HIPAA Omnibus Update Rule - What it Means for Security and Breach Compliance

Instructor: Jim Sheldon-Dean
Product ID: 703183
  • Duration: 90 Min

recorded version

1x Person - Unlimited viewing for 6 Months
(For multiple locations contact Customer Care)
Recorded Link and Ref. material will be available in My CO Section
Last Recorded Date: Dec-2013

Training CD / USB Drive

One CD/USB is for usage in one location only.
(For multiple locations contact Customer Care)
CD/USB and Ref. material will be shipped within 15 business days

Customer Care

Fax: +1-650-362-2367


Read Frequently Asked Questions

This training on HIPAA omnibus rule will focus on the HIPAA Security Rule requirements and the new breach determination requirements in the updated HIPAA Breach Notification Rule, and show how the two are related in a good compliance program. Attendees will also learn best practices to prepare for HIPAA audit.

Why Should You Attend:

This webinar will cover the requirements for risk analysis and assessment in the HIPAA rules and provide a framework for analysis of risks for compliance with HIPAA Security Rule requirements (in §164.308(a)(1)) and the new breach determination requirements in the updated HIPAA Breach Notification Rule, and show how the two are related in a good compliance program. It will show how to go about assessing your risks and organizing your compliance plan, and show how having that information makes it easier to assess risks in the event of a breach.

For the Security Rule, this session will explain what is called for in the rule and show a way to approach the work in an organized way that saves effort and produces meaningful results, with examples of how to conduct the risk analysis.

For the updated Breach Notification Rule, the instructor will explain how the new process differs from the old “harm standard” that has been removed from the rule. If none of the defined exceptions for notification apply, the breach is reportable unless you can show, by a risk analysis, that there is a “low probability of compromise.” The risk analysis must include at least four factors:

  1. What the data is, how well identified is it, and how sensitive it is
  2. To whom the data was improperly disclosed
  3. Whether or not the information was actually viewed or accessed
  4. How the breach was mitigated.

Issues with any one of the four factors can require reporting the breach. The instructor will explain how to consider these factors.

This webinar will also include information on HIPAA Audits and how to be prepared to show that you have the right policies and procedures in place and are using them. To withstand random audits and investigations of non-compliance that may result from a breach report or complaint, thorough documentation of compliance-related activity is required. The instructor will explain how to document your compliance using the HIPAA Audit Protocol as a guide, so you can be sure to avoid trouble if HHS asks questions about your compliance.

Areas Covered in the Webinar:

  • The requirements of the HIPAA Security Rule
  • The elements of a HIPAA Security Risk Analysis
  • The significant changes to the HIPAA Breach Notification Rule
  • Use of Risk Analysis in the new HIPAA Breach Notification process.
  • A framework of security policies.
  • Typical policy considerations for laptops and portable devices, and their security
  • How to use Risk Analysis to deal with difficult compliance issues, such as texting and social networking.
  • Tools to be used for policy management and documentation.
  • How to adopt policies, train on them, and conduct drills on them.
  • The HIPAA Audit Protocol, and its use as a compliance tool

Who Will Benefit:

This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The following personnel will find this session valuable:

  • Compliance director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Compliance Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
  • Contracts Manager

Instructor Profile:

Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Mr. Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.

He has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. He received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Topic Background:

The new HIPAA Omnibus Update Rule is now in effect and enforceable, with some implications for compliance with the HIPAA Security and Breach Notification Rules. Compliance with the HIPAA Security Rule has always required that the risks to protected health information (PHI) be assessed and any issues be addressed by mitigation as necessary. But new changes to the HIPAA Breach Notification Rule add a new role for Risk Assessment, in determining whether or not a breach has a “low probability of compromise.” In addition, recent audits and enforcement actions have highlighted the requirement for performing a proper risk analysis as part of the management of security risks, and to satisfy documentation requirements. Now is the time to revisit your risk assessment and breach notification policies and procedures to make sure you meet the new rules.

Follow us :
Case Management Boot Camp: Best Practice Strategies For Success
HIPAA Privacy Rule Compliance-Understanding New Rules and Responsibilities of Privacy Officer

Refund Policy

Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. ComplianceOnline would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange.

Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time.

If you have any concern about the content of the webinar and not satisfied please contact us at below email or by call mentioning your feedback for resolution of the matter.

We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email call +1-888-717-2436 (Toll Free).

Product Reviews

This product hasn't received any reviews yet. Be the first to review this product! Write review

Best Sellers
You Recently Viewed