Webinar Pack Price
Offer Price: US$1,384.50
You Save: US$1,384.50 (50%)*
Regular Price: US$2,769.00

Webinar Packs Access recorded version only for one participant; unlimited viewing for 6 months.
(For Customize Webinar Packs Please Call Customer Care)

Instructor : Kelly McLendon
Product Id : 20181PACK

Overview: This course addresses the newly released OCR (Office for Civil Rights) Phase 2 Audit Program. The rules and protocols have been released and the audit process has started. All covered entities (CE) and business associates (BA), literally anyone that accesses, uses or discloses PHI (Protected Health Information) needs to be aware of this new audit program. Potentially OCR can review up to 180 different areas of the HIPAA privacy, security and breach rules. This presentation reviews the detailed processes OCR will use for the audits along with examples of the protocols and how to be prepared for an OCR audit.

It's important to be prepared because even if not selected for an OCR audit, any privacy or security complaint could trigger the same types of questions and requests for documentation during the investigation.

Why should you Attend:
  • How the Phase 2 audit program builds upon the 2012 Pilot audit program
  • etails about the sites to be selected for an audit
  • Initial indicators that an audit may be eminent
  • Timeframes for sites being audited
  • Examples of privacy, security and breach audit protocols
  • Continued analysis of the protocols to bring the audience the latest information about the questions and required documents OCR are using in the audits
  • How to prepare a compliance program for an OCR audit or investigation by lowering overall privacy and security risk

Areas Covered in the Session:
  • History of the OCR audit programs
  • The processes and rules surrounding the 2016 OCR audit program
  • Examples of privacy, security and breach audit protocols
  • Steps to take in preparation for an OCR audit

Who Will Benefit:
  • Privacy Officers
  • Security Officers
  • Compliance Officers
  • HIM Managers
  • Practice Managers
  • CIO
  • General Counsel
  • Physicians
Kelly McLendon RHIA, CHPS (credentialed in medical records management and healthcare privacy and security) has been involved in HIM since the beginning and his 36-year career spans nearly the entire realm of HIM. His expert knowledge comes from working on many sides of HIM, including management, vendor and consultant roles. Throughout his career, he has worked with both AHIMA and FHIMA (Florida) in various positions ranging from FHIMA Director to the Chair of numerous committees and workgroups. These include serving as an expert for AHIMA on Legal Health Records, Meaningful Use and the Privacy and Security Practice Council. Kelly’s accolades include a Triumph Visionary award and two Literary Awards from AHIMA, the Distinguished Member and Literary Awards for FHIMA.

Kelly is a nationally sought after speaker, performing dozens of engagements annually on a wide range of subjects including privacy, security, legal health records, meaningful use, CDI and the ICD-10 coding transition.
Instructor : Jay Hodes
Product Id : 20181PACK

Overview: Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the understanding the fundamentals of a HIPAA compliance.

If your healthcare practice, business, or organization needs to understand how to be prepared for a HIPAA audit and to make sure your current safeguards are adequate and can withstand government scrutiny, please join us for this informative and interactive course.

Why should you Attend: All most 120,000,000 individuals were affected by HIPAA data breaches in 2015. This is a significant reason why Congress has inquired about the recent and very sizeable increases in cyber-attacks that inflect the risk of medical identity theft. And with the Phase 2 Audit program underway, selected Covered Entities will soon receive written notifications they are going to be audited.

Attendees will leave the course clearly understanding of all the requirements that must be in place for HIPAA and how to demonstrate compliance if audited. After completing this course, a Covered Entity or Business Associate will be able to know what needs to be place when it comes to all of the HIPAA regulations.

Areas Covered in the Session:
  • Why was HIPAA created?
  • hat are the HIPAA Security and Privacy Rules?
  • What is a HIPAA Risk Management Plan?
  • What is meant by "Required" and "Addressable" Implementation Specifications?
  • What are Administrative, Technical, and Physical Safeguards Requirements?
  • What is a HIPAA Risk Assessment?
  • What are HIPAA training requirements?
  • What is a HIPAA data breach and what happens if it occurs?
  • What are the penalties and fines for non-compliance and how to avoid them?
  • Preparing for a HIPAA Audit
  • Creating a Culture of Compliance
  • Questions

Who Will Benefit:
  • Compliance Officer
  • HIPAA Privacy Officer
  • HIPAA Security Officer
  • Medical/Dental Office Managers
  • Practice Managers
  • Information Systems Manager
  • Chief Information Officer
  • General Counsel/lawyer
  • Practice Management Consultants
  • Any Business Associates that accesses protected health information
  • IT Companies that support Medical/Dental practices or other healthcare organizations

Jay Hodes president of Colington Security Consulting, LLC, which provides HIPAA consulting services for healthcare providers and business associates. Mr. Hodes has over 30 years of combined experience in risk assessments, site security evaluation, regulatory compliance, policy and procedures assessments, and federal law enforcement management. He is the former Assistant Inspector General for Investigations at the U.S. Department of Health and Human Services.

Mr. Hodes has been the keynote speaker and provided presentations regarding HIPAA compliance to a number of professional healthcare organizations. He has published over 30 educational articles regarding HIPAA compliance, been featured in Part B news articles and provided a guest post for the Electronic Health Reporter.
Instructor : Alice McCart
Product Id : 20181PACK

Overview: The webinar will explain the process for covered entities and business associates to use to draft, adopt, and implement HIPAA compliance policies. The webinar will begin with a discussion of how to decide, using a gap analysis and a risk analysis, what policies the organization needs, including required, addressable, and other policies. Then, the webinar will cover writing a policy. Writing a policy is easier than one may think. It is a three-step process: researching, drafting, and revising.

This webinar will teach you to ask questions, solicit help, collect samples, keep the principles of substance, organization, coherence, style, and correctness in mind while you are drafting, send your draft out for review, incorporate comments, implement the policy, and repeat as necessary. The prospect of developing and writing perhaps as many as 70 policies to attain HIPAA compliance may still seem daunting, but this webinar will teach you how to make a checklist, take it step by step, and enlist the help of others when you need it.

Why should you attend: The majority of the DHHS civil money penalties and settlements in lieu thereof involve, sometimes with other violations, failure to perform a written risk analysis, failure to develop required policies, and failure to conduct adequate HIPAA training. These penalties usually are in the seven-figure range.

Failure to conduct a written risk analysis, adopt required policies, or conduct required training qualifies as "willful neglect," which carries the highest civil money penalty ("CMP") and which penalty cannot be waived by DHHS as can violations due to a reasonable cause. DHHS entered into a settlement with Massachusetts General Hospital for $1 million for a breach involving leaving paper PHI records on a subway. The sanction was because Massachusetts General had not trained its workforce on proper security for PHI taken offsite and did not have a work-at-home policy. Significantly, HIPAA does not even mention working at home, much less specifically require such a policy.

Areas Covered in the Session:
  • Preliminaries
    • Learn how to decide which policies to write and adopt, using gap analysis and risk analysis
    • Learn which policies are required and which are addressable
    • Learn about other policies that your organization may need that are not mentioned in the HIPAA regulations but that organizations have nonetheless been fined for not having
  • Researching
    • Ask questions. Learn why you need to nail down the answers to at least 12 questions before you try to write a policy and how to do so
    • Solicit help. Learn whom to solicit help from both within and outside your organization and when and why and how
    • Collect samples. Learn what samples to collect and from whom
  • Drafting
    • Substance. Learn what substance means and how to achieve it
    • Organization. Learn how to draft a clear beginning, a clear middle, and a clear end
    • Coherence. Learn how to connect your ideas so that readers will not have to wonder where something came from or why
    • Style. Learn how to write for your target audience as simply and clearly as possible
    • Correctness. Learn how to get rid of the static in your writing
  • Revising
    • Review. Learn whom to contact to review your drafts
    • Incorporate. Learn how to resolve disputes and incorporate changes
    • Implement. Learn how to lay out a plan for implementation of the policy, including publishing, distribution, implementing (and perhaps even training the workforce on the policy), and schedule for annual review and revision, if necessary
  • Questions and answers

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager
Alice M. McCart has been an editor for more than three decades and an attorney admitted to practice law in Illinois since 1993. She has master’s degrees in teaching and journalism and enjoys freelance editing, tutoring, and teaching effective writing to adults. She has held positions in the federal government, in professional associations, in the corporate world, in private law practice, and in HIPAA consulting.

She now lives and works in Overland Park, Kansas, with the law firm of Tomes & Dvorak, Chartered, the HIPAA consulting firm EMR Legal, Inc., and the publishing company Veterans Press, Inc. Also owned by Jonathan P. Tomes and Richard D. Dvorak, EMR Legal is a national HIPAA consulting firm that provides consulting services for clients ranging from a large county government, with different health entities that need HIPAA compliance help, to a small transcription service.

The EMR Legal team has provided consultation to more than 1,000 clients regarding health care regulations since 1998. Veterans Press publishes HIPAA compliance books, CDs, and other tools by Jonathan P. Tomes and others, including The Compliance Guide to HIPAA and the DHHS Regulations and its accompanying HIPAA Documents Resource Center CD, both in their 5th edition (6th edition forthcoming 2014), an integral part of the HIPAA Compliance Library, and his latest two books, The Complete HIPAA Policies and Procedures Guide, with accompanying HIPAA Compliance Sample Policies and Procedures CD, and Your Happy HIPAA Book, among many other books and HIPAA compliance tools, all of which Alice McCart has edited.
Instructor : Howard Jones
Product Id : 20181PACK

Overview: Discussions, presentation, and webinars regarding HIPAA regulations are usually addressed from the perspective of what the regulations entail, the necessity of compliance with the regulations, and the consequences of willful neglect or non-compliance. This presentation addresses HIPAA regulations from a different perspective - from a personal perspective - from the perspective of the person in charge of moving an organization or facility toward full compliance with HIPAA. The by-product of this presentation will be both an understanding of, and a detailed job description for, a position mandated in the regulations - the HIPAA Security/Privacy Officer.

Why should you attend: The HIPAA regulations are numerous, complicated, often vague, and affect every person working in a healthcare facility. Compliance with HIPAA will require a unique individual to lead the charge - an individual whose education, background, experience, and demonstrated skill sets offer the opportunity for that person to succeed in achieving the goals of that position. This is a new position to most healthcare facilities. So understanding who this person should be, what is required of the person with this job title, and with whom this person will interface is vital to every healthcare organization with the goal of achieving full compliance with HIPAA.

Areas Covered in the Session:
  • Position goals
  • Position requirements (education, experience, skill sets, etc.)
  • Position responsibilities
  • Stay abreast of regulations
  • Initiate compliance with HIPAA (according to regulations)
  • Ensure continuous progress toward full compliance
  • Develop appropriate security/privacy policies & procedures
  • Oversee and deliver appropriate training programs to all employees
  • Track compliance with HIPAA regulations at the facility & individual levels
  • Track access to PHI
  • Investigate and resolve HIPAA violations
  • Apply sanctions to HIPAA violators
  • Manage any information security personnel
  • Prepare a department budget
  • Hold Business Associates accountable for their own compliance with HIPAA and the list goes on

Who Will Benefit:
  • Someone interested in becoming a HIPAA Security/Privacy Officer
  • Someone who will make the decision for Hiring a Person for this Position
  • Practice/Hospital Administrators
  • MDs and Healthcare Professionals
  • IT Professionals
  • Facility managers
  • Business Associates of Healthcare Facilities
  • Attorneys
  • Any person who deals directly or indirectly with PHI
Howard Jones has been an independent consultant to physicians and hospitals since 1980. He has provided services related to practice management and regulatory compliance issues, selection of billing/EMR systems, and the design of EMR templates for practices and EMR vendors. He has focused on providing services related to healthcare regulations since 1992.

He is the author of a 1992 manual called the Physicians' Medicare Coding/Documentation Guide. This publication served as the handout for a training seminar he developed to assist physicians in learning how to be compliant with the new E&M coding and documentation guidelines introduced in 1992.

He is currently the President of Compliance Checkup LLC, a business that has develop a new and "disruptive" technology – a Cloud-based Regulatory Education, Testing, & Compliance Tracking System available to any healthcare provider or facility in the world.
Instructor : Paul R. Hales
Product Id : 20181PACK

Overview: This lesson is designed to enable your Organization to perform a complete Risk Analysis of all PHI it creates, receives, maintains or transmits in any format. You will understand and identify threats, vulnerabilites and risks to your organization's PHI wherever it is located.

This program will explain, clarify, and demonstrate how to do a Risk Analysis in 6 complete steps
  • Location
  • Implementation Specifications
  • Threats and Vulnerabilities
  • Risks
  • Action Steps
  • Documentation

Why should you attend: No wonder HHS found 80% of health care providers failed to do the Risk Analysis. HIPAA violations are increasing dramatically. 2015 was the "Year of the Breach". Expect both increased government enforcement and private lawsuits. This program is specifically designed to protect your organization by explaining and de-mystifying HIPAA Risk Analysis.

Areas Covered in the Session:
  • HIPAA Risk Analysis Explained In A Clear Concise Step-by-Step Process
  • Creating Your HIPAA Compliance Program Directly From Your HIPAA Risk Analysis

Who Will Benefit:
  • HIPAA Compliance Officials
  • Marketing - Patient Relations Manager
  • Health Care Practice Manager
  • Risk Manager - Compliance Manager
  • Information Systems Manager
  • Legal Counsel
Paul R. Hales received his Juris Doctor degree from Columbia University Law School and is licensed to practice law before the Supreme Court of the United States. He is an expert on HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis. Paul is the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and business associates.
Instructor : Jim Sheldon Dean
Product Id : 20181PACK

Overview: This session will focus on the rights of individuals to communicate in the manner they desire, and how a medical office can decide what is an acceptable process for communications with individuals. The session will explain how to discuss communications options with individuals so that you can best meet their needs and desires, while preserving their rights under the rules.

li>With the new HIPAA random audit program now getting under way, and increases in enforcement actions following breaches, now is the time to ensure your organization is in compliance with the regulations and meeting the e-mail and texting communication needs and desires of its providers and patients. You need the proper privacy protections for health information, and the necessary documented policies and procedures, as well as documentation of any actions taken pursuant to your policies and procedures. Your policies and procedures may need revisions to maintain compliance in areas such as individual access of records and breach notification. And, of course, you will need to train your staff in all the new policies and procedures.
  • E-mail has long been a staple of people's lives, but as we move into the new digital age, it seems everyone is moving to a new smart phone and wants to use it in all the incredible ways it can be used for health care purposes, including the use of e-mail and texting. Doctors are finding that texting is far more flexible, convenient, and effective than paging, and patients want to be able to use short message texting for handling of appointments, updates, and the like, where even e-mail or the telephone would seem inconvenient.
  • In order to integrate the use of e-mail and texting into patient communications, it is essential to perform the proper steps in an information security compliance process to evaluate and address the risks of using the technology. This session will describe the information security compliance process, how it works, and how it can help you decide how to integrate e-mail and texting into your organization in a compliant way. The process, including the use of information security risk analysis, will be explained, and the policies needed to support the process will be described.
  • But the process must also include consideration of various patient access requirements in the HIPAA Privacy Rule. There are requirements to provide patients electronic access of electronically held PHI which raise new questions of how that access will be provided and how the information will be protected during and after access. There has long been a HIPAA requirement for covered entities to do their best to meet the requests of their patients for particular modes of communication, and using e-mail or texting is no exception.
  • The stakes are high - any improper exposure of PHI may result in an official breach that must be reported to the individual and to the US Department of Health and Human Services, at great cost and with the potential to bring fines and other enforcement actions if a violation of rules is involved. Likewise, complaints by a patient if they are not afforded the access they desire can bring about HHS inquiries and enforcement actions, so it is essential to find the right balance of access and control.
  • HHS compliance audit activity and enforcement penalties are both increased, especially in instances of willful neglect of compliance, if, for instance, your organization hasn't adopted the complete suite of policies and procedures needed for compliance, or hasn't adequately considered the impact of e-mail or texting on your compliance.
  • The session will discuss the requirements, the risks, and the issues of the increasing use of e-mail and texting for patient and provider communications and provide a road map for how to use them safely and effectively, to increase the quality of health care and patient satisfaction. In addition, the session will discuss how to be prepared for the eventuality that there is a breach, so that compliance can be assured.

  • Why should you attend:
    • Now that requirements for allowing patients electronic access to their health information are in effect, and as patients increasingly come to depend on electronic communications, there are new demands for communication via e-mail and texting. Patients don't want to bother with secure Web-site-based solutions, they just want to use the tools they already use for communication, and they have a right to communicate how they wish.
    • How can HIPAA requirements for privacy and security be reconciled with patient requests for information provided by e-mail and text messages? This session will discuss the differences between professional communications and patient communications, and how they must be treated to best serve patients, most efficiently enable communications, and remain within the bounds of HIPAA compliance.
    • The HIPAA Omnibus Update rules contained numerous changes to HIPAA Privacy, Security, and Breach Notification rules that affect communication with patients and clients of health care services, who often ask to communicate with health care offices via e-mail or text message. Many of the policies and procedures in place at every health care-related organization should have been reviewed and updated to meet the new requirements. Organizations need to understand the various ways that health care communications can take place, and how patient communications fit in with the HIPAA rules. They need to design and implement a patient communication policy and plan, and train their staff on it, or they may face significant new fines for noncompliance.
    • E-mail and texting present new challenges to health care providers, as there are simultaneously new requirements to share information with patients, and a new enforcement effort to ensure the privacy and security of Protected Health Information (PHI). Meeting both challenges requires careful consideration of all the regulations and technologies, as well as patient preferences and work flow.
    • Most HIPAA covered entities now face difficult choices between compliance and ease of communication. Most organizations haven't updated their information security risk analysis or policies and procedures and run the risk of breaches, rule violations, and fines in the event of mishandling of PHI using these new technologies.

    Areas Covered in the Session:
    • Find out the ways that patients want to use their e-mail and texting to communicate with providers, and the ways providers want to use e-mail and texting to enable better patient care
    • Learn what are the risks of using e-mail and texting, what can go wrong, and what can result when it does
    • Find out about HIPAA requirements for access and patient preferences, as well as the requirements to protect PHI
    • Learn how to use an information security management process to evaluate risks and make decisions about how best to protect PHI and meet patient needs and desires
    • Find out what policies and procedures you should have in place for dealing with e-mail and texting, as well as any new technology
    • Learn about the training and education that must take place to ensure your staff uses e-mail and texting properly and does not risk exposure of PHI
    • Find out the steps that must be followed in the event of a breach of PHI
    • Learn about how the HIPAA audit and enforcement activities are now being increased and what you need to do to survive a HIPAA audit

    Who Will Benefit:
    • Compliance Director
    • CEO
    • CFO
    • Privacy Officer
    • Security Officer
    • Information Systems Manager
    • HIPAA Officer
    • Chief Information Officer
    • Health Information Manager
    • Healthcare Counsel/lawyer
    • Office Manager
    Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

    Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

    Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
    Instructor : Brian Tuttle
    Product Id : 20181PACK

    Overview: This lesson will be going into great detail regarding you practice or business information technology and how it relates to the HIPAA Security Rule, in particular portable devices. Areas covered will be texting, email, encryption, medical messaging, voice data and risk factors as they relate to IT. I will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors.

    I will also speak to real life audits conducted by the Federal government (I’ve been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures.

    Don’t always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required.

    Why should you Attend: HIPAA NOW HAS TEETH! Be prepared for what’s new in 2016! Protect your practice or business! What factors might spurn a HIPAA audit? …are you doing these things? Why are the Feds enforcing after all these years?

    It is important to understand the new changes going on at Health and Human Services as it relates to enforcement of HIPAA for both covered entities and business associates as it relates to portable devices, texting, and emailing of PHI. You need to know how to avoid being low hanging in terms of audit risk as well as being sued by individuals who have had their PHI wrongfully discloses due to bad IT practices. I have also been expert witness on multiple court cases where a business or medical practice is being sued for not doing their due diligence to minimize risk.

    Areas Covered in the Session:
    • Updates for 2016
    • BYOD
    • Portable devices
    • Business associates and the increased burden
    • Emailing of PHI
    • Texting of PHI
    • Federal Audit Process

    Who Will Benefit:
    • Practice Managers
    • Any business associates who work with medical practices or hospitals (i.e. billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc)
    • MD’s and other medical professionals
    Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 18 years' experience in Health IT and Compliance Consulting. With vast experience in health IT systems (i.e. practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 18 years’ experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as compliance consultant and has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.

    In addition, Mr Tuttle has served in multiple litigated court cases serving as an expert witness offering input related to best practices and requirements for securing and providing patient access to protected health information. Mr. Tuttle has also worked directly with the Office of Civil Rights (OCR) both in defending covered entities and business associates as well as being asked by the Federal government to audit covered entities and business associates on behalf of the OCR. Almost all of Brian’s clients are earned by referral with little or no advertising.

    Brian is well known and highly regarded in medical circles throughout the United States for his quality work and down home southern charm Mr Tuttle has a Master's Degree in Health Sciences from Georgia State University and works nationally out of Kennesaw, GA