3-hr Virtual Seminar - HIPAA Security Policies and Procedures: New finalized regulations bring new obligations

Why Should You Attend:

This session will discuss the most common information security issues and breaches so you will know what to concentrate on first in your compliance efforts.

Learn what it takes to get in compliance and stay there, even as your operations and environment change. We will cover the administrative, physical and technical safeguards that are necessary and what policies they call for, and how you decide what’s right for HIPAA security compliance for your organization. This virtual seminar will provide the background and details necessary to develop an understanding of the origins of the HIPAA security regulation and the process used in complying with the rule, which leads, inevitably, to the adoption of policies and procedures.

The speaker will lay out a structure for the set of policies needed and identify the topic areas that policies should include, making it easier to deal with the dozens of policy details that are required.

Learning Objectives:

• Learn how the HIPAA Security regulations fit into various security regulations and standards.
• Find out how the HIPAA Security Rule helps you establish your security management process.
• Discover how your information security process can be used to stay compliant.
• Learn how risk analysis helps you prioritize your security efforts.
• Find out what safeguards must be considered in the HIPAA Security Rule.
• Find out about the expanded enforcement and auditing efforts now under way.
• Discover how to organize your security policies so they are easier to use.
• Learn the topics that should be covered in a set of security policies.
• Find out how to organize your documentation so it can help you when you need it.
• Learn about new regulations and how they relate to HIPAA Security compliance.
• Learn how Business Associates and their contractors are treated under the new regulations.

Areas Covered in the Seminar:

• Requirements for HIPAA Security Policies and Procedures.
  • Why We Need Policies and Procedures?
  • HIPAA Security General Rules and Flexibility.
  • The Information Security Management Process.
• What the HIPAA Security Rule Calls For.
  • Risk Analysis.
  • Safeguards.
  • Business Associates.
• Security Policy Framework.
  • Information Security Management Process Policy.
  • Information System Access Management Policy.
  • Backup, Disposal, and Contingency Planning Policy.
  • Information System User Policy.
• Documentation, Enforcement, and Audits.
  • Documentation Requirements and Benefits.
  • New Enforcement and Penalties.
  • HIPAA Security Rule Audit Examples.
• Typical Issues.
  • Issues Reported by HHS OCR.
  • Lessons Learned.
  • Laundry List of Issues.

Who Will Benefit:

• Information Security Officers
• Risk Managers
• Compliance Officers
• Privacy Officers
• Health Information Managers
• Information Technology Managers
• Medical Office Managers
• Chief Financial Officers
• Systems Managers
• Legal Counsel
• Operations Directors
• Medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.)

Instructor Profile:

Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before regional HFMA chapter meetings and state hospital associations.

Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Topic Background:

The HIPAA Security Rule, in place and as recently amended, calls for all Covered Entities and Business Associates, and their subcontractors, to be in compliance with provisions protecting all kinds of electronic protected health information, including the adoption of a complete set of information security policies and procedures.

While many entities have gone through the processes necessary for HIPAA Security Rule compliance, many are only partially in compliance and have not adopted the policies and procedures necessary for compliance. Many may be doing many of the right things for compliance, but have not documented their policies and procedures and compliance activities as required. And many may be exposing themselves to potential breaches of security because of inadequate, undocumented security practices, policies, and procedures.

In addition, a whole new class of entities, Business Associates and their subcontractors, is now covered directly under the HIPAA Security Rule, and all such entities must now meet the same safeguard requirements as the entities that hire them, including the adoption of HIPAA Security Policies and Procedures.
Now there are new, increased penalties for HIPAA violations and a new auditing process is being developed so that HIPAA covered entities will be subject to reviews by the US Department of Health and Human Services' Office for Civil Rights even if no one files a complaint.

If you haven’t done what’s required under the HIPAA Security Rule, you could be liable for willful neglect penalties that begin at $10,000 minimum and go up from there. You need the proper protections to secure protected health information, and the necessary documented policies and procedures, as well as documentation of any actions taken pursuant to your policies and procedures.

What's more, with the breach notification regulations established in 2009, the costs of not properly securing your data have increased dramatically. With the ever-increasing use of electronic records and systems, and changes in how you do business, now is the time to review and renew your information security program, make sure you have the policies you need, and avoid violations and penalties for non-compliance. Having the right policies and procedures in place can help prevent problems, and show that you've been doing your best even if a problem arises.

Follow us :