ResearchBib Share Your Research, Maximize Your Social Impacts
Sign for Notice Everyday Sign up >> Login

Online Webinar 2019 - 60 Minutes Live Webinar HIPAA Security Rule Priorities and Challenges — What’s New and What to Focus On in Managing Risks by Jim Sheldon-Dean



VenueOnine, USA - United States USA - United States



Topics/Call fo Papers

Session Highlights
At the conclusion of the session, participants will be able to:
Know what are some of the usual risks that must be addressed for HIPAA compliance and how to approach them, including those such as insecure communications of PHI, preparing to deal with Ransomware, and controlling and reviewing staff access of PHI.
Understand what a HIPAA Security risk analysis is, how you can conduct one, and what you can learn from it.
Learn the essential policies and procedures that must be in place for HIPAA Security Rule compliance, and the necessity of documentation of their application.
Understand how to consider new information security risks and what can cause them.
Understand the difference between policies and procedures, and what belongs in each.
Learn the importance of comparing your policies and procedures to your actual practices and making the necessary adjustments to synchronize them.
Who Will Benefit
Compliance director
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Contracts Manager
Today’s information security landscape in healthcare is full of hazards and threats, and preparing to deal with them requires an understanding of the key issues being faced, so that scarce resources can be most appropriately applied to reduce risks. Things like communications, Ransomware, and your own staff can be sources of issues that must be understood and addressed.
HIPAA has been a law for more than twenty years now, and the rules in place call for extensive policies and procedures to ensure compliance with the HIPAA Security Rule. But not all entities have done the work necessary to conduct an accurate and thorough assessment of the risks to the security of Protected Health Information (PHI), and develop and implement their security policies and procedures. Even if they have all the best practices in place, entities must have the supporting policies and procedures to ensure consistency in service and compliance with the law, and they need to be aware of the risks they face and be ready to respond to changes in the risk landscape.
This session will focus on the challenges of HIPAA Security Rule compliance, including the conduct of an information security risk analysis and development of risk management planning, as required under the HIPAA Security Rule, and development and implementation of the necessary policies and procedures for HIPAA Security Rule compliance. Suggested ways a risk analysis may be conducted, and the tools that may be used, will be explored. The necessity for undertaking an information flow analysis to find risks will be explained. Identified risks must be managed, and the means to do so using a set of spreadsheets in a workbook will be described.
The requirements to have policies and procedures will be identified, and the topics that should be covered for each of the rules will be enumerated. Typical policy contents will be identified, with an emphasis on the need to customize and right-size polices for each organization. In addition, we will discuss Privacy Rule topics relating to the management of your HIPAA compliance, such as documentation and training.
The HIPAA Security Rule has some basic requirements for risk analysis and risk management, but also includes numerous physical, technical, and administrative safeguards that must be addressed in policy and procedure. Tackling these requirements individually can result in dozens of new policies; we will explore how to simplify your policies and procedures by combining them where it makes sense to, putting similar requirements and activities together, and making it easier for managers and staff to find and use the right policies and procedures.
And even HIPAA Business Associates must be addressed, both in your policies and in theirs. HIPAA BAs are required to conduct their own risk analyses and have their own sets of security policies and procedures. Hiring entities need to know what’s appropriate and what to ask about for evidence of good practices in information security by their Business Associates.
The session will discuss the requirements and the issues involved with HIPAA security risk analysis, policies, and procedures, and help define the path entities can follow to bring their compliance up to the level at which it should be today.
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous
regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than 19 years of experience specializing in HIPAA compliance, more than 37 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Last modified: 2019-09-03 13:44:06