This training on HIPAA omnibus rule will focus on the HIPAA Security Rule requirements and the new breach determination requirements in the updated HIPAA Breach Notification Rule, and show how the two are related in a good compliance program. Attendees will also learn best practices to prepare for HIPAA audit.
For the Security Rule, this session will explain what is called for in the rule and show a way to approach the work in an organized way that saves effort and produces meaningful results, with examples of how to conduct the risk analysis.
For the updated Breach Notification Rule, the instructor will explain how the new process differs from the old “harm standard” that has been removed from the rule. If none of the defined exceptions for notification apply, the breach is reportable unless you can show, by a risk analysis, that there is a “low probability of compromise.” The risk analysis must include at least four factors:
Why Should You Attend:
This webinar will cover the requirements for risk analysis and assessment in the HIPAA rules and provide a framework for analysis of risks for compliance with HIPAA Security Rule requirements (in §164.308(a)(1)) and the new breach determination requirements in the updated HIPAA Breach Notification Rule, and show how the two are related in a good compliance program. It will show how to go about assessing your risks and organizing your compliance plan, and show how having that information makes it easier to assess risks in the event of a breach.For the Security Rule, this session will explain what is called for in the rule and show a way to approach the work in an organized way that saves effort and produces meaningful results, with examples of how to conduct the risk analysis.
For the updated Breach Notification Rule, the instructor will explain how the new process differs from the old “harm standard” that has been removed from the rule. If none of the defined exceptions for notification apply, the breach is reportable unless you can show, by a risk analysis, that there is a “low probability of compromise.” The risk analysis must include at least four factors:
- What the data is, how well identified is it, and how sensitive it is
- To whom the data was improperly disclosed
- Whether or not the information was actually viewed or accessed
- How the breach was mitigated.
- Issues with any one of the four factors can require reporting the breach. The instructor will explain how to consider these factors.
- This webinar will also include information on HIPAA Audits and how to be prepared to show that you have the right policies and procedures in place and are using them. To withstand random audits and investigations of non-compliance that may result from a breach report or complaint, thorough documentation of compliance-related activity is required. The instructor will explain how to document your compliance using the HIPAA Audit Protocol as a guide, so you can be sure to avoid trouble if HHS asks questions about your compliance.
Areas Covered in the Webinar:
- The requirements of the HIPAA Security Rule
- The elements of a HIPAA Security Risk Analysis
- The significant changes to the HIPAA Breach Notification Rule
- Use of Risk Analysis in the new HIPAA Breach Notification process.
- A framework of security policies.
- Typical policy considerations for laptops and portable devices, and their security
- How to use Risk Analysis to deal with difficult compliance issues, such as texting and social networking.
- Tools to be used for policy management and documentation.
- How to adopt policies, train on them, and conduct drills on them.
- The HIPAA Audit Protocol, and its use as a compliance tool
Who Will Benefit:
This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:- Compliance director
- CEO
- CFO
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Compliance Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
Course Provider
Jim Sheldon-Dean,