Conference Description:

HIPAA Security and Breach Rule Compliance- Understanding Risk Analysis, Policies and Procedures and Managing Incidents


*** LIMITED TIME OFFER: FREE $100 AMAZON GIFT CARD! ***REGISTER TODAY!

With the recent implementation of new HIPAA regulations in the HIPAA Omnibus Update of 2013, healthcare organizations are reviewing their compliance and making sure they have the proper policies, procedures, and forms in place. HIPAA Security Officers have been renewing their compliance activities and reviewing their documentation to make sure they can meet the challenges of the new rules and avoid breaches and penalties for compliance violations.

This seminar is designed to provide intensive, two-day training in HIPAA Security and Breach Notification Rule compliance, including:

What’s new in the regulations?
What’s changed recently?
What needs to be addressed for compliance by covered entities and business associates?
What are the most important security issues?
What needs to be done for HIPAA compliance?
What can happen when compliance is not adequate?

This session will also explain HIPAA Security safeguards and the role of risk analysis in effectively evaluating and implementing Security Rule compliance. Audits and enforcement will be explained, as well as security breaches and how to prevent them. Numerous references and sample documents will be provided.


Seminar Fee Includes:
Lunch
AM-PM Tea/Coffee
Seminar Material
USB with seminar presentation
Hard copy of presentation
Attendance Certificate
$100 Gift Cert for next seminar

Learning Objectives:

Understand the structure of the HIPAA Regulations and how they work together
Learn what has changed in the rules based on the HIPAA Omnibus Update Rule
What has to be modified to meet the new rules and how to interpret them
Understand how to use Risk Analysis to make compliance decisions
Know what safeguards must be considered to provide security for health information
Understand what makes a good information security policy
Know how to respond to breaches and violations of Privacy and Security rules
Work through practical examples of risk analysis
Learn how to deal with the modern portable technologies and communication methods
Understand how to use policies, documentation, training, and drills to prepare for audits and incidents, and achieve good compliance


Who will Benefit

This seminar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:

Compliance director
CEO
COO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Contracts Manager


AGENDA

Day 01(8:30 AM - 4:30 PM)

Registration Process: 8:30 AM – 9:00 AM
Session Start Time: 9:00 AM

Day one sets the stage with an overview of the HIPAA regulations and then continues with presentation of the specifics of Breach Notification, the Security Rule, recommended policies and procedures, how to be prepared for HIPAA audits, and principles and methods of risk analysis for Security Rule and Breach Notification compliance.
Overview of HIPAA Regulations
The Origins and Purposes of HIPAA
Privacy Rule History and Objectives
Security Rule History and Objectives
Breach Notification Requirements, Benefits, and Results
HIPAA Security Rule Principles
General Rules and Flexibility Provisions
The Role of Risk Analysis
Security Safeguards
Training and Documentation
HIPAA Security Policies and Procedures and Audits
HIPAA Security Policy Framework
Sample Security Policy Content
Recommended Level of Detail for Policies and Procedures
The New HIPAA Compliance Audit Protocol
Risk Analysis for Security and Breach Notification
Principles of Risk Analysis for Information Security
Analyzing Risks for Determination of Breach Notification
Risk Analysis Methods
Risk Analysis Example

Day 02(8:30 AM - 12:30 PM)

Day two begins with a discussion of typical security issues and means for avoiding breaches and meeting compliance requirements when it comes to modern technologies, such as texting, e-mail, and social media. Finally, the day concludes with a session on the essential activities of documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits.
Risk Mitigation, Breach Prevention, and Compliance Remediation
Typical Security Risks and Preventing Breaches
Social Media, Texting, e-mail, and Privacy
Dealing with Portable Devices and Remote Access
Compliance Planning
Documentation, Training, Drills and Self-Audits
How to Organize and Use Documentation to Your Advantage
Training Methods and Compliance Improvement
Conducting Drills in Incident and Breach Response
Using the HIPAA Audit Protocol for Documentation and Self-Auditing


SPEAKER

Jim Sheldon-Dean,
Principal and Director of Compliance Services, Lewis Creek Systems, LLC

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Mr. Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

He has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.


Please contact the event manager Marilyn ([email protected] ) below for:
- Multiple participant discounts
- Price quotations or visa invitation letters
- Payment by alternate channels (PayPal, check, Western Union, wire transfers etc)
- Event sponsorships