Course Description:

With the recent implementation of new HIPAA regulations in the HIPAA Omnibus Update of 2013, healthcare organizations are reviewing their compliance and making sure they have the proper policies, procedures, and forms in place. HIPAA Privacy and Security Officers have been renewing their compliance activities and reviewing their documentation to make sure they can meet the challenges of the new rules and avoid breaches and penalties for compliance violations.

This session is designed to provide intensive, one and a half-day training in HIPAA Privacy and Security Rule compliance, including

  • What’s new in the regulations
  • What’s changed recently
  • What needs to be addressed for compliance by covered entities and business associates
  • What are the most important privacy and security compliance issues
  • What needs to be done for HIPAA compliance
  • What can happen when compliance is not adequate

This seminar will explain new individual rights and new responsibilities for covered entities and business associates. It will also explain audits and enforcement, HIPAA Security safeguards as well as security breaches and ways to prevent them. Numerous references and sample documents will be provided.

Learning Objectives

  • Understand the structure of the HIPAA regulations and how they work together
  • Learn what has changed in the rules based on the HIPAA Omnibus Update Rule
  • Find out what are the responsibilities of the HIPAA Privacy and Security Officer
  • Discover what has to be modified to meet the new rules and how to interpret them
  • Understand what are the rights individuals have about their health information
  • Know what are the limitations on uses and disclosures by a healthcare entity
  • Learn the updated rules on using health information for marketing and fundraising
  • Find out how the rules impact the use of electronic health records
  • Know how to use risk analysis to make compliance decisions about safeguards
  • Understand what makes a good information security policy
  • Know how to respond to breaches and violations of Privacy and Security rules
  • Learn how to deal with the modern portable technologies and communication methods
  • Understand how to use policies, documentation, training, and drills to prepare for audits and incidents, and achieve good compliance

Who Will Benefit:

This seminar will provide valuable assistance to all personnel in Medical offices, practice groups, hospitals, pharmacies, academic medical centers, medical devices, insurers, healthcare business associates (shredding, data storage, systems vendors, billing services, lawyers, etc.). The following personnel will find this session valuable:

  • Compliance Director
  • CEO
  • COO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/Lawyer
  • Office Manager
  • Contracts Manager

Course Outline:

Day One (8:30 AM – 4:30 PM) Day Two (8:30 AM – 12:30 PM)

Registration Process: 8:30 AM – 9:00 AM

Session Start Time: 9:00 AM

Day one sets the stage with an overview of the HIPAA regulations and then continues with presentation of the specifics of the Privacy Rule, recent changes to the rules, and the basics of the Security Rule.

  • Overview of HIPAA Regulations
    • The Origins and Purposes of HIPAA
    • Privacy Rule History and Objectives
    • Security Rule History and Objectives
    • Breach Notification Requirements, Benefits, and Results
  • HIPAA Privacy Rule Principles, Policies and Procedures
    • Patient Rights under HIPAA
    • Limitations on Uses and Disclosures
    • Required Policies and Procedures
    • Training and Documentation Requirements
  • Recent and Proposed Changes to the HIPAA Rules
    • New Penalty Structure
    • New HIPAA Audit Program
    • New Patient Rights
    • New Obligations for Business Associates
  • HIPAA Security Rule Principles
    • General Rules and Flexibility Provisions
    • The Role of Risk Analysis
    • Security Safeguards
    • Training and Documentation

Day two begins with a discussion of typical security issues and means for avoiding breaches and meeting compliance requirements when it comes to modern technologies, such as texting, e-mail, and social media. Finally, the day concludes with a session on the essential activities of documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits.

  • Risk Mitigation, Breach Prevention, and Compliance Remediation
    • Typical Security Risks and Preventing Breaches
    • Social Media, Texting, e-mail, and Privacy
    • Dealing with Portable Devices and Remote Access
    • Compliance Planning
  • Documentation, Training, Drills and Self-Audits
    • How to Organize and Use Documentation to Your Advantage
    • Training Methods and Compliance Improvement
    • Conducting Drills in Incident and Breach Response
    • Using the HIPAA Audit Protocol for Documentation and Self-Auditing

Meet Your Instructor

Jim Sheldon-Dean
Principal and Director of Compliance Services, Lewis Creek Systems, LLC

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Mr. Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

He has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Register Now

Online using Credit card

Get the Invitation
Pre-Register yourself and get the official Invite when venue and dates are announced for this seminar.
Call here to register +1-888-717-2436 or email at

Other Registration Option

By order form / PO#

Payment Mode

By Check -
Pay your check to (payee name) “MetricStream Inc” our parent company and Mail the check to:

ComplianceOnline (MetricStream, Inc),
2479 East Bayshore Road Suite 200
Palo Alto, CA 94303

By Wire -

Register / Pay by Wire Transfer

Please contact us to get details of wire transfer option.

Terms & Conditions to register for the Seminar/Conference/Event

Your Registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-717-2436 or email us @

Payment is required before 2 days of the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. ( our parent company)

Cancellations and Substitutions:
Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund — less a $200 administration fee. No cancellations will be accepted — nor refunds issued — within 10 calendar days from the start date of the event.

On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($200) will be transferred to any future ComplianceOnline event and a credit note will be issued.

Substitutions may be made at any time. No-shows will be charged the full amount.

We discourage onsite registrations, however if you wish to register onsite payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available we will send the material after the conference is over.

In the event ComplianceOnline cancels the seminar, ComplianceOnline is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.

Attendance confirmation and Documents to carry to the seminar venue:
After we receive the payment from the registered attendee an electronic event pass will be sent to the email address associated with the registrant before 5 working days from the seminar date. Please bring the pass to the venue of the event.

Conference photograph / video:
By registering and attending ComplianceOnline conference you agree to have your photographs or videos taken at the conference venue and you do not have any objections to use these photos and videos by ComplianceOnline for marketing, archiving or any other conference related activities. You agree to release ComplianceOnline for any kind of claims arising out of copyright or privacy violations.

Media Partners


Media Partner Benefits
  • Logo and company data on the event website.
  • Logo on the conference material distributed during the conference.
  • Media Partner’s brochure distributed along with conference material.
  • Logo on all the mailings before and after the event.
  • 10% discount to media partner's subscribers.

Media Partner to do
  • Banner (min 728x90 or 468x60) on the Media Partner website.
  • Insertion of the event in the event calendar, both printed and/or online.
  • Announcement article of the conference on the Magazine and/or Website.
  • Dedicated email blast to all subscribers of Media Partner.
  • Article on the Magazine and/or Website after the conference.

Local Attractions

This Frederick Law Olmsted-designed park, famous for its Swan Boats, has over 600 varieties of trees and an ever-changing array of flowers. It is America's first public garden.

The Boston Public Library was the first large municipally-funded public library in America. It has a central location right in the heart of Copley Square, facing the Trinity Church, easily accessible by taking the Green Line to Copley station (or also near to Orange Line Back Bay stop).

Fenway Park is the oldest Major League baseball park in the United States. Its small, intimate atmosphere really allows you to feel like you are "in the game." The park is situated right in downtown Boston - so it is very accessible if you are visiting the area.

Boston's oldest, largest and best-known art institution, the MFA houses one of the world's most comprehensive art collections and is renowned for its Impressionist paintings, Asian and Egyptian collections and early American art.

The Boston Museum of Science is a long-standing tradition for families in Boston, but that doesn't mean adults won't enjoy themselves too! Their exhibits range from dinosaurs to space travel to wildlife to physics to human biology to an in-depth look at Boston's "Big Dig" project.

This Italian neighborhood, Boston's oldest, is known for its wonderful restaurants and historic sights.

The signal from the steeple of Boston's oldest church triggered the War for Independence that led to the birth of America. On that fateful night in 1775, the two lanterns in the steeple told Paul Revere that the British were approaching by boat, not on foot.

We need below information to serve you better

Best Sellers
You Recently Viewed