HIPAA Security Policies and Procedures: What you Need for Compliance

Why Should You Attend:

If you are asked by the US Department of Health and Human Services to show that you are in compliance with the HIPAA security regulation, you will need to show that you have the proper policies and procedures in place as required by the rules, and that you have been using them.

This webinar will lay out a structure for the set of policies needed and identify the topic areas that policies should include, making it easier to deal with the dozens of policy details that are required.

Attend this webinar to find out what administrative, physical and technical safeguards are necessary and what policies they call for, and how you decide what’s right for HIPAA security compliance for your organization. This training will provide the background and details necessary to develop an understanding of the origins of the HIPAA security regulation and the process used in complying with the rule, which leads, inevitably, to the adoption of policies and procedures.

Learning Objectives:

• Learn how the HIPAA Security regulations fit into various security regulations and standards.
• Discover the process that can be used to manage your information security.
• Learn how risk analysis helps you prioritize your security efforts.
• Find out what safeguards must be considered in the HIPAA Security Rule.
• Find out about the expanded enforcement and auditing efforts now getting started.
• Discover how to organize your security policies so they are easier to use.
• Learn the topics that should be covered in a set of security policies.
• Find out how to organize your documentation so it can help you when you need it.
• Learn about proposed new regulations and how they relate to HIPAA Security compliance.

Areas Covered in the Seminar:

• Requirements for HIPAA Security Policies and Procedures.
  • Why We Need Policies and Procedures.
  • HIPAA Security General Rules and Flexibility.
  • The Information Security Management Process.
• What the HIPAA Security Rule Calls For.
  • Risk Analysis.
  • Safeguards.
• Security Policy Framework.
  • Information Security Management Process Policy.
  • Information System Access Management Policy.
  • Backup, Disposal, and Contingency Planning Policy.
  • Information System User Policy.
• Documentation, Enforcement, and Audits.
  • Documentation Requirements and Benefits.
  • New Enforcement and Penalties.
  • HIPAA Security Rule Audit Examples.
• Typical Issues.
  • Issues Reported by HHS OCR.
  • Lessons Learned.
  • Laundry List of Issues.

Free Handout:

A PDF of sample questions asked in previous HIPAA Security compliance audits.

Who Will Benefit:

• Information Security Officers
• Risk Managers
• Compliance Officers
• Privacy Officers
• Health Information Managers
• Information Technology Managers
• Medical Office Managers
• Chief Financial Officers
• Systems Managers
• Legal Counsel
• Operations Directors

Medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.) will benefit from this training.

Instructor Profile:

Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates.He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of Virginia, New York City, New York State, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania.

Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician.

Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Topic Background:

The HIPAA Security Rule, in place and as proposed in amendments going into effect in 2011, calls for all Covered Entities and Business Associates, and their subcontractors, to be in compliance with provisions protecting all kinds of electronic protected health information, including the adoption of a complete set of information security policies and procedures.

While many entities have gone through the processes necessary for HIPAA Security Rule compliance, many are only partially in compliance and have not adopted the policies and procedures necessary for compliance.  Many may be doing many of the right things for compliance, but have not documented their policies and procedures and compliance activities as required.  And many may be exposing themselves to potential breaches of security because of inadequate, undocumented security practices, policies, and procedures.

Now there are new, increased penalties for HIPAA violations and a new auditing process is being developed so that HIPAA covered entities will be subject to reviews by the US Department of Health and Human Services' Office for Civil Rights even if no one files a complaint.

If you haven't done what's required under the HIPAA Security Rule, you could be liable for willful neglect penalties that begin at $10,000 minimum and go up from there.  You need the proper protections to secure protected health information, and the necessary documented policies and procedures, as well as documentation of any actions taken pursuant to your policies and procedures.

What's more, with the breach notification regulations established in 2009, the costs of not properly securing your data have increased dramatically.  With the ever-increasing use of electronic records and systems, and changes in how you do business, now is the time to review and renew your information security program, make sure you have the policies you need, and avoid violations and penalties for non-compliance.  Having the right policies and procedures in place can help prevent problems, and show that you've been doing your best even if a problem arises.

Follow us :