HIPAA Omnibus Update Rule - What it Means for Security and Breach Compliance
Wednesday, December 11, 2013 from 10:00 AM to 11:30 AM (PST)
This training on HIPAA omnibus rule will focus on the HIPAA Security Rule requirements and the new breach determination requirements in the updated HIPAA Breach Notification Rule, and show how the two are related in a good compliance program. Attendees will also learn best practices to prepare for HIPAA audit.
Why Should You Attend:
This webinar will cover the requirements for risk analysis and assessment in the HIPAA rules and provide a framework for analysis of risks for compliance with HIPAA Security Rule requirements (in §164.308(a)(1)) and the new breach determination requirements in the updated HIPAA Breach Notification Rule, and show how the two are related in a good compliance program. It will show how to go about assessing your risks and organizing your compliance plan, and show how having that information makes it easier to assess risks in the event of a breach.
For the Security Rule, this session will explain what is called for in the rule and show a way to approach the work in an organized way that saves effort and produces meaningful results, with examples of how to conduct the risk analysis.
For the updated Breach Notification Rule, the instructor will explain how the new process differs from the old “harm standard” that has been removed from the rule. If none of the defined exceptions for notification apply, the breach is reportable unless you can show, by a risk analysis, that there is a “low probability of compromise.” The risk analysis must include at least four factors:
- What the data is, how well identified is it, and how sensitive it is
- To whom the data was improperly disclosed
- Whether or not the information was actually viewed or accessed
- How the breach was mitigated.
Issues with any one of the four factors can require reporting the breach. The instructor will explain how to consider these factors.
This webinar will also include information on HIPAA Audits and how to be prepared to show that you have the right policies and procedures in place and are using them. To withstand random audits and investigations of non-compliance that may result from a breach report or complaint, thorough documentation of compliance-related activity is required. The instructor will explain how to document your compliance using the HIPAA Audit Protocol as a guide, so you can be sure to avoid trouble if HHS asks questions about your compliance.
Areas Covered in the Webinar:
- The requirements of the HIPAA Security Rule
- The elements of a HIPAA Security Risk Analysis
- The significant changes to the HIPAA Breach Notification Rule
- Use of Risk Analysis in the new HIPAA Breach Notification process.
- A framework of security policies.
- Typical policy considerations for laptops and portable devices, and their security
- How to use Risk Analysis to deal with difficult compliance issues, such as texting and social networking.
- Tools to be used for policy management and documentation.
- How to adopt policies, train on them, and conduct drills on them.
- The HIPAA Audit Protocol, and its use as a compliance tool
Who Will Benefit:
This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:
- Compliance director
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Compliance Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Mr. Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
At ComplianceOnline, we are focused on :
- Enhancing global compliance, creating a world where quality and compliance professionals, regulators, and government agencies come together to help the world comply with the intent and the spirit of laws, policies and mandates, ensuring continuous improvement in global operations, quality & safety.
- Making sure that we are responsible corporate citizens helping our constituents build a more responsible enterprise, one which operates with high quality , under a code of ethics, and with process discipline to ensure greater shareholder returns.
- Keeping things simple and straight forward , so that we all can indeed improve the quality of our processes, our work, our businesses and enhance compliance globally.
- Being inclusive, giving the process experts ( & novices! ), compliance professionals, quality champions, and regulatory agencies a voice so that all of us can contribute and make a difference.