Category: HIPAA rules

The Next Few Things To Immediately Do About Hipaa Training for Compliance Officer

It will also address major changes under the Omnibus Rule and any other applicable updates.

This 6-hour seminar will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT.
The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information regarding the do’s and don’ts with HIPAA -I want to add clarity for compliance officers and what you guys need to do and how to best implement your HIPAA program based on over 18 years of personal experience working with Federal auditors, state auditors, and corporate auditors.

We will go through multiple scenarios that are commonly faced by compliance officers and how to manage these situations
I will also speak to real life litigated cases I have worked where HIPAA is being used to justify state cases of negligence -THIS IS BECOMING A HUGE RISK!

In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).

Why you need to know 

Do you have an affective HIPAA compliance program?  Do you know what needs to be done to satisfy the requirements?
New laws, funding, and enforcement mean increased risk for both business associates and covered entities – 2017 was a record year for enforcement and fines – 2018 will be no different.

HIPAA Omnibus – Do you know what’s involved and what you need to do?

What does Omnibus mean for covered entities and business associates?

Why should you be concerned?

Court cases that are changing the landscape of HIPAA and patient’s ability to sue!

TRIAL ATTORNEYS ARE MORE DANGEROUS THAN THE FEDERAL GOVERNMENT!!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates.  You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.

About the Intructor 

Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years’ experience in Health IT and Compliance Consulting. Mr. Tuttle has worked all of those 15 years with MAG Mutual Healthcare Solutions and is now Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions (previously named MAG Mutual Healthcare Solutions). Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States .

For more to continue reading

The EU Clinical Trial Regulation – EU Filings & Registrations

Strategies for streamlining the registration application process for faster approval.

The course also covers recent updates on EU-GCP associated with the new regulatory framework and highlights of the new EU Pharmacovigilance Directive, as it relates to studies and helpful tips into working with the European regulators. The webinar covers the impending changes coming with the EU Parliament passage of the EU Clinical Trial Regulation, which will affect all trials conducted across the EU [new and ongoing].

This course also covers the various licensing methods (for Drugs, Biologics & Combination Products) by which applicants can file for product licenses (Marketing Authorizations) in one or multiple Member States [and EEA], as well as fully across all Member States of the European Union. This course specifically outlines and discusses the structure of the regulatory agencies at the EU-level and across specific Member States. Course content will explain which procedures are available for which products and then will follow the license processing steps for each pathway.

Attendees will leave the Course clearly understanding the requirements under the current Regulations. In addition, this Course has been updated to provide participants with competitive insight into:

  • How the EU and individual countries within Europe interact
  • Which registration procedure to use
  • How regulations effect product development strategies
  • Understanding the concerns/issues of European Regulatory Personnel
  • How to negotiate with the regulators
  • Information necessary for effective submissions
  • Strategies for streamlining the registration application process for faster approval
  • The advantages and disadvantages of various registration procedures
  • How to efficiently initiate trials first patient, first visit
  • How to link the strategy of Country Selection to an ultimate EU registration pathway
  • How to stay compliant What can make the difference in your data passing Regulatory scrutiny
  • Related area-GCP and PV-reporting updates
  • Impending Changes of the EU Clinical Trial Regulation and timing for Implementation

Who will get the benefit:

  • Business Management
  • Project Team Members
  • Legal Team Members
  • Clinical Operations Staff
  • Quality Assurance, Monitors, CRAs
  • Regulatory Affairs
  • Investigators & Site Study Staff
  • CROs, Consultants, Insurers

Click to more

Want To Step Up Your HIPAA? You Need To Read This First

You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices.

Confused about all of the misinformation relating to HIPAA, what you can and can’t do?

Join me in the six-hour virtual seminar and let me get those questions FINALLY answered for you once and for all!

There is unfortunately a lot of confusion about transmissions of protected health information and what we as business associates and covered entities need to do and what we SHOULD NOT do!

Join me in this six-hour virtual seminar as we discuss the do’s and don’ts regarding texting and emailing along with any other sorts of transmissions of protected health information!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, emailing, and transmission in general of protected health information (PHI).

You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices.

I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence to minimize risk.
These day’s trial attorney’s pose a higher risk than the Federal government!

I will uncover myths versus reality as it relates to this very enigmatic law based on over 1000 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors.

I will speak on specific experiences from over 18 years of experience in working as an outsourced compliance auditor, expert witness on multiple HIPAA cases in state law, and thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information.

More importantly I will show you how to limit those risks by simply taking proactive steps and utilizing best practices.
Don’t always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required.

Seminar on HIPAA 2019 | HIPAA Security Risk Assessment | What’s new?

Description:

This two-day seminar will get into the fine details of what we need to do and how to do it.

We will go point by point through the entire HIPAA Security Rule and uncover simple methods to comply and create policy.

The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information all over regarding the do’s and don’ts with HIPAA – I want to add clarity for compliance officers

It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

Why you Should attend:

Join me in this two day seminar to explore what’s new with HIPAA both from a regulation standpoint (new requirements) and an enforcement standpoint

Omnibus has changed the HIPAA landscape for good!

Do you know all of the requirements of this enigmatic law?

Are you abiding by them?

My goal is to make this extremely complex enigma known as “HIPAA” very easy to understand with a painless step by step approach to an otherwise harrowing task… Times have changed and new laws are now in place concerning protected health information. The best way to protect your practice or business and save yourself future headaches and possible litigation or Federal fines is to be proactive instead of reactive

This once rarely enforced law has changed and you need to know what’s going on!

Protect your practice or business!

 

Areas Covered in the Session:

Study all 18 Standards and 44 Implementation Specifications of the regulations

Updates for 2019

Requirements of Compliance Officers

New definition of what constitutes protected health information

Real life litigated cases

BYOD

Portable devices

Business associates and the increased burden

Emailing of PHI

Texting of PHI

Federal Audit Process

HIPAA and suing – how this works

Risk Assessment

Who Will Benefit:

Practice managers

Any business associates who work with medical practices or hospitals (i.e. billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc)

MD’s and other medical professionals

Agenda:

Day 1 Schedule

Lecture 1:

HIPAA a Brief History

Lecture 2:

HIPAA Privacy vs Security

Lecture 3:

New definition of what constitutes protected health information

Lecture 4:

HIPAA and the Business Associate

Lecture 5:

Through examination of all 18 Standards and 44 Implementation Specifications of the HIPAA Security Rule and how to apply them

Lecture 6:

How to enforce policy for each standard and implementation specification

Lecture 7:

HIPAA and litigation

Day 2 Schedule

Lecture 1:

The Federal Audit Process and things to be ready for

Lecture 2:

HIPAA and Suing – how this works and examples of real cases

Lecture 3:

Technology and HIPAA – best practices and big “no-no’s”

Lecture 4:

Ransomware, Viruses, bad technology

Lecture 5:

HIPAA Texting and Emailing – myth vs reality

Lecture 6:

Personal Devices and HIPAA

Lecture 7:

HIPAA and the Audit Process

Lecture 8:

How to conduct a HIPAA Security Risk Assessment

Speaker:

Brian L Tuttle

ex-FDA Expert and former Associate Center Director of CDRH

Brian L Tuttle is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 18 years’ experience in Health IT and Compliance Consulting.

With vast experience in health IT systems (i.e. practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 18 years’ experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as compliance consultant and has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.

Location: Miami, FL Date: April 18th & 19th, 2019 and Time: 9:00 AM to 6:00 PM

Venue:  Hyatt Place Miami Airport East, 3549 NW 42nd Ave, Miami, FL 33142, USA

Price:

1 ATTENDEE $2,000, Register for 1 attendee

5 ATTENDEES $10,000, Register for 5 attendees

10 ATTENDEES $20,000, Register for 10 attendees

Until March 10, Early Bird Price: $2,000.00, From March 11 to April 16, Regular Price: $2,200.00

Sponsorship Program benefits for seminar

For More Information

Contact us today!

NetZealous LLC DBA GlobalCompliancePanel

globalcompliancepanel@gmail.com

Toll free: +1-800-447-9407

Phone: +1-510-584-9661

Website:

Registration Link

Follow us on LinkedIn:

Like us our Facebook page:

Follow us on Twitter:

Virtual Seminar on HIPAA Training for Compliance Officer

This 6-hour seminar will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT.

The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information regarding the do’s and don’ts with HIPAA -I want to add clarity for compliance officers and what you guys need to do and how to best implement your HIPAA program based on over 18 years of personal experience working with Federal auditors, state auditors, and corporate auditors.

We will go through multiple scenarios that are commonly faced by compliance officers and how to manage these situations

I will also speak to real life litigated cases I have worked where HIPAA is being used to justify state cases of negligence -THIS IS BECOMING A HUGE RISK!

In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).

Why you should attend

Join me in this in depth 6-hour seminar where we will get into the nitty-gritty about the roles and responsibilities of a HIPAA Compliance Officer.

Do you have an affective HIPAA compliance program? Do you know what needs to be done to satisfy the requirements?

New laws, funding, and enforcement mean increased risk for both business associates and covered entities – 2017 was a record year for enforcement and fines – 2018 will be no different.

HIPAA Omnibus – Do you know what’s involved and what you need to do?

What does Omnibus mean for covered entities and business associates?

Why should you be concerned?

Court cases that are changing the landscape of HIPAA and patient’s ability to sue!

TRIAL ATTORNEYS ARE MORE DANGEROUS THAN THE FEDERAL GOVERNMENT!!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates. You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.

Who Will Benefit

  • Practice Managers
  • Any Business Associates who work with medical practices or hospitals (i.e. billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc)
  • MD’s and other medical Professionals

Agenda

  • Updates for 2019
  • Requirements of Compliance Officers
  • New definition of what constitutes protected health information
  • Real life litigated cases
  • BYOD
  • Portable Devices
  • Business associates and the increased burden
  • Emailing of PHI
  • Texting of PHI
  • Federal Audit Process
  • HIPAA and suing – how this works
  • Risk Assessment
  • Ransomware and how to avoid
  • What to do when a breach occurs
  • Best Resources

Speaker Profile

Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years’ experience in Health IT and Compliance Consulting. Mr. Tuttle has worked all of those 15 years with MAG Mutual Healthcare Solutions and is now Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions (previously named MAG Mutual Healthcare Solutions). Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States .

Click Here to Continue Reading

How Covered Entities and Business Associates Can Comply Calmly, Confidently and Completely with the HIPAA Rules

HIpaa Blog wpress

Any business organization that is involved in creating, receiving, transmitting and maintaining Protected Health Information (PHI) has to comply with the requirements set out in Health Insurance Portability and Accountability Act (HIPAA). Such businesses, called Business Associates, since they carry out these functions on behalf of what are called Covered Entities; are legally obliged to show compliance with the provisions of HIPAA, whose main aim is to protect the privacy and confidentiality of patient information.

So, any Business Associate has to know how to comply with the provisions of HIPAA. Considering that the provisions of HIPAA have undergone major changes from the time of its enactment in 1996 up until 2013; Business Associates often find that showing compliance with the provisions of this legislation is complex. But failing to do so attracts hefty fines and penalties.

Understanding HIPAA provisions is the key to implementation

Although HIPAA implementation appears somewhat intimidating at first glance, in reality, it is not so. It can be implemented with ease and felicity in a manner that meets all the regulatory requirements. How? By breaking down the requirements into separate parts. The ways of taking this very sensible and commonsensical approach to HIPAA implementation by Business Associates and their Covered Entities, will be the subject of a very useful two-day seminar that is being organized by GlobalCompliancePanel, a highly reputed provider of professional trainings in the areas of regulatory compliance.

Overcoming HIPAA Compliance Challenges 

HIPAA Compliance

Taking the right steps to HIPAA implementation

He will, for instance, highlight the role of the social media and how to use the electronic media for staying updated and thus reducing the crucial element of time. He will also highlight the importance of managing risks in HIPAA compliance. This is all the more critical, considering that the Office of Civil Rights (OCR) has found that a shockingly high 94% of Covered Entities failed the Risk Management audit and about 87% failed the Risk Analysis audit. This was despite the fact that every Covered Entity knew well in advance of the upcoming audit, and had filled up a pre-audit questionnaire, which gave them a clear idea of what was to come in terms of the questions that HIPAA inspectors would be asking them, and what documentation were needed from them.

The central aim of this learning session is to help participants understand how Business Associates and Covered Entities can take simple and easy steps to stay compliant, so that they don’t have problems in meeting HIPAA requirements for compliance.

Learning at this highly valuable Areas:

  • Thorough Understanding of HIPAA Rules
  • What they are
  • How they work together
  • Why and How they were made
  • How they are changing and what to expect next
  • HIPAA Risk Analysis – Risk Management for Your Organization
  • A Practical Guided Exercise done in class on your computer to take home
  • Privacy and Security Rules – Permitted and Required Uses and Disclosures
  • What information must be protected
  • Administrative, Technical and Physical Safeguards
  • Social Media, Texting and Emailing Patients
  • The inter-connected, inter-dependent relationship of Covered Entities and Business Associates
  • What is, and what is not a Reportable Breach of Unsecured PHI

http://www.fertilitybridge.com/blog/hipaaandsocialmediawithpaulhales

 

200+ followers. WOWWWWWW…

followed- 200

Hello Everyone,

Today we have the pleasure of celebrating the fact that we have reached the milestone of 200+ followers on WordPress. Since we started this blog, we have had such a great time connecting with everyone.  we never expected to actually to connect with other people in the blogging community.

we are so incredibly thankful for each and every one of you who follows and comments on my blog posts. Please know that!

we would continue our blogging in these areas FDA Regulation, Medical Devices, Drugs and Biologics, Healthcare Compliance, Biotechnology, Clinical Research, Laboratory Compliance, Quality Management ,HIPAA Compliance ,OSHA Compliance, Risk Management, Trade and Logistics Compliance ,Banking and Financial Services, Auditing/Accounting & Tax, Packaging and Labeling, SOX Compliance, Environmental Compliance, Microsoft Excel Spreadsheet, Geology and Mining, Human Resources Compliance, Food Safety Compliance and etc.

Get more articlehttps://www.globalcompliancepanel.com/freeresources/resource-directory

Please follow us on

Facebook – https://www.facebook.com/TrainingsAtGlobalCompliancePanel

Twitter – https://twitter.com/gcpanel

LinkedIn – https://www.linkedin.com/company/10519587/admin/updates/

Internal Audit Checklist for HIPAA

Internal Audit Checklist for HIPAA.jpg

The internal audit checklist for HIPAA is one of the primary elements of HIPAA implementation. The passage of the Health Insurance Portability and Accountability Act (HIPAA) by the U.S. Congress in 1996 was aimed at regulating the way and process by which healthcare institutions across the country reveal the medical information of their patients.

The Department of Health and Human Services (HHS) is tasked with monitoring the compliance aspect of the law, i.e., it monitors how medical organizations comply with the provisions of HIPAA. In order to ensure that medical organization stay compliant with the provisions of HIPAA; auditors measure these compliance aspects with a checklist when testing companies’ medical data recording processes.

The internal audit checklist for HIPAA, like any other checklist, is a list of do’s and don’ts that a healthcare organization has to look to see if it is complying with its processes relating to medical data sharing and recording. These are the core areas against which auditors prepare and monitor the internal audit checklist for HIPAA:

Analysis and assessment of risk

Internal Audit Checklist for HIPAA3

One of the foremost aspects of the internal audit checklist for HIPAA is the organization’s analysis and assessment of the risk involved in disclosing medical information. Medical organizations of the designated types have to carry these out at regular, periodic intervals in ensuring that they don’t give opportunities for causing data breaches. Since healthcare organizations are involved in collecting, keeping and transferring of medical information; it is necessary for them to keep analyzing and assessing the risk involved in data breaches.

Gap analysis

In this category of internal audit checklist for HIPAA; auditors compare regulatory guidelines to security systems in the corporate sector. The idea is to help the medical organization outline its security requirements vis-a-vis its security infrastructure

Remediation

Internal Audit Checklist for HIPAA4

In this internal audit checklist for HIPAA; the healthcare organization relies on a number of technologies and steps to prevent any breach of data, and to also offset the damage done when a breach happens. The primary tools used in this internal audit checklist for HIPAA include software used for tracking defects, for process reengineering, CRM and a few ERP applications.

Planning for contingencies

An internal audit checklist for HIPAA also includes a set of plans that the healthcare organization has to have to be able to plan for contingencies. A healthcare organization can expect emergencies or disasters from any source, and these can be of any kind. An internal audit checklist for HIPAA should include plans for anticipating and dealing with these.

Personnel policies

biostatistics56

The policy a healthcare organization puts in place for its personnel is an important point in the internal audit checklist for HIPAA. It has to decide what kinds of trainings its staff members receive for implementing HIPAA compliance.

 

 

 

click to continue reading

Las Vegas hospitals must follow regular HIPAA privacy rule

Las Vegas hospita.jpg

After natural disasters, HHS sometimes waives certain HIPAA privacy rule requirements. That’s not usually the case after man-made disasters, such as Sunday night’s massacre in Las Vegas, where more than 50 were killed and hundreds were wounded after a gunman opened fire at a music festival.

Because the HIPAA privacy rule already allows information disclosure in certain cases, such as when public safety is threatened, and because there has been no declaration of a public health emergency, HIPAA waivers have not been necessary in this case.

Local hospitals will have to be careful, especially with so many requests for information from families, friends, and the media, said Mark Swearingen, a Hall Render attorney focused on health information privacy and security.

“Hospitals are going to have to be very careful about vetting and authenticating the individuals who might be calling in to make sure that they’re the type of person they can be sharing information with,” he said.

After Hurricane Harvey struck Texas in August, HHS Secretary Dr. Tom Price waived certain HIPAA penalties, which can range from $100 to $50,000 per violation. Providers would not be penalized for failing to giving out notices of privacy practices, for instance, nor would they be hit for not granting a patient the right to request privacy restrictions.

Meanwhile, other provisions of the HIPAA privacy rule were still in effect, including those that allow providers to disclose protected health information to patients’ families or others involved in their care. Other provisions allow providers to give out protected health information—including to law enforcement—if doing so would lessen a threat to those patients or to the public.

Given those rules, “when you have a shooting, the department has taken the position that a waiver isn’t necessary,” said Marcy Wilder, a privacy and cybersecurity lawyer with Hogan and Lovells, noting that no penalties were waived after the 2016 mass shooting that killed 49 people and injured 58 at Orlando’s Pulse nightclub. “The department wants to be careful here, because if you issue a waiver, that becomes a suggestion that without a waiver, these types of disclosures aren’t permitted,” she added.

Swearingen warns that Las Vegas hospitals therefore need to be cautious. “The hospital, I would hope, in this circumstance is going to be fairly guarded.”

Read More: http://snip.ly/8u7xj#http://www.modernhealthcare.com/article/20171002/NEWS/171009996/las-vegas-hospitals-must-follow-regular-hipaa-privacy-rule

 

What should Entities do to avoid HIPAA fines and penalties?

What should Entities do to avoid HIPAA fines and penalties.jpg

A look at the nature and numbers of HIPAA breaches over just the couple of years makes stark reading: On the one hand, in terms of numbers; 2016, with about 16 million records breached was a pretty good year compared to the previous year, in which about seven times that number, more than 113 million, were breached. But the bad news is that 2016 saw more Covered Entities reporting breaches than in any other year since the Office of Civil Rights (OCR) started publishing its data on healthcare record breaches.

These huge numbers show that not only is there a big demand for these records in the black market -they are in greater demand than even social security and credit cards -Covered Entities and Business Associates need to all that it takes to avoid HIPAA fines and penalties.

What should Entities do to avoid HIPAA fines and penalties4

The federal government has not been lax on this aspect. It is being extremely vigilant about protecting healthcare records. It has been consistently urging the HHS to take a serious view of the increased incidence of cyberattacks that has resulted in medical records theft and has suggested many measures towards ensuring this. The fact that there has been a steady increase in the global spending on cybersecurity-related hardware, software, and services and could reach $100 billion in 2020, according to estimates by the International Data Corporation (IDC), suggests the seriousness with which this issue is being viewed not just in the US, but all over the world.

One of the primary requirements that Business Associates need to comply with is adherence to HIPAA mandates regarding the handling and use of health information. This is spelt out in the HITECH Act, a recent update made to overall HIPAA regulations. It is mandatory for a Business Associate to comply with a wide range of regulatory obligations, which include certain privacy obligations, security standards, and breach notification requirements.

What should Entities do to avoid HIPAA fines and penalties2

However, there is a lot of confusion and misunderstanding among Business Associates about their roles and requirements. They must be completely knowledgeable about all the aspects of their roles, functions and requirements before they enter into agreements of contracts with subcontractors and vendors for their services

Learning about ways of avoiding HIPAA fines and penalties

Jay Hodes, who is President and Founder, Colington Security Consulting, LLC, will be providing thorough understanding of the roles and requirements of a Business Associate and Covered Entities in HIPAA enforcement at a webinar that is being organized by MentorHealth, a leading provider of professional trainings for the healthcare industry. Please visit What should Entities do to avoid HIPAA fines and penalties? to get complete clarity of the ways of avoiding HIPAA fines and penalties.

Clarity on how to avoid HIPAA fines and penalties

What should Entities do to avoid HIPAA fines and penalties1

The aim of this learning session is to help businesses understand what it means to be a Business Associate and know what required safeguards, policies and procedures must be in place or make sure that their current compliance program is adequate and can withstand government scrutiny.

Jay will highlight the importance of being compliant with the HIPAA requirements for an organization if it has to avoid HIPAA fines and penalties. The ways by which a Business Associate or Covered Entity can provide the appropriate patient rights and controls on its uses and disclosures of Protected Health Information (PHI) and what all it has to have in place for doing so, will all be explained.

He will cover the following areas at this session:

  • Why was HIPAA created?
  • Who Must Comply with HIPAA Requirements?
  • What are the HIPAA Security and Privacy Rules?
  • What are the Consequences of being a Business Associate
  • What is a HIPAA Compliance Program for a Business Associate?
  • What is a HIPAA Risk Management Plan?
  • What is a HIPAA Risk Assessment?
  • What is the Role of the HIPAA Security Official?
  • What are HIPAA training requirements?
  • What is a HIPAA data breach and what happens if it occurs?
  • What are the penalties and fines for non-compliance and how to avoid them
  • Case Examples of HIPAA Data Breaches
  • Creating a Culture of Compliance
  • Q&A.