Share Your Research, Maximize Your Social Impacts
Main Menu
Searching By
PARTNERS
HIPAADemystifie 2014 - HIPAA Demystified: Security Regulations, Do I Really Have to Lock my Door
Date2014-01-22
Deadline2014-01-21
Venueonline event, USA - United States 
Keywordsonline healthcare trainings; online hipaa training; Medical Training
Websitehttps://bit.ly/1c2SiMj
Topics/Call fo Papers
Overview: Privacy and Security of protected health information (PHI) is on the mind of every individual. Not only is there a concern regarding the health information itself but to the identity theft that can, and in many cases, results from the theft of a health record. One needs to look no further than the concerns reported from the industry itself. In a 2012 survey of large medical facilities, those that had full time chief security and privacy officers:
To help assure that health information stays secure and private, both the federal government and state governments have passed laws setting minimum standards to address this issue. The Health Insurance Portability and Accountability Act (HIPAA) of 1996, as subsequently amended, is the federal law that encompasses protection of PHI. Additionally each state has its own privacy and security law that in some cases may be more restrictive than the federal law. And more recently we have seen the raise of private actions to compensate individuals whose protected health information has been improperly disclosed.
Unfortunately, information regarding HIPAA regulation is fraught with ambiguities and complexity and in many cases, downright misinformation. This topic is often presented from in an esoteric way which makes it difficult to apply to everyday practice, leaving the practitioner without information with which to construct a plan and take specific actions to achieve and maintain compliance. Yet compliance is the defense an organization has to prevent and detect a breach of PHI. Additionally, when a breach does occur, OCR looks favorably on organizations which have made efforts to achieve and maintain compliance.
To start with HIPAA, (and for some providers, HITECH) requires both Covered Entities and their Business Associates comply with a series of Security and Privacy Regulations. The first step in this compliance is to conduct a Security Risk Assessment with attributes similar to those recommended by the National Institute Standards and Technology (NIST) in their publication 800-30. Additionally, where there are gaps in compliance uncovered by the results of the Security Risk Assessment, a Remediation Plan is required. The entity is then required to work through this Remediation Plan documenting steps taken to bring the organization into compliance.
This Risk Assessment is not a onetime event, but rather a continual process of improvements. To complicate the issue, as a way to accommodate all organizations, irrespective of size and resource availability, HIPAA has built into it a significant amount of flexibility in its implementation. Understanding where and when you have flexibility is an area fraught with misinterpretations. Embedded into the Risk Assessment process is the requirement to have or to develop a full host of policies and procedures, system documentation, and ongoing training.
When done correctly, this process will be seen by OCR and the state regulatory agencies as an affirmative defense when a breach occurs, and will influence the severity of the penalties and fines assessed by OCR and the state Attorneys General. The goal of this presentation is to provide a sufficient level of information to understand the issues surrounding HIPAA compliance, to be able to ask the right questions to select a service provider to assist in your HIPAA compliance, and understand what's involved in formulating and implementing an internal compliance program. We will also cover what things you should expect from a service provider, if you go that route, and what things you can or should keep in-house.
Why should you attend: In 2013 the Centers for Medicare and Medicaid Services conducted random audits of compliance under the HITECH Act. Failure rates were found to be in the high 90% range. Of the audited organizations, a full 80% did not even complete the required Security Risk Assessment. Only 20% of organizations had done the HIPAA required risk assessment which is a standard requirement under HIPAA! During the same period each of the audit failures found by the Office of Civil Rights (OCR) contained violations that would have been uncovered by conducting a Security Risk Assessment.
With OCR changes that went into effect in January 2013, willful failure to conduct this Security Risk Assessment carries with it a number of more onerous penalties, including an increase in the maximum fines that can be levied by 25%, or up to $1,500,000 per violation. Along with fines and penalties levied by OCR, organizations also face fines and penalties at the state level, private litigation, and business disruption issues amounting to almost 6 times the fines and penalties assessed by OCR. In 2014 ORC will begin its permanent random audit program. In its first year organizations will be audited at a rate of3 times the level that the IRS audits businesses for tax issues. Complying with the HIPAA Regulations will allow you to avoid both reputational and financial costs. This presentation will focus on those actionable items you can take to become and maintain your HIPAA compliance.
Areas Covered in the Session:
Overview of HIPAA/HITECH, state laws, and tort liabilities
Breakdown of costs associated with a HIPAA violation
Present a framework for compliance
What is required for a Security Risk Assessment
What is the Remediation Plan
What is required to meet the training requirements
Business Associate management
What to do if you suspect a protected health information breach has occurred
Documentation and document retention requirements
What to expect when you have a breach or are part of OCR's random audit program
Who Will Benefit:
CEO
COO
CFO
Human Resources
Chief Nursing Officer
Chief Clinical Officer
Practice Managers
Roger Shindell has more than 30 years of multidisipline experience in the areas of health care, elearning, marketing, finance, operations and information technology. Roger has worked in start-up, rapid growth and turnaround environments. Over his career, Roger has been both an advisor to and principal in a number of health care, technology and service companies.
Roger has a demonstrated ability to design and implement health care marketing and sales campaigns. He has also designed and implemented financial controls as well as managed inventory. A revered business strategist, Roger has been tapped to restructure and manage capital structures for several corporations.
MentorHealth
webinars-AT-mentorhealth.com
Phone No: 800-385-1607
FaX: 302-288-6884
Event Link: http://bit.ly/1c2SiMj
To help assure that health information stays secure and private, both the federal government and state governments have passed laws setting minimum standards to address this issue. The Health Insurance Portability and Accountability Act (HIPAA) of 1996, as subsequently amended, is the federal law that encompasses protection of PHI. Additionally each state has its own privacy and security law that in some cases may be more restrictive than the federal law. And more recently we have seen the raise of private actions to compensate individuals whose protected health information has been improperly disclosed.
Unfortunately, information regarding HIPAA regulation is fraught with ambiguities and complexity and in many cases, downright misinformation. This topic is often presented from in an esoteric way which makes it difficult to apply to everyday practice, leaving the practitioner without information with which to construct a plan and take specific actions to achieve and maintain compliance. Yet compliance is the defense an organization has to prevent and detect a breach of PHI. Additionally, when a breach does occur, OCR looks favorably on organizations which have made efforts to achieve and maintain compliance.
To start with HIPAA, (and for some providers, HITECH) requires both Covered Entities and their Business Associates comply with a series of Security and Privacy Regulations. The first step in this compliance is to conduct a Security Risk Assessment with attributes similar to those recommended by the National Institute Standards and Technology (NIST) in their publication 800-30. Additionally, where there are gaps in compliance uncovered by the results of the Security Risk Assessment, a Remediation Plan is required. The entity is then required to work through this Remediation Plan documenting steps taken to bring the organization into compliance.
This Risk Assessment is not a onetime event, but rather a continual process of improvements. To complicate the issue, as a way to accommodate all organizations, irrespective of size and resource availability, HIPAA has built into it a significant amount of flexibility in its implementation. Understanding where and when you have flexibility is an area fraught with misinterpretations. Embedded into the Risk Assessment process is the requirement to have or to develop a full host of policies and procedures, system documentation, and ongoing training.
When done correctly, this process will be seen by OCR and the state regulatory agencies as an affirmative defense when a breach occurs, and will influence the severity of the penalties and fines assessed by OCR and the state Attorneys General. The goal of this presentation is to provide a sufficient level of information to understand the issues surrounding HIPAA compliance, to be able to ask the right questions to select a service provider to assist in your HIPAA compliance, and understand what's involved in formulating and implementing an internal compliance program. We will also cover what things you should expect from a service provider, if you go that route, and what things you can or should keep in-house.
Why should you attend: In 2013 the Centers for Medicare and Medicaid Services conducted random audits of compliance under the HITECH Act. Failure rates were found to be in the high 90% range. Of the audited organizations, a full 80% did not even complete the required Security Risk Assessment. Only 20% of organizations had done the HIPAA required risk assessment which is a standard requirement under HIPAA! During the same period each of the audit failures found by the Office of Civil Rights (OCR) contained violations that would have been uncovered by conducting a Security Risk Assessment.
With OCR changes that went into effect in January 2013, willful failure to conduct this Security Risk Assessment carries with it a number of more onerous penalties, including an increase in the maximum fines that can be levied by 25%, or up to $1,500,000 per violation. Along with fines and penalties levied by OCR, organizations also face fines and penalties at the state level, private litigation, and business disruption issues amounting to almost 6 times the fines and penalties assessed by OCR. In 2014 ORC will begin its permanent random audit program. In its first year organizations will be audited at a rate of3 times the level that the IRS audits businesses for tax issues. Complying with the HIPAA Regulations will allow you to avoid both reputational and financial costs. This presentation will focus on those actionable items you can take to become and maintain your HIPAA compliance.
Areas Covered in the Session:
Overview of HIPAA/HITECH, state laws, and tort liabilities
Breakdown of costs associated with a HIPAA violation
Present a framework for compliance
What is required for a Security Risk Assessment
What is the Remediation Plan
What is required to meet the training requirements
Business Associate management
What to do if you suspect a protected health information breach has occurred
Documentation and document retention requirements
What to expect when you have a breach or are part of OCR's random audit program
Who Will Benefit:
CEO
COO
CFO
Human Resources
Chief Nursing Officer
Chief Clinical Officer
Practice Managers
Roger Shindell has more than 30 years of multidisipline experience in the areas of health care, elearning, marketing, finance, operations and information technology. Roger has worked in start-up, rapid growth and turnaround environments. Over his career, Roger has been both an advisor to and principal in a number of health care, technology and service companies.
Roger has a demonstrated ability to design and implement health care marketing and sales campaigns. He has also designed and implemented financial controls as well as managed inventory. A revered business strategist, Roger has been tapped to restructure and manage capital structures for several corporations.
MentorHealth
webinars-AT-mentorhealth.com
Phone No: 800-385-1607
FaX: 302-288-6884
Event Link: http://bit.ly/1c2SiMj
Other CFPs
- Scheduling a Successful Transition to Meet the 10-01-2014 Deadline
- Cosmeceutical Skin Delivery and Bioavailability
- Road Map to HIPAA Compliance
- Non-Employment, Non-Acquisition Financial Strategies for Hospitals to Align with Physicians
- HIPAA Regulations and the New OCR Guidance Memos: Cracking the Code
Last modified: 2014-01-10 16:04:26