The Next Few Things To Immediately Do About Hipaa Training for Compliance Officer

It will also address major changes under the Omnibus Rule and any other applicable updates.

This 6-hour seminar will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT.
The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information regarding the do’s and don’ts with HIPAA -I want to add clarity for compliance officers and what you guys need to do and how to best implement your HIPAA program based on over 18 years of personal experience working with Federal auditors, state auditors, and corporate auditors.

We will go through multiple scenarios that are commonly faced by compliance officers and how to manage these situations
I will also speak to real life litigated cases I have worked where HIPAA is being used to justify state cases of negligence -THIS IS BECOMING A HUGE RISK!

In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).

Why you need to know 

Do you have an affective HIPAA compliance program?  Do you know what needs to be done to satisfy the requirements?
New laws, funding, and enforcement mean increased risk for both business associates and covered entities – 2017 was a record year for enforcement and fines – 2018 will be no different.

HIPAA Omnibus – Do you know what’s involved and what you need to do?

What does Omnibus mean for covered entities and business associates?

Why should you be concerned?

Court cases that are changing the landscape of HIPAA and patient’s ability to sue!

TRIAL ATTORNEYS ARE MORE DANGEROUS THAN THE FEDERAL GOVERNMENT!!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates.  You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.

About the Intructor 

Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years’ experience in Health IT and Compliance Consulting. Mr. Tuttle has worked all of those 15 years with MAG Mutual Healthcare Solutions and is now Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions (previously named MAG Mutual Healthcare Solutions). Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States .

For more to continue reading

Virtual Seminar on Upcoming Changes with HIPAA 2019

What factors might spurn a lawsuit or a HIPAA audit? are you doing these things?

We will go point by point through the entire HIPAA Security Rule and uncover simple methods to comply and create policy.
The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information all over regarding the do’s and don’ts with HIPAA – I want to add clarity for compliance officers.

It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

C93kFxKWAAAUXm5

Do you know all of the requirements of this enigmatic law? Are you abiding by them?

My goal is to make this extremely complex enigma known as “HIPAA” very easy to understand with a painless step by step approach to an otherwise harrowing task Times have changed and new laws are now in place concerning protected health information.

The best way to protect your practice or business and save yourself future headaches and possible litigation or Federal fines is to be proactive instead of reactive This once rarely enforced law has changed and you need to know what’s going on! Protect your practice or business!

These day’s trial attorney’s pose an even higher risk than the Federal government!

State laws are now in place increasing liability for patient remedies!

What factors might spurn a lawsuit or a HIPAA audit? are you doing these things?

We will be discussing 2019 changes taking place in Washington with the Health and Human Services regarding the enforcement of the HIPAA laws already on the books as well as some detailed discussions on the audit process and some current events regarding HIPAA cases (both in courtrooms and from live audits)

What are areas covered by the Instructor:

  • Study all 18 Standards and 44 Implementation Specifications of the regulations
  • Updates for 2019
  • Requirements of Compliance Officers
  • New definition of what constitutes protected health information
  • Real life litigated cases
  • BYOD
  • Portable devices
  • Business associates and the increased burden
  • Emailing of PHI
  • Texting of PHI
  • Federal Audit Process
  • HIPAA and suing – how this works
  • Risk Assessment
  • Best resources

Click to know more about this

Easy Ways You Can Turn Hipaa Compliant Into Success

The materials will discuss IT security in the context of an overall organization security program including the value and approach of an IT security vulnerability test.

The first presentation explains the history of HIPAA, why it came into being and its evolution. This covers what HIPAA is, what steps have to be performed to be HIPAA compliant and what HIPAA compliance is.  It also provides definitions to key HIPAA terms, how to define a Business Associate and how to contract with Business Associates.

The second part of the first presentation is an overview of how to manage the HIPAA compliance project.

The second session describes what a Risk Assessment is and how to perform the risk assessment. The materials take the participant through the factors of HIPAA compliance and how to perform a HIPAA Risk Assessment. This encompasses taking the participants through how to do a HIPAA Privacy Risk Assessment, how to do a HIPAA Security Assessment and how to interpret the results, set priorities and develop a plan for addressing the Risk Assessment findings.

The third session takes the participants through how to prepare a set of HIPAA Policies and Procedures. This includes how to reference the HIPAA regulations in preparing the policies and procedures, how to reference the prior HIPAA Risk Assessments and how to prepare the HIPAA training materials.

The fourth session provides the participants with an orientation of the role the IT services in the healthcare organization in addressing the organization’s HIPAA compliance. This encompasses understanding what role IT hardware and software plays in the HIPAA compliance process, what responsibilities IT vendors should have and how to work with vendors. The materials will discuss IT security in the context of an overall organization security program including the value and approach of an IT security vulnerability test.

 

In the last session participants will review what a HIPAA breach is and what to do when a HIPAA breach occurs. This includes determining if a notification occurred, notification requirements and mitigation options.

There will be a wrap up and discussion session providing an opportunity for the participants to discuss specific issues they may have or get direction regarding particular approaches for HIPAA compliance.

The need for HIPAA compliance has evolved since the HIPAA laws were passed in 1996. In addition, as technology has advanced into more use of the internet and web-based hardware and software resources, compliance has also become more difficult and complex.

Now both covered entities (providers of health care services) and their business associates (support vendors) have to implement comparable compliance measures.

Breaches are almost impossible to escape – recent studies show that approximately 90% of covered entities and business associates have had at least one breach of a patient’s protected health information.  And, HIPAA federal penalties can be significant.

Compounding the issue is that almost all states have incorporated the HIPAA regulations, in one form or another, into their state health care privacy laws and/or the courts have accepted the HIPAA regulations as the standard of care for protecting a patient’s health information.

It is important for the health care organization to know what is expected by the regulations.

To satisfy your HIPAA compliance requirements, health care management and staff need to understand the HIPAA privacy and security regulations, understand how to assess your health care organization’s HIPAA compliance status, understand the role of each of the members of your workforce in meeting your compliance requirements and know what to do if there is a breach of your patient health data.

This webinar provides an in-depth review of these subjects and leaves the participant with a solid understanding of what has to be done to be HIPAA compliant.

People who will be benefits from this

  • Health Care Organization Ownership and Senior Management
  • Office Management
  • Business Associates
  • Physicians
  • Ancillary Service Organizations (Pharmacies, Labs, Radiology)
  • HIPAA Compliance Professions
  • Health Care System Vendors

Want To Step Up Your HIPAA? You Need To Read This First

You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices.

Confused about all of the misinformation relating to HIPAA, what you can and can’t do?

Join me in the six-hour virtual seminar and let me get those questions FINALLY answered for you once and for all!

There is unfortunately a lot of confusion about transmissions of protected health information and what we as business associates and covered entities need to do and what we SHOULD NOT do!

Join me in this six-hour virtual seminar as we discuss the do’s and don’ts regarding texting and emailing along with any other sorts of transmissions of protected health information!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, emailing, and transmission in general of protected health information (PHI).

You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices.

I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence to minimize risk.
These day’s trial attorney’s pose a higher risk than the Federal government!

I will uncover myths versus reality as it relates to this very enigmatic law based on over 1000 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors.

I will speak on specific experiences from over 18 years of experience in working as an outsourced compliance auditor, expert witness on multiple HIPAA cases in state law, and thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information.

More importantly I will show you how to limit those risks by simply taking proactive steps and utilizing best practices.
Don’t always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required.

Virtual Seminar on HIPAA Training for Compliance Officer

This 6-hour seminar will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2018.

Areas also covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT.

The primary goal is to ensure everyone is well educated on what is myth and what is reality with this law, there is so much misleading information regarding the do’s and don’ts with HIPAA -I want to add clarity for compliance officers and what you guys need to do and how to best implement your HIPAA program based on over 18 years of personal experience working with Federal auditors, state auditors, and corporate auditors.

We will go through multiple scenarios that are commonly faced by compliance officers and how to manage these situations

I will also speak to real life litigated cases I have worked where HIPAA is being used to justify state cases of negligence -THIS IS BECOMING A HUGE RISK!

In addition, this course will cover the highest risk factors for being sued as well as being audited (these two items tend to go hand in hand).

Why you should attend

Join me in this in depth 6-hour seminar where we will get into the nitty-gritty about the roles and responsibilities of a HIPAA Compliance Officer.

Do you have an affective HIPAA compliance program? Do you know what needs to be done to satisfy the requirements?

New laws, funding, and enforcement mean increased risk for both business associates and covered entities – 2017 was a record year for enforcement and fines – 2018 will be no different.

HIPAA Omnibus – Do you know what’s involved and what you need to do?

What does Omnibus mean for covered entities and business associates?

Why should you be concerned?

Court cases that are changing the landscape of HIPAA and patient’s ability to sue!

TRIAL ATTORNEYS ARE MORE DANGEROUS THAN THE FEDERAL GOVERNMENT!!

It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates. You need to know how to avoid being low hanging fruit in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT or internal administrative practices.

Who Will Benefit

  • Practice Managers
  • Any Business Associates who work with medical practices or hospitals (i.e. billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc)
  • MD’s and other medical Professionals

Agenda

  • Updates for 2019
  • Requirements of Compliance Officers
  • New definition of what constitutes protected health information
  • Real life litigated cases
  • BYOD
  • Portable Devices
  • Business associates and the increased burden
  • Emailing of PHI
  • Texting of PHI
  • Federal Audit Process
  • HIPAA and suing – how this works
  • Risk Assessment
  • Ransomware and how to avoid
  • What to do when a breach occurs
  • Best Resources

Speaker Profile

Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years’ experience in Health IT and Compliance Consulting. Mr. Tuttle has worked all of those 15 years with MAG Mutual Healthcare Solutions and is now Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions (previously named MAG Mutual Healthcare Solutions). Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States .

Click Here to Continue Reading

How Covered Entities and Business Associates Can Comply Calmly, Confidently and Completely with the HIPAA Rules

HIpaa Blog wpress

Any business organization that is involved in creating, receiving, transmitting and maintaining Protected Health Information (PHI) has to comply with the requirements set out in Health Insurance Portability and Accountability Act (HIPAA). Such businesses, called Business Associates, since they carry out these functions on behalf of what are called Covered Entities; are legally obliged to show compliance with the provisions of HIPAA, whose main aim is to protect the privacy and confidentiality of patient information.

So, any Business Associate has to know how to comply with the provisions of HIPAA. Considering that the provisions of HIPAA have undergone major changes from the time of its enactment in 1996 up until 2013; Business Associates often find that showing compliance with the provisions of this legislation is complex. But failing to do so attracts hefty fines and penalties.

Understanding HIPAA provisions is the key to implementation

Although HIPAA implementation appears somewhat intimidating at first glance, in reality, it is not so. It can be implemented with ease and felicity in a manner that meets all the regulatory requirements. How? By breaking down the requirements into separate parts. The ways of taking this very sensible and commonsensical approach to HIPAA implementation by Business Associates and their Covered Entities, will be the subject of a very useful two-day seminar that is being organized by GlobalCompliancePanel, a highly reputed provider of professional trainings in the areas of regulatory compliance.

Overcoming HIPAA Compliance Challenges 

HIPAA Compliance

Taking the right steps to HIPAA implementation

He will, for instance, highlight the role of the social media and how to use the electronic media for staying updated and thus reducing the crucial element of time. He will also highlight the importance of managing risks in HIPAA compliance. This is all the more critical, considering that the Office of Civil Rights (OCR) has found that a shockingly high 94% of Covered Entities failed the Risk Management audit and about 87% failed the Risk Analysis audit. This was despite the fact that every Covered Entity knew well in advance of the upcoming audit, and had filled up a pre-audit questionnaire, which gave them a clear idea of what was to come in terms of the questions that HIPAA inspectors would be asking them, and what documentation were needed from them.

The central aim of this learning session is to help participants understand how Business Associates and Covered Entities can take simple and easy steps to stay compliant, so that they don’t have problems in meeting HIPAA requirements for compliance.

Learning at this highly valuable Areas:

  • Thorough Understanding of HIPAA Rules
  • What they are
  • How they work together
  • Why and How they were made
  • How they are changing and what to expect next
  • HIPAA Risk Analysis – Risk Management for Your Organization
  • A Practical Guided Exercise done in class on your computer to take home
  • Privacy and Security Rules – Permitted and Required Uses and Disclosures
  • What information must be protected
  • Administrative, Technical and Physical Safeguards
  • Social Media, Texting and Emailing Patients
  • The inter-connected, inter-dependent relationship of Covered Entities and Business Associates
  • What is, and what is not a Reportable Breach of Unsecured PHI

http://www.fertilitybridge.com/blog/hipaaandsocialmediawithpaulhales

 

200+ followers. WOWWWWWW…

followed- 200

Hello Everyone,

Today we have the pleasure of celebrating the fact that we have reached the milestone of 200+ followers on WordPress. Since we started this blog, we have had such a great time connecting with everyone.  we never expected to actually to connect with other people in the blogging community.

we are so incredibly thankful for each and every one of you who follows and comments on my blog posts. Please know that!

we would continue our blogging in these areas FDA Regulation, Medical Devices, Drugs and Biologics, Healthcare Compliance, Biotechnology, Clinical Research, Laboratory Compliance, Quality Management ,HIPAA Compliance ,OSHA Compliance, Risk Management, Trade and Logistics Compliance ,Banking and Financial Services, Auditing/Accounting & Tax, Packaging and Labeling, SOX Compliance, Environmental Compliance, Microsoft Excel Spreadsheet, Geology and Mining, Human Resources Compliance, Food Safety Compliance and etc.

Get more articlehttps://www.globalcompliancepanel.com/freeresources/resource-directory

Please follow us on

Facebook – https://www.facebook.com/TrainingsAtGlobalCompliancePanel

Twitter – https://twitter.com/gcpanel

LinkedIn – https://www.linkedin.com/company/10519587/admin/updates/

Aspects of Regulatory History in the US

The beginnings of all that the USFDA regulates can be traced right to the early decades of the founding of the nation. In a sense, the FDA, even if came to be called by that formal name much later; embodies the discipline and value set that the new created nation sought to represent. Regulation of all aspects of American life was deeply ingrained very early in the nation’s history, and the FDA was one of prime institutions that played a part in making this happen.

How has the FDA evolved and shaped up over the years? What are the important milestones of this history? This makes interesting reading, because the USFDA has had the kind of history whose colorfulness is matched by few other regulatory agencies around the world.

aspectsOfRegulatoryHistoryAn indication of the extent to which the FDA attaches importance to ensuring the wellbeing of the American people can be gauged from the fact that the food and other products that this agency regulates account for a fifth of the total money that the nation’s consumers spend. Just its budget – well over four billion in 2014 – is a good indicator to the way in which the FDA has spread its influence in the various spheres of American life. It regulates almost all food items with the exception of meat and poultry.

This situation has not been reached accidentally or overnight. The FDA has by and large kept pace with the developments in the areas it regulates. This was largely true till the advent of very recent technology-led areas such as biotechnology and the social media, where too, the FDA has been trying to put its best foot forward.

The start of formal regulation 
aspectsOfRegulatoryHistoryA look at the history of the FDA points to the year 1848 as the start of the first formal aspects of regulatory history. That was the year in which Lewis Caleb Beck took his appointment with the Patent Office. His mandate was to chemically analyze agricultural products. This is considered as the first task that was aimed at regulating a product that people consumed. This function rolled over to the Department of Agriculture, which was created in 1862.

The Act of 1906The next step in solidifying the regulatory aspects of life in the US was taken in 1906, with the promulgation of the Pure Food and Drugs Act in 1906. Stretching to some two decades of wrangling between the American Congress and the food industry to formulate, the Act of 1906 sought to prohibit adulterated and misbranded food and drugs from interstate commerce.

The 1938 Food, Drug, and Cosmetic ActThe next major milestone in the aspects of regulatory history in the US took place in 1938. The 1938 Food, Drug, and Cosmetic Act prescribed and detailed the legal requirements for products the FDA – which this Act created – regulated. In this Act, one can trace the earliest tidings of a major activity that the FDA has been carrying out since then: Prescribing the requirements for ensuring quality by prohibiting false claims by manufacturers and advertisers.

aspectsOfRegulatoryHistoryPresident Franklin D. Roosevelt signing the 1938 Food, Drug, and Cosmetic Act.

Over time, the 1938 Act expanded to include more areas such as cosmetics, devices and veterinary medicines, thus strengthening the foundation for regulation and making it more expansive. Since the passage of the 1938 Food, Drug, and Cosmetic Act; two major events happened on the regulatory scene. The outbreak of tetanus and diphtheria diseases in the 1960’s compelled the FDA to take a more proactive approach to vaccinations.

Another major, earthshaking event was the tragedy that thalidomide unleashed on Europe in the 1960’s, which stunted the growth of hundreds of children, which was mainly due to regulatory lapse. This did not happen in the US, mainly because of the efforts and diligence shown by Frances Kelsey, in her role as FDA reviewer. Frances plainly refused to approve thalidomide because she was not convinced about its safety, an act which made her a cult figure in FDA and American and Canadian medicinal history till her death in 2015.

aspectsOfRegulatoryHistory

Aspects of regulatory history in the US in the 1990’sFollowing the 1960’s, the next major milestone in the aspects of regulatory history in the US happened in 1990, when the Nutrition Labeling and Education Act was passed. This law was important because it changed the American perspective of labeling of products in the food and pharmaceutical industries. The Nutrition Labeling and Education Act requires manufacturers to provide nutritional information about products on their labels, with the caveat that false labeling information will lead to consequences.

 

click to continue reading

Good Documentation Practice Guideline is simple: just write

Good Documentation Practices are the soul of many regulated industries. The FDA, like all other regulatory agencies, makes GDP a central element of its regulations, and bases it on the principle of evidence. For the FDA and other regulatory agencies across the world, what is not documented is nonexistent.

Good Documentation Practices are essential for a number of disciplines. The soul of documentation is, naturally, the written word. What happens when something that happened is not actually written down? It is a work of no practical use, because apart from those that carried out the particular undocumented task; no one else is aware of it. And even when the people who did that task or were witness to it are prone to have their own interpretation and perception of what was done. This is why proof in the form of writing is the most important element of Good Documentation Practices.

goodDocumentationPracticesGuidelines

What to write, and how toGDP should not only be about just writing down; it is about what to write and also, how, meaning, in what manner. If there has been an intervention in any method of manufacture or any other activity in the regulated industries; the change should be noted down in the proper format as prescribed by the FDA. This enables everyone concerned, from the people in the organization to the auditors to the regulatory agencies, to clearly identify what action was carried out, by whom and when. This further leads to a discovery of the impact of the actions. This is the key to determining the effectiveness of the application of the GDP principles in the particular case.

goodDocumentationPracticesGuidelinesThis is why the FDA has very clear-cut requirements and expectations of GDP from the industries it regulates. These clearly explain the method by which to document the said document, the ways of doing it, and what actions to take when the need arises.

Quality Assurance is unthinkable without the application of GDP principles. The main reason for establishing GDP is ensure that the documentation does the following to the record in question:

goodDocumentationPracticesGuidelines
What needs to be documented?Another major element of GDP is to determine what is to be documented. The FDA and other regulatory agencies require the principles of Good Documentation Practices to be applied across a number of activities at different stages. These include:

goodDocumentationPracticesGuidelines

The EMA’s requirements
goodDocumentationPracticesGuidelinesThe EMA also has clear-cut guidelines on Good Documentation Practices. Some of its core requirements relate to

  • Specifications
  • All aspects of the manufacturing including the product’s formulae, the way in which the processing was done, the methods of its packaging, and the extent to which its testing instructions are written down
  • SOPs
  • Protocols
  • Technical agreements

Further, most regulatory agencies have their own requirements with regard to the styling, ways by which the amendments, if any, need to be jotted down, the type of ink to be used, the way in which the review, if any, needs to be entered, and who should put signatures and where, so on. Manufacturers who fall under the purview of respective regulatory agencies need to adhere to these.

And, for other reasons, as wellImplementing Good Documentation Practices is a great idea to have for meeting regulatory requirements, because companies that do not meet these requirements are in a spot of bother about a number of issues. However, in addition to this, there is also the need for maintaining GDP for business reasons, as well. A business that complies with the requirements set out by the FDA or other regulatory agencies in relation to Good laboratory practices, the CFR regulations such as 21 CFR Parts that apply to various industries, and also as required as part of national and global agencies; earns a good name in the market and is considered a reliable company.

 

click to continue reading

Health Education England launches online workshop on improving digital readiness

peoplemic_header555

Health Education England is launching an online workshop to gather views on digital readiness.

The organisation is working in collaboration with Digital Health and innovation and crowdsourcing agency Clever Together on the online workshop, which forms part of the Building a Digital Ready Workforce programme.

It will be launched on 22 November in partnership with BCS Health and Care, the Federation of Informatics Professionals in Health and Social Care, and the Faculty of Clinical Informatics.

James Freed, chief information officer at Health Education England, told Digital Health the exercise was a chance to gather the views of those who already have a strong voice as well as those who are less commonly heard.

“In almost all technological programmes I have seen, our efforts are mostly about technology and very little about process, and the process redesign, and almost none on people,” he explained. He hopes the new online workshop will address that.

Andy Kinnear, chair of BCS Health and Care, added the aim was to hear from “digital experts; the wider group of people involved in the digital space such as nurses, doctors and care professionals; and the entire health and social care workforce”.

The online workshop will run for about three weeks and its results will form the basis for how the BRDW programme will prioritise and invest £6m over the next four years. Its findings will be extensively covered by Digital Health.

You can register now for the online workshop. Our feature article gives more detail – including interviews with James Freed and Andy Kinnear. Keep an eye on Digital Health over the next few weeks for ongoing coverage.