HIPAA Security Basics

Overview:

The webinar will a primer for the HIPAA Security Rule going over the basics of what is necessary to achieve compliance. The first section will discuss what the Security Rule is and where it came from, who must comply, and what information has to be protected. Having this information should set the stage to validate how critical ePHI is and who is responsible for maintaining its security.

The second section will provide a brief overview of Information Security. A focus will be made on what confidentiality, integrity, and availability and the idea of the CIA Triad. A quick look at the importance of security and recent breaches and the outcomes.

The third section will dive into the Security Rule administrative, physical, and technical safeguards with a look at each of the implementation specifications as follows with examples of what is necessary to be considered compliant in that area.

The forth section will discuss the importance of understanding the Omnibus and Breach Notification Rules. Then lastly a look at some additional resources are out on the Internet that can help with your Security Rule compliance efforts.

Why should you Attend: Do you need to know more about the HIPAA Security Rule? Is your organization even compliant? Do you have the correct policies and procedures in place? When did you have a risk assessment last and was it actually a true assessment? What would you do if you had a disaster and when was the last time you tested your contingency plan? These are just some of the questions you should already understand and have answers.

The HIPAA Security Rule created national standards and safeguards to protect individuals' personal health information that is created, used, maintained, or used for treatment, payments, and healthcare operations. These safeguards must be implemented to protect the confidentiality, integrity, and availability of ePHI that is created, received, maintained, or transmitted. Unlike other regulations, the Security Rule does not specify how the safeguards are implemented but what is required to protect ePHI.

Come learn about the HIPAA Security Rule and learn the basics of what you need to do to become compliant. The webinar will break down the Security Rule in an easy way to understand what should already be in place or needs remediation within your organization. A review will be performed on of the details of the administrative, physical, and technical safeguards needed to protect your organization. In addition, the Omnibus Rule and the Breach Notification rule will be discussed. With the amount of information out on the Internet we will look at additional resources that are available to help you with your HIPAA Security Rule compliance efforts.

Areas Covered in the Session:

What is the HIPAA Security Rule?
Who must comply?
What information has to be protected?
Enforcement and Penalties for Noncompliance
Overview of Security - Confidentiality, Integrity, Availability
Importance of Security
Rules of the Security Rule
HIPAA Security Rule Safeguards
Administrative Safeguards
Security Management Process
Assigned Security Responsibility
Workforce Security
Information Access Management
Security Awareness and Training
Security Incident Procedures
Contingency Plan
Evaluation
Business Associate Contracts and Other Arrangements
Physical Safeguards
Facility Access and Control
Workstation Use
Workstation Security
Device and Media Controls
Technical Safeguards
Access Controls
Audit Controls
Integrity Controls
Person or Entity Authentication
Transmissions Security
Organizational Requirements
Business Associate Contracts & Other Arrangements
Requirements for Group Health Plans
Policies, Procedures and Documentation Requirements
Omnibus Rule
Breach Notification Rule
Additional Resources

Who Will Benefit:
Providers
Health Care Professionals
Future Compliance Officers
Business Associates that Work with Providers and/or Hospitals
Brian Freedman - MentorHealth Speaker Profile
Brian Freedman , MS, CISSP, PMP, CHCO has earned his Masters of Science in Information Systems and has over 20 years working in IT and Information Assurance. Mr. Freedman leverages deep project management and technical experience in order to lead key elements to several Health-Information Technology (IT), Privacy and Security initiatives.