The Next Few Things To Immediately Do About Hipaa Training for Compliance Officer

This 6-hour seminar will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT.
The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information regarding the do’s and don’ts with HIPAA -I want to add clarity for compliance officers and what you guys need to do and how to best implement your HIPAA program based on over 18 years of personal experience working with Federal auditors, state auditors, and corporate auditors.

We will go through multiple scenarios that are commonly faced by compliance officers and how to manage these situations
I will also speak to real life litigated cases I have worked where HIPAA is being used to justify state cases of negligence -THIS IS BECOMING A HUGE RISK!

In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).

Why you need to know 

Do you have an affective HIPAA compliance program?  Do you know what needs to be done to satisfy the requirements?
New laws, funding, and enforcement mean increased risk for both business associates and covered entities – 2017 was a record year for enforcement and fines – 2018 will be no different.

HIPAA Omnibus – Do you know what’s involved and what you need to do?

What does Omnibus mean for covered entities and business associates?

Why should you be concerned?

Court cases that are changing the landscape of HIPAA and patient’s ability to sue!

TRIAL ATTORNEYS ARE MORE DANGEROUS THAN THE FEDERAL GOVERNMENT!!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates.  You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.

About the Intructor 

Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years’ experience in Health IT and Compliance Consulting. Mr. Tuttle has worked all of those 15 years with MAG Mutual Healthcare Solutions and is now Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions (previously named MAG Mutual Healthcare Solutions). Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States .

For more to continue reading

Easy Ways You Can Turn Hipaa Compliant Into Success

The first presentation explains the history of HIPAA, why it came into being and its evolution. This covers what HIPAA is, what steps have to be performed to be HIPAA compliant and what HIPAA compliance is.  It also provides definitions to key HIPAA terms, how to define a Business Associate and how to contract with Business Associates.

The second part of the first presentation is an overview of how to manage the HIPAA compliance project.

The second session describes what a Risk Assessment is and how to perform the risk assessment. The materials take the participant through the factors of HIPAA compliance and how to perform a HIPAA Risk Assessment. This encompasses taking the participants through how to do a HIPAA Privacy Risk Assessment, how to do a HIPAA Security Assessment and how to interpret the results, set priorities and develop a plan for addressing the Risk Assessment findings.

The third session takes the participants through how to prepare a set of HIPAA Policies and Procedures. This includes how to reference the HIPAA regulations in preparing the policies and procedures, how to reference the prior HIPAA Risk Assessments and how to prepare the HIPAA training materials.

The fourth session provides the participants with an orientation of the role the IT services in the healthcare organization in addressing the organization’s HIPAA compliance. This encompasses understanding what role IT hardware and software plays in the HIPAA compliance process, what responsibilities IT vendors should have and how to work with vendors. The materials will discuss IT security in the context of an overall organization security program including the value and approach of an IT security vulnerability test.

 

In the last session participants will review what a HIPAA breach is and what to do when a HIPAA breach occurs. This includes determining if a notification occurred, notification requirements and mitigation options.

There will be a wrap up and discussion session providing an opportunity for the participants to discuss specific issues they may have or get direction regarding particular approaches for HIPAA compliance.

The need for HIPAA compliance has evolved since the HIPAA laws were passed in 1996. In addition, as technology has advanced into more use of the internet and web-based hardware and software resources, compliance has also become more difficult and complex.

Now both covered entities (providers of health care services) and their business associates (support vendors) have to implement comparable compliance measures.

Breaches are almost impossible to escape – recent studies show that approximately 90% of covered entities and business associates have had at least one breach of a patient’s protected health information.  And, HIPAA federal penalties can be significant.

Compounding the issue is that almost all states have incorporated the HIPAA regulations, in one form or another, into their state health care privacy laws and/or the courts have accepted the HIPAA regulations as the standard of care for protecting a patient’s health information.

It is important for the health care organization to know what is expected by the regulations.

To satisfy your HIPAA compliance requirements, health care management and staff need to understand the HIPAA privacy and security regulations, understand how to assess your health care organization’s HIPAA compliance status, understand the role of each of the members of your workforce in meeting your compliance requirements and know what to do if there is a breach of your patient health data.

This webinar provides an in-depth review of these subjects and leaves the participant with a solid understanding of what has to be done to be HIPAA compliant.

People who will be benefits from this

• Health Care Organization Ownership and Senior Management
• Office Management
• Business Associates
• Physicians
• Ancillary Service Organizations (Pharmacies, Labs, Radiology)
• HIPAA Compliance Professions
• Health Care System Vendors

A guide to practical Risk Management [ISO14971 and IEC62304]

Gaps, incorrect or incomplete implementation of safety functionality can delay or make the certification/approval of medical products impossible. Most activities cannot be retroactively performed since they are closely linked into the development lifecycle. Diligent, complete and correct implementation of risk management from the start of product development is therefore imperative. This course will introduce all necessary steps to design, implement and test critical medical devices in a regulatory compliant environment. This course will additionally address the software risk management and the resulting interfaces to device level risk management.

To comprehensively summarize all risk related activities and to demonstrate the safe properties of a device the ‘Safety Case’ or ‘Assurance Case’ document is a well-established method to collect all safety related information together in one place. This documentation will most likely become mandatory for all devices (currently only required for FDA infusion pump submissions). This course will introduce the basic concepts and content of safety assurance cases and will illustrate the usefulness for internal and external review of safety related information.

Risk management with emphasis on the application of risk management principles and requirements to the medical device development cycle. Risk management has become the method of choice to ensure an effective and safety oriented device development. International consensus, reflected in globally applicable standard requirements, has led to risk management being a mandatory component of almost any activity in the medical device industry.

The course will emphasize the implementation of risk management into the development and maintenance process. It will use real-life examples and proven tips and tricks to make the application of risk management a practical and beneficial undertaking. This seminar will address the system level issues of risk management as well as the increasingly important software and usability related issues of critical systems. It will help to comply with regulatory requirements with minimized overhead and resource burden. To make the combines effort to design, implement and verify a safe device transparent the concept of an assurance case will be introduced.

The course is mainly based on international consensus requirements such as ISO14971, IEC62366 and IEC62304. It will cover European (MDD), US (FDA) and international risk management requirements from a regulatory and practitioner’s perspective.

Following personnel will benefit from the course:

• Senior quality managers
• Quality professionals
• Regulatory professionals
• Compliance professionals
• Project managers
• Design engineers
• Software engineers
• Process owners
• Quality engineers
• Quality auditors
• Medical affairs
• Legal Professionals

How to interpret and use more than just a standard tool-box

How to apply statistics to manage risks and verify/validate processes in R&D, QA/QC, and Manufacturing, with examples derived mainly from the medical device design/manufacturing industry. The flow of topics over the 2 days is as follows:

• ISO standards and FDA/MDD regulations regarding the use of statistics.
• Basic vocabulary and concepts, including distributions such as binomial, hypergeometric, and Normal, and transformations into Normality.
• Statistical Process Control
• Statistical methods for Design Verification
• Statistical methods for Product/Process Qualification
• Metrology: QC Sampling Plans the statistical analysis of measurement uncertainty, and how it is used to establish QC specifications
• How to craft “statistically valid conclusion statements” (e.g., for reports)
• Summary recommendations

The various statistical methods used to support such activities can be intimidating. If used incorrectly or inappropriately, statistical methods can result in new products being launched that should have been kept in R&D; or, conversely, new products not being launched that, if analyzed correctly, would have met all requirements. In QC, mistakenly chosen sample sizes and inappropriate statistical methods may result in purchased product being rejected that should have passed, and vice-versa.

This provides a practical approach to understanding how to interpret and use more than just a standard tool-box of statistical methods; topics include: Confidence intervals, t-tests, Normal K-tables, Normality tests, Confidence/reliability calculations, Reliability plotting (for extremely non-normal data), AQL sampling plans, Metrology (i.e., statistical analysis of measurement uncertainty ), and Statistical Process Control. Without a clear understanding and correct implementation of such methods, a company risks not only significantly increasing its complaint rates, scrap rates, and time-to-market, but also risks significantly reducing its product and service quality, its customer satisfaction levels, and its profit margins.

• FDA, ISO 9001/13485, and MDD requirements related to statistical methods
• How to apply statistical methods to manage product-related risks to patient, doctor, and the designing/manufacturing company
• Design Control processes (verification, validation, risk management, design input)
• QA/QC processes (sampling plans, monitoring of validated processes, setting of QC specifications, evaluation of measurement equipment)
• Manufacturing processes (process validation, equipment qualification)

• QA/QC Supervisor
• Process Engineer
• Manufacturing Engineer
• QC/QC Technician
• Manufacturing Technician
• R&D Engineer

Dont skip this with out reading fully

Environmental, Health and Safety (EHS) Management and Audit

An environmental, health and safety (EHS) management and audit program is now a prerequisite for organizations in various kinds of business. Allied to the emergence of and developing along with the concepts of worker safety and corporate social responsibility; the environmental, health and safety audit is today a major component of an organization. Organizations that need visibility and are desirous of earning a good name should make the environmental, health and safety management and audit a part of their culture.

The practice of companies auditing their environmental, health and safety (EHS) began in the 1970’s, almost contemporaneously with the enactment of OSHA. Around that time, the environmental issue was gaining ground in the corporate circles of the West with the governments and other agencies pitching in with their efforts to create greater awareness of the impact of business activities on the environment. As a result, the thinking that the top management of an organization needs to be viewing this issue more seriously started to develop and got ingrained over the years.

Cannot be glossed over
As a result of various legislations on the issue of environmental safety; the role of the Board of Governors became central in ensuring this aspect of the business. Environmental health and safety was no longer something that needed to be administered superficially, but in formal and designated ways, more specifically in the form of an audit. In order to incentivize corporate entities to implement environmental health and safety (EHS) management and audit; the trend started moving towards making these activities carry value addition to the organization.

Environmental health and safety management and audit is now a more formalized activity that needs to be carried out in a proper, set and well-defined manner. The processes that go into the EHS management and audit are clearly laid out in the form of standards such as the ISO 14001 standard, which is essentially an Environmental Management System (EMS) audit. To strengthen and enrich the audit activity and round it better; a few related and parallel standards such as the relevant parts of the 9000 family of standards, which deals with quality management, and 18000 series audits can be carried out with ease to supplement the environmental, health and safety audit.

Role of environmental health and safety (EHS) management and audit
Environmental health and safety (EHS) management and audit have now evolved into being a practice that is coupled with and fused into many business-related activities. The practice now is to make an environmental health and safety management and audit an inseparable part of the Quality Management System. Environmental health and safety (EHS) management and audit audits are now a sure means to ensure that the organization has a reputation for corporate social responsibility by implementing this audit.

Aspects of an environmental health and safety management and auditThe aim of environmental health and safety management and audit is to instill the EHS right from the top management down to the line level employee. A properly carried out EHS management and audit system should ideally take these factors into consideration:

Click to Continue Reading

200+ followers. WOWWWWWW…

Hello Everyone,

Today we have the pleasure of celebrating the fact that we have reached the milestone of 200+ followers on WordPress. Since we started this blog, we have had such a great time connecting with everyone.  we never expected to actually to connect with other people in the blogging community.

we are so incredibly thankful for each and every one of you who follows and comments on my blog posts. Please know that!

we would continue our blogging in these areas FDA Regulation, Medical Devices, Drugs and Biologics, Healthcare Compliance, Biotechnology, Clinical Research, Laboratory Compliance, Quality Management ,HIPAA Compliance ,OSHA Compliance, Risk Management, Trade and Logistics Compliance ,Banking and Financial Services, Auditing/Accounting & Tax, Packaging and Labeling, SOX Compliance, Environmental Compliance, Microsoft Excel Spreadsheet, Geology and Mining, Human Resources Compliance, Food Safety Compliance and etc.

Get more article – https://www.globalcompliancepanel.com/freeresources/resource-directory

Please follow us on

Facebook – https://www.facebook.com/TrainingsAtGlobalCompliancePanel

Twitter – https://twitter.com/gcpanel

LinkedIn – https://www.linkedin.com/company/10519587/admin/updates/

Business Process Management in Healthcare helps reduce inefficiencies

For many years before the advent of automation and computerization ,healthcare processes, such as billing, admissions, and many elements of care were carried out manually. Although it was a capable method to quite an extent, it relied on the use of the manual process or the human method. This was always prone to mistakes and errors, because humans are prone to committing errors that can creep in even with the best of intentions, as a result of which the healthcare industry ended up losing billions of dollars that could otherwise have gone into meaningful forms of investment.

A result of technological developments

This is why Business Process Management (BPM) in Healthcare came into existence with the advent of and as a byproduct of automation. Business process management in healthcare is being considered a major step in helping healthcare settings reduce costs and inefficiencies. When a unit implements business process management in healthcare; there is an automatic reduction in errors and inefficiencies. Let us see how:

Impetus from the higher authorities

There is now a general tendency and effort to push for automation in the healthcare industry. Even the American Congress has been aggressively pushing for reforms in the healthcare industry, a prime feature of which is fostering business process management in healthcare. Overall, BPM in healthcare is a means for improving efficiencies throughout the healthcare chain and bringing about greater integration and accountability through automation.

Core areas of business process management in healthcare

Business process management in healthcare is useful across the healthcare process chain, but is particularly so in at least there important areas:

Billing:This is one of the prime areas in which business process management in healthcare can make a huge difference. With complete automation of this critical area of business, healthcare units ensure that there is total coordination and traceability of the billing process.

Software:Apart from billing, another area in which business process management in healthcare helps tremendously is software. Software applications can bring about a huge change in the speed of operations. This area of BPM in healthcare reduces the need for human intervention at various stages of the business process.

Big data:Another of the areas in which business process management in healthcare holds huge promise is big data. Big data can help to make sense of various data used in healthcare administration and disease management across entire geographies. This makes the role of business process management in healthcare all the more meaningful and exciting.

 

Click to Continue Reading

The increasing role of the social media in healthcare

 

With the social media having moved beyond being a platform for sharing personal information; its role in healthcare has nearly exploded of late. This is mainly because the growth of the social media has more or less coincided with that of the electronic records in healthcare.

Whatever the identifiable or unidentifiable reasons for the convergence of social media in healthcare; the fact is that social media in healthcare is a major phenomenon that is here to stay.

Social media in healthcare is being analyzed for potentially huge business opportunity, and it is being taken up for serious discussion in legal circles, with the American Congress and many other legislative bodies around the world thinking of taking serious steps for regulating it.

The most fundamental aspect of social media in healthcare is that its growth has been helped by the core feature it brings: its ease of adaption in this sector. Healthcare information, as we all know, is very vital, and speed is of great importance. This is why social media in healthcare has come to be one of the most talked about scenarios in the healthcare today, propped in no less measure by the gigantic size of the American healthcare economy.

The advantages social media brings into healthcare

 

As just seen, the social media in healthcare facilitate great use because they help transmit information at a pace that was difficult to imagine till recently. With the development of the electronic health records (EHR) in the US, technology has made possible the customization of health records. A platform like the social media can help accelerate this pace enormously. It can also help practitioners and other stakeholders of healthcare information, such as Business Associates and Covered Entities and a host of related ones gather information and transmit it and process it at lightning speed.

Concerns

The enormous benefits that the social media bring into healthcare notwithstanding; there is room for serious concern.

Like all other technology-driven tools, the social media in healthcare comes with an inherent risk: the laxity of records. Loose or nil security or healthcare records are a serious cause for concern. The recent breaches in health data have cost many healthcare organizations in the US millions of dollars.

The social media in healthcare give an opportunity for marketers to pitch their products or services, but they also open up lots of opportunity for the unscrupulous among these to exploit and manipulate this information. This is akin to the potential drawbacks credit cards and other such facilities bring. The social media in healthcare is a tool that is open to a high degree of vulnerability to breach. This is all the more true of new technologies, such as the cloud, which the social media in healthcare have embraced with open arms.

So, while the social media in healthcare is a force to reckon with, it is not something that is totally free of drawbacks. Till regulatory action frees the sector of these, the social media in healthcare will continue to grow, albeit with its concerns.

 

click to continue reading

Export, Import and Trade Compliance Principle – an understanding

Export, import and trade compliance principle is a very important guiding standard for governing trade policies and ensuring compliance with the set national, regional and global trade norms. It helps to define an organization’s adherence to the export, import and trade compliance principle laid out by the government and also offers an understanding of the government’s outlook and stance in these matters.

There are two aspects of the export, import and trade compliance principle:

General export, import and trade compliance principles

 

As can be understood from the description of the concept of export, import and trade compliance principle; export, import and trade compliance principles laid out by the government and requiring compliance with their guidelines are fixed. Organizations cannot manipulate or tamper them. Doing so, naturally, invites penalties.

However, the export, import and trade compliance principles set out by individual companies are conditioned by their own ethics and culture. These are a reflection of how organizations carry out their export, import and trade compliance principle, something that they themselves have laid out.

Adapting the right export, import and trade compliance principle and implementing it is a reflection of how well the organization understands the business and the market and how well it is able to maintain its integrity among its circles. Needless to say, an organization that says one thing and does another is seen in a negative light by its peers.

 

Organizations specialize in helping to implement export, import and trade compliance principle

 

Just as there are many organizations which are in the business of ensuring many complex fields such as governance, risk and compliance (GRC) and technology compliance; several organizations specialize in helping organizations implement both the export, import and trade compliance principle as laid out by the government, and their own export, import and trade compliance principles.

Whether an organization gets its export, import and trade compliance principle implemented through an outside, third party or does it on its own; there is no escaping the fact that export, import and trade compliance principle is something that is mandatory to state and implement accordingly.

Overlaps and alignments of organizational, governmental and trade bloc requirements

Even when organizations draw up their own export, import and trade compliance principle; they are bound to include the latest and relevant regulations, policies and procedures as laid out by the government. Many internal export, import and trade compliance principles and external (those prescribed and required by the government) overlap on many occasions with those of trade blocs such as the North American Free Trade Agreement (NAFTA), European Union Preferential Trade Agreement, Association of Southeast Asian Nations (ASEAN), Mercosur, etc. Export, import and trade compliance principles from these different sources should align with each other.

Reasons for export, import and trade compliance principle implementation

 

The export, import and trade compliance principles laid out by respective governments are in place because of many important reasons.

 

click to continue reading

Data Mining and Signal Detection in Pharmacovigilance

A signal is described by the World Health Organization as any information that is reported on a possible or potential causal relationship between a drug and the adverse event it spawns. This relationship can be of virtually any nature, so long as it concerns the drug and the subject, and it could be either new or one with a precedent.

Data mining can be described as the method of obtaining data from target groups to help the clinical study come to important assessments and conclusions. Many a time, it is not clear whether a drug’s expected benefits outweighs the potential risks it brings about or vice versa, till the drug goes for marketing authorization. In order to assess this to the extent possible, clinical pharmacologists weigh the benefit and risk evaluation of medicines using tools such as data mining. Data mining is done both at the individual level of a subject and at the macro level of the population at large. These two methods are usually inseparable from each other, in that almost no study is done exclusively for one group.

Given its ability to help pharmacologists discern the various patterns that emerge from a clinical study; data mining is acquiring a position of importance of late and is being used in almost all stages of drug development. This could range from the earliest stage, namely drug discovery and could go up to post-marketing surveillance.

The WHO’s Uppsala Monitoring Centre

In order to make the results of very clinical study done in every part of the world accessible to everyone – a formidable task without doubt – the WHO has formulated the Uppsala Monitoring Center. This is a universal database of all the results obtained from clinical research the world over. Although voluntary and missing data from a many studies; the UMC is a comprehensive attempt at establishing a data mining and signal detection system that is accessible to everyone concerned. The UMC can thus be considered the universal data mining and signal detection database.

With over 2.5 million case reports of various clinical studies done all around the world, the UMC has evolved over time as a data mining and signal detection database. It initially started by requiring principals of clinical studies to generate new drug and Adverse Drug Reactions (ADR) combinations every three months. With the growth in the number of studies and the variety of issues they threw up; this was no longer considered feasible.

The UMC then started out to create its own method, by which the principles of making an objective initial assessment of all new drug and ADR combinations started getting implemented as they emerged. To this were added the requirements of bringing about a transparent selection of drug – ADR combinations for review, as well as suggest a quantitative aid to data mining and signal detection.

Today, the UMC uses several methodologies to carry out its task of being at the forefront of data mining and signal detection. It uses the Bayesian Confidence Propagation Neural Network, which uses Bayesian statistics within the architecture of a neural network for data mining and signal detection.

click to continue reading