The focus of this 5 days HIPAA compliance classroom training program is to better understand the implications of HIPAA legislation and identify critical compliance requirements for your business/client. It helps you better understand HIPAA’s Administrative Simplification Act as well as how to create a framework for initiating and working towards a blueprint for Privacy and HIPAA Security compliance and regular audit to avoid violation of regulations.
Our Training includes changes to the HIPAA regulations due to Health Information Technology for Economic and Clinical Health (HITECH) Act which is part of American Recovery and Reinvestment Act of 2009 (ARRA) and 2013 Omnibus Rule final changes. Our HIPAA Instructors are HIPAA consultants who help organizations meet the HIPAA audit checklist requirements issued by the DHHS. Learn from the Instructor what your next steps are to meet these newly issued audit requirements by the Department of Health and Human Services’ (DHHS) Office of e-Health Standards and Services.
In this training we also explain the relevance of HIPAA to information systems infrastructure and initiatives towards HIPAA security & privacy compliance.
This HIPAA compliance training will prepare you for HIPAA certification of Certified HIPAA Privacy Security Expert (CHPSE).
HIPAA Training for Security, Privacy and Transaction: Learning Objectives
This training will give you advanced competency in designing, implementing, and administering comprehensive privacy and security protection programs in all types of healthcare organizations. From this training you will learn the following about HIPAA:
Course Outline
Day 1
HIPAA Fundamentals
DAY 2
HIPAA Privacy Rule Part 1
HIPAA Privacy Rule Part 1 (continued)
HIPAA Privacy Rule Part 2
DAY 3
HIPAA Security Rule Part 1
1. General:
HIPAA Security Rule Part 1 (continued)
2. General (continued):
3. Administrative Safeguards: Definition of “administrative safeguards” as they relate to security and the rule. A review of required administrative safeguards and their application within a covered entity and business associate.
4. Physical Safeguards: Definition of “physical safeguards” as they relate to security and the rule. A review of required physical safeguards and their application within a covered entity and business associate.
HIPAA Security Rule Part 1 (continued)
5.Technical Safeguards (general): Definition of “technical safeguards” as they relate to security and the rule. A review of required technical safeguards and their application within a covered entity and business associate.
6. Technical Safeguards (technical details): A review of required technical safeguards including a more technical review of required or addressable safeguards, implementation and on-going maintenance.
DAY 4
HIPAA Security Rule Part 2
1. Digital Signatures & Certificates: A review of the use of higher forms of individual or entity authentication that is quickly becoming a requirement legally and to reduce legal risk.
2. Security Policy: A review of the requirements to document security program practices and processes in policy and related workforce training requirements. Also a review of required policy maintenance and retention.
Enforcement Rule
Identity Theft Protection Laws
A general review of existing identity theft protection laws and breach notification requirements. Includes specific discussion of California identity theft and medical identity theft protection laws.
American Recovery and Reinvestment Act
of 2009 (ARRA), Title XIII
A general overview of Title XIII health information technology (HIT) incentives and requirements provisions. This discussion will focus on an overview of the role of privacy and security in HIT investment provisions and standards development.
American Recovery and Reinvestment Act
of 2009 (ARRA), Title XIII, Subtitle D
1. Privacy Provision Overview: Overview of the privacy provisions included ARRA and the relationship to the HIPAA Administrative Simplification Title provisions.
2. Business Associates – New Requirements: A discussion of business associates’ new requirement to statutorily adhere to the provisions of the HIPAA Administrative Simplification Title Privacy and Security Rules. The discussion includes a review of the timeline for compliance and the implications for business associates.
3. National Identity Theft Protection Provisions: A discussion of the requirements of the new identity theft protection provisions, what is considered a breach or inappropriate disclosure, breach notification requirements and entities/individuals covered. Discussion also includes new reporting requirements by entity/individual, HHS and the Federal Trade Commission (FTC).
4. Marketing Prohibitions and Restrictions: An overview of the enhanced restrictions related to the use and disclosure of PHI where the entity or individual is paid for such use and disclosure and stricter prohibitions against using PHI for marketing purposes.
5. Enforcement Provisions: A discussion of the new enforcement provisions, entities/individuals covered and how such enforcement relates to the HIPAA Enforcement Rule and current compliance audits. The discussion also includes a discussion of changes in penalties and the addition of a newly defined criminal act (formerly a civil violation).
6. Reporting Requirements: A discussion of new requirements for the reporting of breaches to HHS and/or the FTC and annual reports relating to compliance, rule violations, breaches, etc. to Congress and the public.
Red Flag Rules
With identity theft and other problems on the increase, additional effort needed to be made to combat this new avenue of fraud against healthcare. With so much information available and in the hands of some many people delivering care, processing payment, and handling the operational and regulatory uses of this information, it was inevitable that healthcare would become a target for exploitation. Changes to the law has helped, and this chapter covers the following topics to better protect your information resources:
Omnibus Rule of January 2013
DAY 5
HIPAA Review
One of the cornerstones of a successful HIPAA security program is the performance of a risk analysis and the creation of a risk management program. We will walk you through a program of risk analysis and show your how to perform one that focuses on the specific areas that HIPAA requires. You will learn techniques to set a severity scale that is specific to your organization; evaluate and compare risk elements against it; identify and quantify your assets; clarify threats and vulnerabilities that can compromise those assets; develop a strategy to protect against those threats that is both operationally effective and economically efficient. When you complete this section, you will be ready to help get your organization compliant now, and keep it that way into the future.
IT Security Requirements
IT Security Requirements
Meaningful Use
Meaningful Use is one of the hottest current topics in Healthcare. In stages, the Meaningful Use program lays out a series of accomplishments and metrics that over time lead to achieving the objective of securely automating healthcare institutions and providers. In addition to having a program of steps over the years of 2011-2016, the US Government has outlined a financial incentive program to further encourage participation and compliance, and reduce the impact of this pervasive change. This module covers:
Upon completion, the attendee will know what is required, how it will be measured, and how to achieve and measure it.
Audience
HIPAA Training for Security and Privacy: Target Audience
College Credit, CEUs, PDUs and CDUs
When you take courses with the Babbage Simmel, be sure you get the credit you deserve. Curriculum offered by Babbage Simmel can earn you college credit, CEUs, PDUs or CDUs.
College Credit
Select curriculum offered by Babbage Simmel can be utilized for College Credit. For questions please E-Mail: info@babsim.com or call 614-481-4345.
Continuing Education Units (CEUs)
Continuing Education Units (CEUs) are nationally recognized standard units of measurement earned for satisfactory completion of qualified programs of continuing education. If you need more information about CEUs, please E-Mail: info@babsim.com or call 614-481-4345.
Professional Development Units (PDUs)
Professional Development Units (PDUs) can be issued by PMI® for formal learning activities related to project management. Project Management Professionals (PMPs®) are required to earn a minimum of 60 PDUs every 3 years to maintain certification. For more information about this program go to the PMI® web site or call 1-855 746 4849.
Continuing Development Units (CDUs)
CDUs may be earned by attending professional development (e.g. courses, seminars) offered by organizations endorsed by IIBA® and designated as an EEP vendor. As an IIBA Endorsed Education Provider (EEP) Babbage Simmel's IIBA® endorsed courses qualify for CDU credit. For more information about CDUs go the IIBA® web site or call 1-647-426-3735.
Our babsimLIVE distance learning brings the classroom learning experience to you by seating you virtually into a real-life instructor-led classroom taught by award winning world-class instructors with other IT professionals like yourself. From the comfort of your home, workplace, or at the Babbage Simmel Columbus Campus, you acquire the training you need, when you want it, in the environment that is most comfortable for you to be successful.