The session begins with overview of the HIPAA regulations and then
continues with presentation of the specifics of the Privacy Rule, such
as Individual Rights and Uses & Disclosures, and recent and expected
changes to HIPAA and other rules such as 42 CFR Part 2 regarding
Substance Use Disorder information, including the impacts of required
changes in your practices to meet the rules.
The session
continues with a detailed examination of HIPAA Security Rule and Breach
Notification requirements, including what you need to do to protect
information and what you have to do if you don't, and the session
concludes with a discussion of the essential activities of performing
risk analysis, mitigating risk issues, documenting policies, procedures,
and activities, training staff and managers in the issues and policies
they need to know about, and examining compliance readiness through
drills and self-audits, all as part of a 10-step plan for reviewing and
maintaining HIPAA compliance.
Why you should attend
The HIPAA
Officer in any HIPAA covered entity has a great deal of responsibility,
and the right answers to compliance questions are not always obvious.
The HIPAA Regulations carry significant obligations to protect the
privacy and security of Protected Health Information, and significant
penalties in the millions of dollars can result from non-compliance.
Even
if you have worked on your HIPAA compliance in the past, you could be
out of compliance today because of the changes to the rules, new
guidance, changes in how you do business and manage PHI, changes to the
threats to privacy and security, and even changes in other laws and
policies not directly related to HIPAA.
All of these changes
have an impact on your HIPAA compliance, and if you don't keep up, you
are leaving yourself open to complaints and enforcement investigations.
The HIPAA Officer needs to be up-to-date on the latest issues and be
ready to review all the aspects of HIPAA compliance now, to be sure you
are working in the right direction and are addressing the issues of
greatest importance.
Areas of the rules that have shown
compliance problems in the past are now targeted with guidance and
audits to improve and verify compliance. There is new guidance on
dealing with issues of opioid incidents. And new threats from insiders
and Ransomware could expose or destroy your private information and harm
your patients. There is plenty that can go wrong with HIPAA
compliance, but with the right training and resources you have a chance
to make your patients happy and stay out of trouble.
Who Will Benefit
- HIPAA Privacy Officers
- HIPAA Security Officers
- Information Security Officers
- Risk Managers
- Compliance Officers
- Privacy Officers
- Health Information Managers
- Information Technology Managers
- Medical Office Managers
- Chief Financial Officers
- Systems Managers
- Legal Counsel
- Operations Directors
Jim Sheldon-Dean is the founder
and director of compliance services at Lewis Creek Systems, LLC, a
Vermont-based consulting firm founded in 1982, providing information
privacy and security regulatory compliance services to health care firms
and businesses throughout the Northeast and nationally. Sheldon-Dean’s
firm provides a variety of advisory, training, assessment, policy
development, project management and mitigation services for a number of
health care providers, businesses, universities, small and large
hospitals, urban and rural mental health and social service agencies,
health insurance plans and health care business associates. He serves on
the HIMSS Information Systems Security Workgroup, the Workgroup for
Electronic Data Interchange Privacy and Security Workgroup, and
co-chairs the WEDI HIPAA Updates sub-workgroup. He is a frequent speaker
regarding HIPAA and information privacy and security compliance issues
at seminars and conferences, including speaking engagements at AHIMA
national conventions and WEDI national conferences, and before the New
York Metropolitan Chapter of the Healthcare Financial Management
Association, Health Information Management Associations of New York
City, New York State, and Vermont, the Connecticut Hospital Association,
and the Hospital and Health System Association of Pennsylvania.
Sheldon-Dean has nearly 30 years of experience in policy analysis and
implementation, business process analysis, information systems and
software development. His experience includes leading the development of
health care related Web sites; award-winning, best-selling commercial
utility software; and mission-critical, fault-tolerant communications
satellite control systems. In addition, he has eight years of experience
doing hands-on medical work as a Vermont certified volunteer emergency
medical technician. Sheldon-Dean received his B.S. degree, summa cum
laude, from the University of Vermont and his master’s degree from the
Massachusetts Institute of Technology.
The full agenda is not yet available for this event.
Follow this event to receive an alert when the agenda becomes available.
Time: 08:00 AM PDT | 11:00 AM EDT- Overview of HIPAA Privacy, Security, and Breach Notification Regulations
- Types of Entities
- Entity Relationships
- Business Associates
- HIPAA Privacy Rule and Patient Rights
- The Designated Record Set
- Access and Amendment of PHI
- Restrictions on Disclosures
- Communications and Access of Information
- HIPAA Privacy Rule and Uses and Disclosures of PHI
- Using Protected Health Information
- Disclosures to family and friends
- Disclosures to providers, care coordinators, etc.
- Disclosures to attorneys, minors and guardian issues
- Training and Documentation Requirements
- Current Hot Topics in HIPAA and Privacy
- Enforcement and Audits
- Coordination with 42 CFR Part 2 and Substance Use Disorder information
- GDPR Compliance
- HIPAA Security and Breach Notification Rule Principles
- How the Privacy, Security, and Breach Rules Work Together
- Security Safeguards and The Role of Risk Analysis
- Incident Management and Breach Reporting
- Information Security Risk Analysis
- Information Security Management Process
- Risk Analysis Methods and Example
- HIPAA Security Policy Framework
- Risk Mitigation and Compliance Remediation
- Preventing Ransomware Issues
- Discovering Improper Insider Activity
- Social Media, Texting, e-mail, and Privacy
- Portable Devices and Remote Access
- Compliance Planning
- Documentation, Training, Drills and Self-Audits
- The 10-Day HIPAA Compliance Plan
- Using Documentation to Your Advantage
- Training Methods and Compliance Improvement
- Conducting Drills in Incident Response
- Using the HIPAA Audit Protocol for Documentation
Venue
The venue is not yet available for this event.
Follow this event to be informed when the venue is available and stay informed on other changes.