Course "HIPAA for the Compliance Officer" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion.Overview:I will be going into great detail regarding you practice or business and how it relates to the HIPAA Security/Privacy Rule,Areas covered will be history of HIPAA, privacy vs security, business associates, changes for 2016, audit process, paper based PHI, HIPAA and suing, texting, email, encryption, medical messaging, voice data and much, much, moreI will uncover myths versus reality as it relates to this very enigmatic law based on over 600 risk assessments performed as well as years of experience in dealing directly with the Office of Civil Rights HIPAA auditors.I will also speak to real life audits conducted by the Federal government (I've been on both sides of these audits) what your highest risks are for being fined (some of the risk factors may surprise you).In addition, this course will cover the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures.Don't always believe what you read online about HIPAA, especially as it relates to encryption and IT, there are a lot of groups selling more than is necessarily required.
Why you should attend:
This lesson will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in order before the imminent audits occur. It will also address major changes under the Omnibus Rule and any other applicable updates for 2016. There are an enormous amount of issues and risks for covered entities and business associates these days. I will speak on specific experiences from over 17 years of experience in working as an outsourced compliance auditor, expert witness on HIPAA cases, and thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information.
More importantly I will show you how to limit those risks by simply taking proactive steps and utilizing best practices.
Areas Covered in the Session:·
History of HIPAA· HITECH· HIPAA Omnibus Rule· How to perform a HIPAA Security Risk Assessment· What is involved in a Federal audit and how is it conducted· Risk factors for a federal audit· EHR and HIPAA· Business Continuity/Disaster Recovery Planning· Business Associates and HIPAA· In depth discussions on IT down to the nuts and bolts· BYOD· Risk factors that can cause an audit (low hanging fruit)· New rules which grant states ability to sue citing HIPAA on behalf of a patient· New funding measures· ....much, much more Who Will Benefit:· Practice Managers· Compliance Officers, and any Business Associates Privy to Private Health Information and Under the Auspices of this Law.
Agenda:
Day One
Lecture 1:HIPAA -History
Lecture 2:HIPAA Privacy Rule vs HIPAA Security Rule
Lecture 3:HITECH Act
Lecture 4:Information Technology
Lecture 5:Breach Notification Rule
Lecture 6:Omnibus Rule
Lecture 7:Business Associates
Lecture 8:Current Court Cases (precedence)
Lecture 9:Paper Based PHI Concerns
Lecture 10:Disaster Recovery Concerns (Paper)
Lecture 11:Psych and Infectious Disease
Day Two
Lecture 1:Choosing a HIPAA Consultant
Lecture 2:Choosing an IT Group
Lecture 3:Disaster Recovery Concerns (Electronic)
Lecture 4:Physical Setup
Lecture 5:Overseas Outsourcing
Lecture 6:BYOD
Lecture 7:Texting and Emailing
Lecture 8:What the Feds are Looking For (low hanging fruit
)Lecture 9:What are Factors That Can Get Your Practice Audited
Lecture 10:State Laws and Patient Ability to Sue
Lecture 11:How to Conduct a Risk Assessment
Lecture 12:How to Write Policies and Procedures Speaker:Brian Tuttle is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 15 years' experience in Health IT and Compliance Consulting.
Mr. Tuttle is Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions. Almost all of Brian's clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United StatesConsulting services provided:HIPAA Security/Privacy auditingComprehensive NISP based risk assessments with mitigationHIPAA awareness training and certificationCustom written policies and proceduresPublic speakingExpert WitnessSubject matter writingHIPAA consulting and certification for proprietary software companiesBusiness continuity (Disaster Recovery) planning and consultingWith vast experience in health IT systems (i.e. practice management/EMR systems, imaging, transcription, medical messaging, etc.) as well as over 17 years' experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as compliance consultant and has conducted onsite risk assessments for over 500 medical practices, hospitals, and business associates throughout the United States .
Pharma Sources Insight January 2025
