Webinar Pack Price
Offer Price: US$1,205.50
You Save: US$1,205.50 (50%)*
Regular Price: US$2,411.00

Webinar Packs Access recorded version only for one participant; unlimited viewing for 6 months.
(For Customize Webinar Packs Please Call Customer Care)

Instructor : Kelly McLendon
Product Id : 20184PACK

Overview: This course addresses the newly released OCR (Office for Civil Rights) Phase 2 Audit Program. The rules and protocols have been released and the audit process has started. All covered entities (CE) and business associates (BA), literally anyone that accesses, uses or discloses PHI (Protected Health Information) needs to be aware of this new audit program. Potentially OCR can review up to 180 different areas of the HIPAA privacy, security and breach rules. This presentation reviews the detailed processes OCR will use for the audits along with examples of the protocols and how to be prepared for an OCR audit.

It's important to be prepared because even if not selected for an OCR audit, any privacy or security complaint could trigger the same types of questions and requests for documentation during the investigation.

Why should you Attend:
  • How the Phase 2 audit program builds upon the 2012 Pilot audit program
  • etails about the sites to be selected for an audit
  • Initial indicators that an audit may be eminent
  • Timeframes for sites being audited
  • Examples of privacy, security and breach audit protocols
  • Continued analysis of the protocols to bring the audience the latest information about the questions and required documents OCR are using in the audits
  • How to prepare a compliance program for an OCR audit or investigation by lowering overall privacy and security risk

Areas Covered in the Session:
  • History of the OCR audit programs
  • The processes and rules surrounding the 2016 OCR audit program
  • Examples of privacy, security and breach audit protocols
  • Steps to take in preparation for an OCR audit

Who Will Benefit:
  • Privacy Officers
  • Security Officers
  • Compliance Officers
  • HIM Managers
  • Practice Managers
  • CIO
  • General Counsel
  • Physicians
Kelly McLendon RHIA, CHPS (credentialed in medical records management and healthcare privacy and security) has been involved in HIM since the beginning and his 36-year career spans nearly the entire realm of HIM. His expert knowledge comes from working on many sides of HIM, including management, vendor and consultant roles. Throughout his career, he has worked with both AHIMA and FHIMA (Florida) in various positions ranging from FHIMA Director to the Chair of numerous committees and workgroups. These include serving as an expert for AHIMA on Legal Health Records, Meaningful Use and the Privacy and Security Practice Council. Kelly’s accolades include a Triumph Visionary award and two Literary Awards from AHIMA, the Distinguished Member and Literary Awards for FHIMA.

Kelly is a nationally sought after speaker, performing dozens of engagements annually on a wide range of subjects including privacy, security, legal health records, meaningful use, CDI and the ICD-10 coding transition.
Instructor : Gail Madison Brown
Product Id : 20184PACK

Overview: Participants will understand the importance of responding to the OCR pre-audit requests and how to respond. Our discussion will cover how to prepare for an anticipated OCR HIPAA privacy audit, by discussing how to conduct an internal self-assessment of your privacy program. We will discuss how to conduct the self-assessment, whether it be the need for policies, procedures or obtaining all of your business associates information.

Why should you Attend: If you have received a request from the OCR to provide the name of your entities privacy official and additional criteria, you are already aware that you are on the OCR’s radar and may be the focus of an audit. If you haven’t received a request yet, anticipate receiving one soon. In addition to ensuring that your HIPAA program is audit ready, you also need to ensure that you know all of your business associates and have their information readily available to provide to the OCR. Your entity needs to be ready now, as the OCR will either conduct focused desk audits, on-site audits or both in effort to review documentation of evidence of your compliance with the HIPAA regulation.

Areas Covered in the Session:
  • Office of Civil Rights "OCR" requests for privacy official and additional information and timeline for response
  • Internal assessment criteria of privacy program in anticipation of an OCR audit
  • Conducting the assessment using the template based upon HIPAA regulations
  • Discuss methods to address any found deficiencies
  • Workforce training


Who Will Benefit:
  • Healthcare providers
  • Compliance and Internal Audit professionals or office staff responsible for ensuring patient privacy
  • Healthcare Administrators
  • Business Associates and all HIPAA Covered Entities
Gail Madison Brown has extensive experience in healthcare compliance and privacy. Gail has over 25 years of experience as a registered nurse and is also a licensed attorney. She has provided numerous teachings relating to healthcare compliance, including HIPAA.
Instructor : Srini Kolathur
Product Id : 20184PACK

Overview: Section 13411 of the Health Information Technology for Economic and Clinical Health (HITECH) Act, requires Health and Human Services (HHS) to conduct periodic audits of providers and business associates to ensure their compliance with the HIPAA Security and Privacy Rule, and breach notification standards. To implement this mandate, the Office of Civil Rights (OCR) has conducted HIPAA/HITECH audit program with KPMG of 115 health care organizations to assess privacy and security compliance. This webinar will focus on the implementation and tracking of HIPAA audit best practices in a healthcare setup in order to prepare for the federal audit using published OCR audit protocols.

Every audit begins with interviews, a questionnaire, and a thorough policy and procedures review. Presenter, with his decades of knowledge in the compliance, legal, auditing and security areas, will walk the attendees through the audit process, documentation requirements, and implementation specifications of the HIPAA privacy, security and breach rules. This presentation not only provides opportunity for the participants to prepare for the federal HIPAA audit but also to improve the security posture of their organizations by adopting to changing technology (mobile, social media, Health Information Exchange(HIE), cloud services, etc.) and threat landscape perspective as well. This presentation will uncover reasons why many health information breaches are occurring and help organizations better secure and comply with electronic protected health information by meeting the required and addressable HIPAA/HITECH security rules.

The presenter will also share the best practices used for HIPAA security implementation and continuous risk assessment which is considered as "due diligence" by auditors for the HIPAA security compliance program.

Areas Covered in the Session:
  • Healthcare Technology Adoption/Trends
  • Healthcare Regulatory (HIPAA/HITECH) and OCR/HHS Audit Overview
  • Differences between HIPAA and HITECH Regulations
  • Confidentiality, Integrity and Availability (CIA) &ePHI Data Elements
  • HIPAA/HITECH Security, Privacy and Breach Requirements
  • OCR Audit Protocol
  • Patient Data Privacy, Security and Breach Procedures
  • Step-by-step guide preparation techniques
  • Sample policies
  • Risk Assessment questionnaire for protecting electronic health information
  • Checklist

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager
Srini Kolathur , HITPro, CISSP,CISA, CISM, MBA is a result-driven leader. He has several years of experience in helping companies effectively meet and exceed regulatory compliance requirements including SOX, PCI, HIPAA, etc. by using best practices. For the last several years, he has been actively involved in Sarbox controls implementation, PCI-DSS, GRC and internal audit functions in the critical general IT control areas. As internal compliance and audit liaison project manager for Cisco infrastructure group, Srini has managed compliance and automation projects, including developing tracking systems for monitoring privileged user access. Srini has been involved in providing training to staffs at small practices and hospitals so they can effectively comply with HIPAA/HITECH and meaningful use security requirements by using NIST risk assessment framework, HHS HIPAA checklist and best practices for IT assessment.

Srini graduated with an executive MBA degree from Kenan-flagler business school at UNC Chapel Hill. Srini is very active in the local ISACA and ISSA chapters. Srini believes in and advocates best practices-based security and compliance program to achieve business objectives. Srini has a long and successful track record of bringing in projects on time and on budget, and developing high performance teams, while boosting technicaland business expertise, and maintaining high morale.
Instructor : Brian Tuttle
Product Id : 20184PACK

Overview: The objectives of this course will be to demonstrate from real life audits conducted by the Federal government what your highest risks are for being fined (some of the risk factors may surprise you). In addition this course will cover the highest risk factors for being sued by patients for wrongful disclosures of PHI. The course will also cover the manner in which patients are now using state laws to sue for wrongful disclosures. States are being encouraged by the Federal government to implement new laws to remedy their citizens.

Why should you attend:
  • HIPAA NOW HAS TEETH! Be prepared! Protect your practice or business!
  • What factors might spurn a HIPAA audit? …are you doing these things?
  • Why are the Feds enforcing after all these years?
We will be discussing some of the changes taking place in Washington with the Health and Human Services in regards to the enforcement of the HIPAA laws already on the books. I will go over some of the new changes affecting covered entities and business associates. I will also be discussing factors might cause an unwanted visit or letter from the Office of Civil Rights and how to prepare for the audit and deal with the Feds and state laws.

Areas Covered in the Session:
  • Updates for 2016
  • Factors which can get you audited
  • Business Associates
  • How to avoid an audit
  • HIPAA and suing
  • Risks
  • NIST based Risk Assessment

Who Will Benefit:
  • Practice Managers
  • MD's and other Medical Professionals
  • Billing Companies
  • Transcription Companies
  • IT Companies
  • Answering Services
  • Home Health
  • Coders
  • Attorneys
  • Any Business Associates who work with Medical Practices or Hospitals
Brian L Tuttle, CPHIT, CHP, CBRA, Net+, A+, CCNA, MCP is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 18 years' experience in Health IT and Compliance Consulting. With vast experience in health IT systems (i.e. practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 18 years’ experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as compliance consultant and has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.

In addition, Mr Tuttle has served in multiple litigated court cases serving as an expert witness offering input related to best practices and requirements for securing and providing patient access to protected health information. Mr. Tuttle has also worked directly with the Office of Civil Rights (OCR) both in defending covered entities and business associates as well as being asked by the Federal government to audit covered entities and business associates on behalf of the OCR. Almost all of Brian’s clients are earned by referral with little or no advertising.

Brian is well known and highly regarded in medical circles throughout the United States for his quality work and down home southern charm Mr Tuttle has a Master's Degree in Health Sciences from Georgia State University and works nationally out of Kennesaw, GA
Instructor : Jim Sheldon Dean
Product Id : 20184PACK

Overview: Healthcare entities have recently become the prime targets for hackers using ransomware techniques to encrypt an organization's files and hold them for ransom. In order to avoid being victimized by ransomware, organizations need to use an information security management process to identify and mitigate the specific risks of ransomware. That process includes preventing infections through good systems and network management and training of all staff who use computers, and recovering from infections through the use of good backup and data management processes.

There are measures known to be effective to prevent the introduction of ransomware and to recover from a ransomware attack. This session describes ransomware attack prevention and recovery from a healthcare sector perspective, including the role the Health Insurance Portability and Accountability Act (HIPAA) has in assisting HIPAA covered entities and business associates to prevent and recover from ransomware attacks, and how HIPAA breach notification processes should be managed in response to a ransomware attack.

Following good practices according to HIPAA helps both prevent and recover from ransomware incidents. Organizations that do follow good practices are able to shrug off ransomware attaches and know exactly what has happened and whether or not reporting a breach to HHS is warranted. Prevention of a ransomware incident is the essential first step, that takes place largely through training of staff to not open any documents or click on any links unless they are absolutely sure of the source and content. The way ransomware works, an individual is usually tricked into visiting an infected Web site or opening a Word document with a malicious attachment, and the only way to avoid the initial contact is to train, retrain, and train again workers to be vigilant and pick up the phone and make a call if they are not convinced of the source and content of the link or attachment.

If the contact is made and the attack is launched, having a securely segmented network with tight firewalls between the segments can prevent cross infection and attack of resources, and limit the damage caused by the attack. Using network-monitoring tools can help spot trouble based on anomalous network behavior that the attack causes, and give you the chance to lock down the infection so it can be eradicated and the damage can be evaluated.

Once evaluated, you may or may not have a breach to report. If your data is still available and access has been virtually uninterrupted, you satisfy that requirement, but unless your analysis can show that there has been no exfiltration of data and no infection remains, you may have to report the incident as a breach under HIPAA. Handling a malware incident like ransomware can severely test your preparedness, cost large sums of money, and result in reportable breaches that will be investigated by the HHS Office of Civil Rights. Being ready to face the threat and respond appropriately to ransomware can mean the difference between an annoyance and a disaster. This session will help entities understand how to be ready to face the threat and avoid disaster.

Why should you Attend: A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015). Ransomware exploits human and technical weaknesses to gain access to an organization's technical infrastructure in order to deny the organization access to its own data by encrypting that data. Being unprepared for ransomware means having to face demands for payment from criminals, loss of control of your information, and requirements to report such incidents as breaches.

Even if you pay off the ransom, you may not get control of your data back, and you may never know if the data remains compromised or not. Victims of ransomware face the expense of recovery, the hassle of compliance issues like breach reports, and the loss of good will with patients who may never trust your organization again.

Areas Covered in the Session:
  • What is Ransomware?
  • Preventing Ransomware attacks
  • The value of User Training
  • Making your Networks more resistant to attacks
  • Understanding the Impact of a Ransomware attack
  • Responding to the attack
  • Recovering from a Ransomware attack
  • Evaluating Ransomware attacks as reportable Breaches

Who Will Benefit:
  • Compliance director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.