HIPAA/HITECH Assessment for Healthcare Business Associates
Instructor:
Srini Kolathur
Product ID: 703036
Training Level: Intermediate
- Duration: 70 Min
Why Should You Attend:
- Have you identified your key business associates handling PHI that you create, receive, maintain or transmit?
- Do you review your contract periodically with your key business associates?
- Do you have the right to audit clause or require your business associate to follow certain minimum security controls and best practices?
The American Recovery and Reinvestment Act of 2009, in Section 13411 of the HITECH Act require HHS to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and Security Rules and Breach Notification standards. According to the recent report more than 60% of the breach happened are by the business associates.
If you come under the “Business Associate” category, and want to avoid showing up at HHS’s “wall of shame” or if you are a healthcare organization or facility employing the services of vendors, attend our 60 minutes webinar to learn in depth about how to comply with HIPAA and HITECH rules, understand the audit protocols, Know what a breach is and how to mitigate one if occurred.
Areas Covered in the Webinar:
- HIPAA/HITECH new omnibus rule
- Business Associate Determination Process
- HIPAA/HITECH applicability for BAs
- Criteria for classifying Business Associates
- Best practices for BA engagement
- BA risk assessment questionnaire
Who will Benefit:
This webinar will provide valuable assistance to medical offices, practice groups, hospitals, academic medical centers, insurers and business associates (shredding, data storage, systems vendors, billing services, etc). The titles include:
- Compliance director
- CEO
- CFO
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/lawyer
- Office Manager
- Contracts Manager
Srini Kolathur, HITPro, CISSP,CISA, CISM, MBA is a result-driven leader. Srini has several years of experience in helping companies effectively comply with regulatory compliance requirements including SoX, PCI, HIPAA, etc. by securing information using best practices.
For the last several years has been actively involved in Sarbox controls implementation, PCI-DSS, GRC and internal audit functions in the critical general IT general control area. As internal compliance and audit liaison project manager for Cisco Infrastructure Group, Srini has managed compliance and automation project, including developing tracking system for monitoring privileged user access.
Srini has been involved in providing training to small practices and hospitals’ staff to effectively comply with HIPAA/HITECH and meaningful use security requirements by using NIST risk assessment framework, HHS HIPAA checklist and best practices for IT assessment using best practices.
Srini has graduated with an executive MBA degree from Kenan-flagler business school at UNC Chapel Hill. Srini is very active in the local ISACA and ISSA chapters. Srini believes and advocates best practices-based security and compliance program to achieve business objectives. Srini has a long successful track record of bringing in projects on time and on budget, and developing high performance teams, while boosting technical and business expertise and maintaining high morale.
Topic Background:
Under the HIPAA Privacy and Security Rule, health care organizations are required to perform active risk prevention and safeguarding of patient information that are very important to patient privacy. Health care organizations often use the services of a variety of contractors and businesses. The HITECH act allows covered entities to disclose the minimum necessary for protected health information (PHI) to these “business associates”. This should only be allowed if the covered entities obtain satisfactory documented assurances that the business associate will use the PHI information only for the required designated business purposes for which it was engaged in contract by the covered entity. The business associate must safeguard any and all subsequent information from misuse, abuse or unauthorized disclosures. The business associate is required to render due diligence to help protect the covered entity in complying with the covered entity’s duties under the HIPAA Privacy Rule within the scope of their normal business processes, operations and services to the covered entity.
Refund Policy
Our refund policy is governed by individual products and services refund policy mentioned against each of offerings. However in absence of specific refund policy of an offering below refund policy will be effective.
Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. ComplianceOnline would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange. Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time. On-Demand Recording purchases will not be refunded as it is available for immediate streaming. However if you are not able to view the webinar or you have any concern about the content of the webinar please contact us at below email or by call mentioning your feedback for resolution of the matter. We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email [email protected] call +1-888-717-2436 (Toll Free).
