HIPAA Security Policies and Procedures: Making them Useful and Relevant as well as Compliant

Instructor: Jim Sheldon Dean
Webinar Id: 800033

Duration: 90 Minutes

  • Recorded
  • Only for one participant ?
  • Price $245.

Overview:

If you handle any electronic patient information, don’t miss this teleconference on compliance with the extensive requirements for policies and procedures in the HIPAA security regulation. Electronic patient information is everywhere; not only is electronic protected health information in the obvious places such as practice management systems and electronic medical records, but also in less obvious places such as copiers, printers, scanners, cell phones, and portable data devices. All entities covered under HIPAA must take special care of electronic patient health information, including establishing policies and procedures to protect all kinds of PHI and taking regular actions as part of a security management process.

  • Proposed changes and expansions to HIPAA, going into effect in 2011, dramatically expand the types of entities to which the regulations directly apply, which means that more entities than ever need to adopt the proper HIPAA Security policies and procedures to be in compliance. New types of electronic devices and new ways of using data mean that new policies and procedures will be required, even if you already have a good set of policies.
  • HHS compliance audit activity and enforcement penalties are both increased, especially in instances of willful neglect of compliance, if, for instance, your organization hasn't adopted the complete suite of information security policies and procedures needed for compliance.
  • Audits all begin with a review of policies and procedures, and having yours in place in advance of an audit is the only way to survive the audit. We will discuss the questions that are asked in audits and show how you can be ready to answer those questions using an index of your policies and how they meet regulatory requirements. With the new random audit program now getting under way, even if you never have a complaint or breach you may be selected for a complete HIPAA compliance audit, and we will show you what policy topics need to be covered to meet requirements.
  • Learn what it takes to get in compliance and stay there, even as your operations and environment change. Find out what administrative, physical and technical safeguards are necessary and what policies they call for, and how you decide what’s right for HIPAA security compliance for your organization. This teleconference will provide the background and details necessary to develop an understanding of the origins of the HIPAA security regulation and the process used in complying with the rule, which leads, inevitably, to the adoption of policies and procedures.
  • With the expansion of electronic devices and systems in use for health care, remote access and use of data now require special attention to secure protected health information, and special policies and procedures as well, especially now that portable devices are a leading cause of information security breaches.
  • If you are asked by the US Department of Health and Human Services to show that you are in compliance with the HIPAA security regulation, you will need to show that you have the proper policies and procedures in place as required by the rules and that you have been using them. This teleconference will lay out a structure for the set of policies needed and identify the topic areas that policies should include, making it easier to deal with the dozens of policy details that are required.
Why you should attend:
  • The HIPAA Security Rule, in place and as proposed in amendments going into effect in 2011, calls for all Covered Entities and Business Associates, and their subcontractors, to be in compliance with provisions protecting all kinds of electronic protected health information, including the adoption of a complete set of information security policies and procedures.
  • While many entities have gone through the processes necessary for HIPAA Security Rule compliance, many are only partially in compliance and have not adopted the policies and procedures necessary for compliance. Many may be doing many of the right things for compliance, but have not documented their policies and procedures and compliance activities as required. And many may be exposing themselves to potential breaches of security because of inadequate, undocumented security practices, policies, and procedures.
  • Now there are new, increased penalties for HIPAA violations and a new, random auditing process is being implemented so that HIPAA covered entities will be subject to reviews by the US Department of Health and Human Services' Office for Civil Rights even if no one files a complaint. And with new technologies like smart phones and portable media being added to the mix, new vulnerabilities require new policies and procedures to avoid problems with audits and breaches.
  • If you haven’t done what’s required under the HIPAA Security Rule, you could be liable for willful neglect penalties that begin at $10,000 minimum and go up from there. You need the proper protections to secure protected health information, and the necessary documented policies and procedures, as well as documentation of any actions taken pursuant to your policies and procedures.
  • What's more, with the breach notification regulations established in 2009, the costs of not properly securing your data have increased dramatically. With the ever-increasing use of electronic records and systems, and changes in how you do business, now is the time to review and renew your information security program, make sure you have the policies you need, and avoid violations and penalties for non-compliance. Having the right policies and procedures in place can help prevent problems, and show that you've been doing your best even if a problem arises.
Areas Covered in the Session:
  • Find out what the requirements for policies and procedures are and why they're a good thing.
  • Learn how having good policies and procedures and good documentation can make compliance easier.
  • Learn the set of policies that need to be included in four groups of policies: Information Security Management Process, Access Controls, Data Management, and the Information System User Policy.
  • Learn how to use your policies and procedures, and the documentation of use of your policies and procedures, to satisfy audit requirements and avoid penalties.
  • Find out about scaling your policies to fit your organization - one size does not fit all!
  • Find out how well-organized policies and procedures make audits easier.
  • Learn with the significant penalties are for non-compliance with policy and procedure requirements.
  • Find out what are the first steps to take in developing your policies and procedures for HIPAA Security compliance.
Who Will Benefit:
  • Compliance director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.


You Recently Viewed