 1996 he has been an active lecturer, trainer and HIPAA assessment consultant helping a variety of health care providers (hospitals, payers, clinics and individual physician practitioners) become HIPAA compliant. He developed the IBM HIPAA assessment and training products for their consulting practice. Mr. Wener is a certified HIPAA consultant and has authored articles regarding various topics on the subject. His HIPAA consulting practice offers comprehensive HIPAA privacy and security consulting tools, practice walkthrough assessment tools, a full set of HIPAA privacy and security policy and procedures templates, training presentations and a breach mitigation tool - all geared and used by small and large health care organizations.