HIPAA Security and Breach Rule Compliance- Understanding Risk Analysis, Policies and Procedures and Managing Incidents
Jim Sheldon-Dean, Principal and Director of Compliance Services, Lewis Creek Systems, LLC
Coming soon.. Please contact customer care for new schedule
||Course "HIPAA Security and Breach Rule Compliance- Understanding Risk Analysis, Policies and Procedures and Managing Incidents" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion.
With the recent implementation of new HIPAA regulations in the HIPAA Omnibus Update of 2013, healthcare organizations are reviewing their compliance and making sure they have the proper policies, procedures, and forms in place. HIPAA Security Officers have been renewing their compliance activities and reviewing their documentation to make sure they can meet the challenges of the new rules and avoid breaches and penalties for compliance violations.
This seminar is designed to provide intensive, two-day training in HIPAA Security and Breach Notification Rule compliance, including:
- What’s new in the regulations?
- What’s changed recently?
- What needs to be addressed for compliance by covered entities and business associates?
- What are the most important security issues?
- What needs to be done for HIPAA compliance?
- What can happen when compliance is not adequate?
This session will also explain HIPAA Security safeguards and the role of risk analysis in effectively evaluating and implementing Security Rule compliance. Audits and enforcement will be explained, as well as security breaches and how to prevent them. Numerous references and sample documents will be provided.
- Understand the structure of the HIPAA Regulations and how they work together
- Learn what has changed in the rules based on the HIPAA Omnibus Update Rule
- What has to be modified to meet the new rules and how to interpret them
- Understand how to use Risk Analysis to make compliance decisions
- Know what safeguards must be considered to provide security for health information
- Understand what makes a good information security policy
- Know how to respond to breaches and violations of Privacy and Security rules
- Work through practical examples of risk analysis
- Learn how to deal with the modern portable technologies and communication methods
- Understand how to use policies, documentation, training, and drills to prepare for audits and incidents, and achieve good compliance
Who will Benefit
This seminar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:
- Compliance director
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
|Day One (8:30 AM – 4:30 PM)
||Day Two (8:30 AM – 12:30 PM)
Registration Process: 8:30 AM – 9:00 AM
Session Start Time: 9:00 AM
Day one sets the stage with an overview of the HIPAA regulations and then continues with presentation of the specifics of Breach Notification, the Security Rule, recommended policies and procedures, how to be prepared for HIPAA audits, and principles and methods of risk analysis for Security Rule and Breach Notification compliance.
Overview of HIPAA Regulations
- The Origins and Purposes of HIPAA
- Privacy Rule History and Objectives
- Security Rule History and Objectives
- Breach Notification Requirements, Benefits, and Results
HIPAA Security Rule Principles
- General Rules and Flexibility Provisions
- The Role of Risk Analysis
- Security Safeguards
- Training and Documentation
HIPAA Security Policies and Procedures and Audits
- HIPAA Security Policy Framework
- Sample Security Policy Content
- Recommended Level of Detail for Policies and Procedures
- The New HIPAA Compliance Audit Protocol
Risk Analysis for Security and Breach Notification
- Principles of Risk Analysis for Information Security
- Analyzing Risks for Determination of Breach Notification
- Risk Analysis Methods
- Risk Analysis Example
Day two begins with a discussion of typical security issues and means for avoiding breaches and meeting compliance requirements when it comes to modern technologies, such as texting, e-mail, and social media. Finally, the day concludes with a session on the essential activities of documenting policies, procedures, and activities, training staff and managers in the issues and policies they need to know about, and examining compliance readiness through drills and self-audits.
Risk Mitigation, Breach Prevention, and Compliance Remediation
- Typical Security Risks and Preventing Breaches
- Social Media, Texting, e-mail, and Privacy
- Dealing with Portable Devices and Remote Access
- Compliance Planning
Documentation, Training, Drills and Self-Audits
- How to Organize and Use Documentation to Your Advantage
- Training Methods and Compliance Improvement
- Conducting Drills in Incident and Breach Response
- Using the HIPAA Audit Protocol for Documentation and Self-Auditing
Meet Your Instructor
Principal and Director of Compliance Services, Lewis Creek Systems, LLC
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Mr. Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
He has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Register by P.O. / Check
Yes, I want to attend "HIPAA Security and Breach Rule Compliance- Understanding Risk Analysis, Policies and Procedures and Managing Incidents".
Click here to download P.O. form
If you are paying by check:
Checks should be payable to MetricStream Inc. (our parent company) and mailed to:
2479 East Bayshore Road
Palo Alto, CA 94303
Send your team for maximum benefit.
Get your team up to speed!
Significant tuition discounts are available for teams of two or more from the same company. You must register at the same time and provide a single payment to take advantage of the discount.
||Get 10% off
|3 to 6 Attendees
||Get 20% off
|7 to 10 Attendees
||Get 25% off
||Get 30% off
Call toll free on +1-888-717-2436 if you have any queries.
Register by Wire Transfer
If you wish to pay by wire transfer, please call us toll free on +1-888-717-2436
Terms & Conditions to register for the Seminar/Conference/Event
Your Registration for the seminar is subject to following terms and conditions. If you need any clarification before registering for this seminar please call us @ +1-888-717-2436 or email us @ firstname.lastname@example.org
Payment is required before 2 days of the date of the conference. We accept American Express, Visa and MasterCard. Make checks payable to MetricStream Inc. ( our parent company)
Cancellations and Substitutions:
Written cancellations through fax or email (from the person who has registered for this conference) received at least 10 calendar days prior to the start date of the event will receive a refund — less a $75 administration fee. No cancellations will be accepted — nor refunds issued — within 10 calendar days from the start date of the event.
On request by email or fax (before the seminar) a credit for the amount paid minus administration fees ($75) will be transferred to any future ComplianceOnline event and a credit note will be issued.
Substitutions may be made at any time. No-shows will be charged the full amount.
We discourage onsite registrations, however if you wish to register onsite payment to happen through credit card immediately or check to be submitted onsite. Conference material will be given on the spot if it is available after distributing to other attendees. In case it is not available we will send the material after the conference is over.
In the event ComplianceOnline cancels the seminar, ComplianceOnline is not responsible for any airfare, hotel, other costs or losses incurred by registrants. Some topics and speakers may be subject to change without notice.
Attendance confirmation and Documents to carry to the seminar venue:
After we receive the payment from the registered attendee an electronic event pass will be sent to the email address associated with the registrant before 5 working days from the seminar date. Please bring the pass to the venue of the event.
Conference photograph / video:
By registering and attending ComplianceOnline conference you agree to have your photographs or videos taken at the conference venue and you do not have any objections to use these photos and videos by ComplianceOnline for marketing, archiving or any other conference related activities. You agree to release ComplianceOnline for any kind of claims arising out of copyright or privacy violations.
If you wish to partner with us for this event
contact us: email@example.com
call us: +1-888-717-2436.
Media Partner Benefits
- Logo and company data on the event website.
- Logo on the conference material distributed during the conference.
- Media partner’s brochure distributed along with conference material.
- Logo on all the mailings before and after the event.
- 10% discount to media partner's subscribers.
Media Partner To Do
- Banner (min 728x90 or 468x60) on the media partner website.
- Insertion of the event in the event calendar, both printed and/or online.
- Announcement article of the conference on the magazine and/or website.
- Dedicated email blast to media partner’s subscribers.
- Article on the magazine and/or website after the conference.
If you wish to sponsor this event
contact Cruise Webster: firstname.lastname@example.org
call us: (207) 576-4173
Discovery Place is a science and technology museum for visitors of all ages located in the Uptown area of Charlotte, North Carolina. Discovery Place brings science to life through hands-on interactive exhibits, thrilling activities and experiments, a larger-than-life IMAX Dome Theatre, and boundless other educational opportunities and programs.
Carowinds Amusement and Water Park
398-acre Thrill Park filled with so much fun and excitement it can't be contained in one state! Features over 50 rides, shows and attractions, including 13 world-class roller coasters, like Intimidator – the tallest, fastest, longest coaster in the Southeast; Planet Snoopy – an "out of this world" 12-acre children's area highlighted by America's most beloved beagle - Snoopy; and Boomerang Bay™, a 20-acre Australian-themed water park, included with the price of admission.
NASCAR Hall of Fame
Located in Uptown Charlotte, N.C., the 150,000-square-foot NASCAR Hall of Fame is an interactive, entertainment attraction honoring the history and heritage of NASCAR. The high-tech venue, designed to educate and entertain race fans and non-fans alike, opened May 11, 2010 and includes artifacts, interactive exhibits, and a 278-person state-of-the-art theater.
U.S. National Whitewater Center
The U.S. National Whitewater Center is a non-profit outdoor recreation and athletic training facility for whitewater rafting, kayaking, canoeing, rock climbing, mountain biking and hiking which opened to the public on November 4th, 2006. The Center is located in Charlotte on approximately 400 acres (1.6 km2) of land adjacent to the Catawba River.
Freedom Park is the 98-acre "Central Park" of Charlotte, North Carolina. Located at 1900 East Boulevard, between Charlotte's historic Dilworth and Myers Park neighborhoods, the park is centered on a 7-acre lake, and is about 3 miles (4.8 km) from the heart of Charlotte's downtown area. The park has paved trails, tennis/volleyball courts, sport/athletic fields and playground equipment. The park contains a steam engine that is fenced and has safety bars added over the tender, but one can walk into the cab.
Wing Haven Gardens and Bird Sanctuary
Wing Haven Gardens and Bird Sanctuary (3 acres) are non-profit gardens and a bird sanctuary located at 248 Ridgewood Avenue, Charlotte, North Carolina. It contains a number of pools and fountains, and is well-planted with a wide variety of ornamental trees, shrubs, and flowers. The garden also contains an English sundial from 1705, various terra cotta pieces, a plaque with a poem by Japanese pacifist and reformer Toyohiko Kagawa, and a statue of Saint Fiacre, patron saint of gardeners.