The Next Few Things To Immediately Do About Hipaa Training for Compliance Officer

It will also address major changes under the Omnibus Rule and any other applicable updates.

This 6-hour seminar will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT.
The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information regarding the do’s and don’ts with HIPAA -I want to add clarity for compliance officers and what you guys need to do and how to best implement your HIPAA program based on over 18 years of personal experience working with Federal auditors, state auditors, and corporate auditors.

We will go through multiple scenarios that are commonly faced by compliance officers and how to manage these situations
I will also speak to real life litigated cases I have worked where HIPAA is being used to justify state cases of negligence -THIS IS BECOMING A HUGE RISK!

In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).

Why you need to know 

Do you have an affective HIPAA compliance program?  Do you know what needs to be done to satisfy the requirements?
New laws, funding, and enforcement mean increased risk for both business associates and covered entities – 2017 was a record year for enforcement and fines – 2018 will be no different.

HIPAA Omnibus – Do you know what’s involved and what you need to do?

What does Omnibus mean for covered entities and business associates?

Why should you be concerned?

Court cases that are changing the landscape of HIPAA and patient’s ability to sue!

TRIAL ATTORNEYS ARE MORE DANGEROUS THAN THE FEDERAL GOVERNMENT!!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates.  You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.

About the Intructor 

Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years’ experience in Health IT and Compliance Consulting. Mr. Tuttle has worked all of those 15 years with MAG Mutual Healthcare Solutions and is now Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions (previously named MAG Mutual Healthcare Solutions). Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States .

For more to continue reading

Virtual Seminar on Upcoming Changes with HIPAA 2019

What factors might spurn a lawsuit or a HIPAA audit? are you doing these things?

We will go point by point through the entire HIPAA Security Rule and uncover simple methods to comply and create policy.
The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information all over regarding the do’s and don’ts with HIPAA – I want to add clarity for compliance officers.

It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

C93kFxKWAAAUXm5

Do you know all of the requirements of this enigmatic law? Are you abiding by them?

My goal is to make this extremely complex enigma known as “HIPAA” very easy to understand with a painless step by step approach to an otherwise harrowing task Times have changed and new laws are now in place concerning protected health information.

The best way to protect your practice or business and save yourself future headaches and possible litigation or Federal fines is to be proactive instead of reactive This once rarely enforced law has changed and you need to know what’s going on! Protect your practice or business!

These day’s trial attorney’s pose an even higher risk than the Federal government!

State laws are now in place increasing liability for patient remedies!

What factors might spurn a lawsuit or a HIPAA audit? are you doing these things?

We will be discussing 2019 changes taking place in Washington with the Health and Human Services regarding the enforcement of the HIPAA laws already on the books as well as some detailed discussions on the audit process and some current events regarding HIPAA cases (both in courtrooms and from live audits)

What are areas covered by the Instructor:

  • Study all 18 Standards and 44 Implementation Specifications of the regulations
  • Updates for 2019
  • Requirements of Compliance Officers
  • New definition of what constitutes protected health information
  • Real life litigated cases
  • BYOD
  • Portable devices
  • Business associates and the increased burden
  • Emailing of PHI
  • Texting of PHI
  • Federal Audit Process
  • HIPAA and suing – how this works
  • Risk Assessment
  • Best resources

Click to know more about this

Easy Ways You Can Turn Hipaa Compliant Into Success

The materials will discuss IT security in the context of an overall organization security program including the value and approach of an IT security vulnerability test.

The first presentation explains the history of HIPAA, why it came into being and its evolution. This covers what HIPAA is, what steps have to be performed to be HIPAA compliant and what HIPAA compliance is.  It also provides definitions to key HIPAA terms, how to define a Business Associate and how to contract with Business Associates.

The second part of the first presentation is an overview of how to manage the HIPAA compliance project.

The second session describes what a Risk Assessment is and how to perform the risk assessment. The materials take the participant through the factors of HIPAA compliance and how to perform a HIPAA Risk Assessment. This encompasses taking the participants through how to do a HIPAA Privacy Risk Assessment, how to do a HIPAA Security Assessment and how to interpret the results, set priorities and develop a plan for addressing the Risk Assessment findings.

The third session takes the participants through how to prepare a set of HIPAA Policies and Procedures. This includes how to reference the HIPAA regulations in preparing the policies and procedures, how to reference the prior HIPAA Risk Assessments and how to prepare the HIPAA training materials.

The fourth session provides the participants with an orientation of the role the IT services in the healthcare organization in addressing the organization’s HIPAA compliance. This encompasses understanding what role IT hardware and software plays in the HIPAA compliance process, what responsibilities IT vendors should have and how to work with vendors. The materials will discuss IT security in the context of an overall organization security program including the value and approach of an IT security vulnerability test.

 

In the last session participants will review what a HIPAA breach is and what to do when a HIPAA breach occurs. This includes determining if a notification occurred, notification requirements and mitigation options.

There will be a wrap up and discussion session providing an opportunity for the participants to discuss specific issues they may have or get direction regarding particular approaches for HIPAA compliance.

The need for HIPAA compliance has evolved since the HIPAA laws were passed in 1996. In addition, as technology has advanced into more use of the internet and web-based hardware and software resources, compliance has also become more difficult and complex.

Now both covered entities (providers of health care services) and their business associates (support vendors) have to implement comparable compliance measures.

Breaches are almost impossible to escape – recent studies show that approximately 90% of covered entities and business associates have had at least one breach of a patient’s protected health information.  And, HIPAA federal penalties can be significant.

Compounding the issue is that almost all states have incorporated the HIPAA regulations, in one form or another, into their state health care privacy laws and/or the courts have accepted the HIPAA regulations as the standard of care for protecting a patient’s health information.

It is important for the health care organization to know what is expected by the regulations.

To satisfy your HIPAA compliance requirements, health care management and staff need to understand the HIPAA privacy and security regulations, understand how to assess your health care organization’s HIPAA compliance status, understand the role of each of the members of your workforce in meeting your compliance requirements and know what to do if there is a breach of your patient health data.

This webinar provides an in-depth review of these subjects and leaves the participant with a solid understanding of what has to be done to be HIPAA compliant.

People who will be benefits from this

  • Health Care Organization Ownership and Senior Management
  • Office Management
  • Business Associates
  • Physicians
  • Ancillary Service Organizations (Pharmacies, Labs, Radiology)
  • HIPAA Compliance Professions
  • Health Care System Vendors

Virtual Seminar on HIPAA Training for Compliance Officer

This 6-hour seminar will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT.

The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information regarding the do’s and don’ts with HIPAA -I want to add clarity for compliance officers and what you guys need to do and how to best implement your HIPAA program based on over 18 years of personal experience working with Federal auditors, state auditors, and corporate auditors.

We will go through multiple scenarios that are commonly faced by compliance officers and how to manage these situations

I will also speak to real life litigated cases I have worked where HIPAA is being used to justify state cases of negligence -THIS IS BECOMING A HUGE RISK!

In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).

Why you should attend

Join me in this in depth 6-hour seminar where we will get into the nitty-gritty about the roles and responsibilities of a HIPAA Compliance Officer.

Do you have an affective HIPAA compliance program? Do you know what needs to be done to satisfy the requirements?

New laws, funding, and enforcement mean increased risk for both business associates and covered entities – 2017 was a record year for enforcement and fines – 2018 will be no different.

HIPAA Omnibus – Do you know what’s involved and what you need to do?

What does Omnibus mean for covered entities and business associates?

Why should you be concerned?

Court cases that are changing the landscape of HIPAA and patient’s ability to sue!

TRIAL ATTORNEYS ARE MORE DANGEROUS THAN THE FEDERAL GOVERNMENT!!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates. You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.

Who Will Benefit

  • Practice Managers
  • Any Business Associates who work with medical practices or hospitals (i.e. billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc)
  • MD’s and other medical Professionals

Agenda

  • Updates for 2019
  • Requirements of Compliance Officers
  • New definition of what constitutes protected health information
  • Real life litigated cases
  • BYOD
  • Portable Devices
  • Business associates and the increased burden
  • Emailing of PHI
  • Texting of PHI
  • Federal Audit Process
  • HIPAA and suing – how this works
  • Risk Assessment
  • Ransomware and how to avoid
  • What to do when a breach occurs
  • Best Resources

Speaker Profile

Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years’ experience in Health IT and Compliance Consulting. Mr. Tuttle has worked all of those 15 years with MAG Mutual Healthcare Solutions and is now Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions (previously named MAG Mutual Healthcare Solutions). Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States .

Click Here to Continue Reading

How Covered Entities and Business Associates Can Comply Calmly, Confidently and Completely with the HIPAA Rules

HIpaa Blog wpress

Any business organization that is involved in creating, receiving, transmitting and maintaining Protected Health Information (PHI) has to comply with the requirements set out in Health Insurance Portability and Accountability Act (HIPAA). Such businesses, called Business Associates, since they carry out these functions on behalf of what are called Covered Entities; are legally obliged to show compliance with the provisions of HIPAA, whose main aim is to protect the privacy and confidentiality of patient information.

So, any Business Associate has to know how to comply with the provisions of HIPAA. Considering that the provisions of HIPAA have undergone major changes from the time of its enactment in 1996 up until 2013; Business Associates often find that showing compliance with the provisions of this legislation is complex. But failing to do so attracts hefty fines and penalties.

Understanding HIPAA provisions is the key to implementation

Although HIPAA implementation appears somewhat intimidating at first glance, in reality, it is not so. It can be implemented with ease and felicity in a manner that meets all the regulatory requirements. How? By breaking down the requirements into separate parts. The ways of taking this very sensible and commonsensical approach to HIPAA implementation by Business Associates and their Covered Entities, will be the subject of a very useful two-day seminar that is being organized by GlobalCompliancePanel, a highly reputed provider of professional trainings in the areas of regulatory compliance.

Overcoming HIPAA Compliance Challenges 

HIPAA Compliance

Taking the right steps to HIPAA implementation

He will, for instance, highlight the role of the social media and how to use the electronic media for staying updated and thus reducing the crucial element of time. He will also highlight the importance of managing risks in HIPAA compliance. This is all the more critical, considering that the Office of Civil Rights (OCR) has found that a shockingly high 94% of Covered Entities failed the Risk Management audit and about 87% failed the Risk Analysis audit. This was despite the fact that every Covered Entity knew well in advance of the upcoming audit, and had filled up a pre-audit questionnaire, which gave them a clear idea of what was to come in terms of the questions that HIPAA inspectors would be asking them, and what documentation were needed from them.

The central aim of this learning session is to help participants understand how Business Associates and Covered Entities can take simple and easy steps to stay compliant, so that they don’t have problems in meeting HIPAA requirements for compliance.

Learning at this highly valuable Areas:

  • Thorough Understanding of HIPAA Rules
  • What they are
  • How they work together
  • Why and How they were made
  • How they are changing and what to expect next
  • HIPAA Risk Analysis – Risk Management for Your Organization
  • A Practical Guided Exercise done in class on your computer to take home
  • Privacy and Security Rules – Permitted and Required Uses and Disclosures
  • What information must be protected
  • Administrative, Technical and Physical Safeguards
  • Social Media, Texting and Emailing Patients
  • The inter-connected, inter-dependent relationship of Covered Entities and Business Associates
  • What is, and what is not a Reportable Breach of Unsecured PHI

http://www.fertilitybridge.com/blog/hipaaandsocialmediawithpaulhales

 

Hurricane Harvey HIPAA Reminder

Disasters, which can ultimately lead to a data breach, come in various forms – natural, man-made and technical. HIPAA, the HITECH Act, the Federal Trade Commission and the Securities and Exchange Commission are just a handful of entities requiring that the confidentiality, integrity and availability of the sensitive information (e.g., protected health information (PHI) and personally identifiable information (PII)) remain intact. Although federal HIPAA has distinct categories (e.g., covered entity, business associate, and subcontractor), other state or federal government entities use “covered entity” to mean any person that creates, receives, maintains or transmits PHI or PII.

HIPAA sets forth three main categories of safeguards: administrative, physical, and technical safeguards. Often times, these categories overlap. For example, the administrative requirement of a sanction policy compliments the physical requirement of two-factor identification for building access.

Below are a couple of select sections from the Code of Federal Regulations (CFR), which organizations should be particularly vigilant about in relation to disasters.

•45 CFR §164.310 (Physical) – requires that policies and procedures for facility access in order to restore lost data under the disaster recovery and emergency access plan.

•45 CFR §164.308 (Administrative Safeguards) – multiple requirements are set forth under this particular section of the CFR. For example:

•Security management process

•Annual risk analysis

•Information activity review

•Workforce clearance procedure

•Security awareness training

•Contingency plan

 

Read More: http://snip.ly/duepz#http://www.diagnosticimaging.com/blog/hurricane-harvey-hipaa-reminder

Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research.

The Value and Importance of Health Information Privacy

Ethical health research and privacy protections both provide valuable benefits to society. Health research is vital to improving human health and health care. Protecting patients involved in research from harm and preserving their rights is essential to ethical research. The primary justification for protecting personal privacy is to protect the interests of individuals. In contrast, the primary justification for collecting personally identifiable health information for health research is to benefit society. But it is important to stress that privacy also has value at the societal level, because it permits complex activities, including research and public health activities to be carried out in ways that protect individuals’ dignity. At the same time, health research can benefit individuals, for example, when it facilitates access to new therapies, improved diagnostics, and more effective ways to prevent illness and deliver care.

The intent of this chapter1 is to define privacy and to delineate its importance to individuals and society as a whole. The value and importance of health research will be addressed in Chapter 3.

CONCEPTS AND VALUE OF PRIVACY

Definitions

Privacy has deep historical roots (reviewed by Pritts, 2008Westin, 1967), but because of its complexity, privacy has proven difficult to define and has been the subject of extensive, and often heated, debate by philosophers, sociologists, and legal scholars. The term “privacy” is used frequently, yet there is no universally accepted definition of the term, and confusion persists over the meaning, value, and scope of the concept of privacy. At its core, privacy is experienced on a personal level and often means different things to different people (reviewed by Lowrance, 1997Pritts, 2008). In modern society, the term is used to denote different, but overlapping, concepts such as the right to bodily integrity or to be free from intrusive searches or surveillance. The concept of privacy is also context specific, and acquires a different meaning depending on the stated reasons for the information being gathered, the intentions of the parties involved, as well as the politics, convention and cultural expectations (Nissenbaum, 2004NRC, 2007b).

Our report, and the Privacy Rule itself, are concerned with health informational privacy. In the context of personal information, concepts of privacy are closely intertwined with those of confidentiality and security. However, although privacy is often used interchangeably with the terms “confidentiality” and “security,” they have distinct meanings.Privacy addresses the question of who has access to personal information and under what conditions. Privacy is concerned with the collection, storage, and use of personal information, and examines whether data can be collected in the first place, as well as the justifications, if any, under which data collected for one purpose can be used for another (secondary)2 purpose. An important issue in privacy analysis is whether the individual has authorized particular uses of his or her personal information (Westin, 1967).

Confidentiality safeguards information that is gathered in the context of an intimate relationship. It addresses the issue of how to keep information exchanged in that relationship from being disclosed to third parties (Westin, 1976). Confidentiality, for example, prevents physicians from disclosing information shared with them by a patient in the course of a physician–patient relationship. Unauthorized or inadvertent disclosures of data gained as part of an intimate relationship are breaches of confidentiality (Gostin and Hodge, 2002NBAC, 2001).

 

Read More: http://snip.ly/tlhw0#https://www.ncbi.nlm.nih.gov/books/NBK9579/