HIPAA Security Rule Priorities and Challenges — What’s New and What to Focus On in Managing Risks
01:00 PM ET | 10:00 AM PT | 12:00 PM CT Duration 90 Minutes
Webinar Includes : All the training handouts , certificate ,Q/A and 90 mins Live Webinar
" Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC."
Challenges of HIPAA Security Rule compliance
Today’s information security landscape in healthcare is full of hazards and threats, and preparing to deal with them requires an understanding of the key issues being faced, so that scarce resources can be most appropriately applied to reduce risks. Things like communications, Ransomware, and your own staff can be sources of issues that must be understood and addressed.
HIPAA has been a law for more than twenty years now, and the rules in place call for extensive policies and procedures to ensure compliance with the HIPAA Security Rule. But not all entities have done the work necessary to conduct an accurate and thorough assessment of the risks to the security of Protected Health Information (PHI), and develop and implement their security policies and procedures. Even if they have all the best practices in place, entities must have the supporting policies and procedures to ensure consistency in service and compliance with the law, and they need to be aware of the risks they face and be ready to respond to changes in the risk landscape.
This session will focus on the challenges of HIPAA Security Rule compliance, including the conduct of an information security risk analysis and development of risk management planning, as required under the HIPAA Security Rule, and development and implementation of the necessary policies and procedures for HIPAA Security Rule compliance. Suggested ways a risk analysis may be conducted, and the tools that may be used, will be explored. The necessity for undertaking an information flow analysis to find risks will be explained. Identified risks must be managed, and the means to do so using a set of spreadsheets in a workbook will be described.
The requirements to have policies and procedures will be identified, and the topics that should be covered for each of the rules will be enumerated. Typical policy contents will be identified, with an emphasis on the need to customize and right-size polices for each organization. In addition, we will discuss Privacy Rule topics relating to the management of your HIPAA compliance, such as documentation and training.
The HIPAA Security Rule has some basic requirements for risk analysis and risk management, but also includes numerous physical, technical, and administrative safeguards that must be addressed in policy and procedure. Tackling these requirements individually can result in dozens of new policies; we will explore how to simplify your policies and procedures by combining them where it makes sense to, putting similar requirements and activities together, and making it easier for managers and staff to find and use the right policies and procedures.
And even HIPAA Business Associates must be addressed, both in your policies and in theirs. HIPAA BAs are required to conduct their own risk analyses and have their own sets of security policies and procedures. Hiring entities need to know what’s appropriate and what to ask about for evidence of good practices in information security by their Business Associates.
The session will discuss the requirements and the issues involved with HIPAA security risk analysis, policies, and procedures, and help define the path entities can follow to bring their compliance up to the level at which it should be today.
At the conclusion of the session, participants will be able to:
• Know what are some of the usual risks that must be addressed for HIPAA compliance and how to approach them, including those such as insecure communications of PHI, preparing to deal with Ransomware, and controlling and reviewing staff access of PHI.
• Understand what a HIPAA Security risk analysis is, how you can conduct one, and what you can learn from it.
• Learn the essential policies and procedures that must be in place for HIPAA Security Rule compliance, and the necessity of documentation of their application.
• Understand how to consider new information security risks and what can cause them.
• Understand the difference between policies and procedures, and what belongs in each.
• Learn the importance of comparing your policies and procedures to your actual practices and making the necessary adjustments to synchronize them.
Who will Benefit
• Compliance director
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager
Industries who can attend
This 90-minute online course is intended for professionals in the Healthcare Industry.