HIPAA Compliance for Company:
Insurance Broker/Agent
Audience:
Examples:
Insurance Brokers, Insurance Agents, Benefit Management Services, Third Party Administrators.
HIPAA compliance is the main goal for a healthcare-related company to have necessary safeguards to protect the privacy and security of Protected Health Information (PHI). The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information.
All healthcare organizations are required to comply with three main standards under an administrative section of the regulation.
- Transactions, Code Sets, and Identifiers
Defines the standards for conducting electronic data interchange (EDI) and certain web-based (direct data entry or DDE) administrative health transactions.
- HIPAA Privacy: The Standards for Privacy of Individually Identifiable Health Information
A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high-quality health care and to protect the public’s health and well-being.
- HIPAA Security Rule: Administrative, Physical and Technical safeguards
requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronically protected health information that is created, received, used, or maintained by a covered entity.
Our following steps and solutions will help companies to understand all the requirements of privacy and security rule so electronic data is protected while it is stored or transmitted due to the safeguards in place to comply with HIPAA.
Step 1: Training
- Comprehensive training for privacy security compliance officer (this is a requirement under the regulation. This person is responsible for ensuring you are HIPAA compliant)
- Provide HIPAA Awareness Training on HIPAA privacy and security training for all employees with access to PHI.
Step 2: Compliance manual for HIPAA: Create a manual for policies, forms, and procedures (only the compliance officer understands step 2, 3, and 4 requirements as awareness training do not address these requirements, that is why you take 24-hour long training)
- Conduct gap analysis for privacy rule and risk analysis as per the security regulation requirements
- Create privacy and security policies
- Complete contingency plan as required in the security rule
Step 3: Hacker & Ransomware Protection: Implementation of safeguards to protect PHI & PII
- Protect your computer network so it cannot be hacked (we will test your system like how bad guys try to break into your computer)
- Install ransomware protection which monitors threats 24 x 7. (this is new generation protection which STOPS encryption of your network)
Step 4: Remediation and ongoing audit
- The gap and risk found in your analysis (step 2) need to be corrected so you meet the compliance requirements
- Conduct an ongoing audits to ensure you are in continuous compliance.
Step 1: Training
10 employees awareness training: $225
One Compliance Officer Training: $1200 (does not include any optional items)
Step 2: Compliance Manual
Compliance template package: $1890 (includes following suit at a package price. You can buy them separately too)
- Privacy Policy Templates: $300
- Security Policy Templates: $495
- Security Risk Analysis Templates: $495
- Contingency Plan for BCP/DRP: $594
- HIPAA audit: $300
Step 3: Ransomware Protection
Around $100 per device per year. Cost reduces if you have more devices to protect.
Step 4: Remediation and Ongoing Audit
This cost depends on the finding of the risk analysis and network vulnerability assessment.
Contact us and we can discuss the cost to give you an estimate based on your specific needs.
Click on the Following Tabs to Learn More about the Compliance Solutions
Each employee receives a PDF for their own HIPAA certificate immediately upon successful completion of the training.
Cost: $25 per person
Overview
- Avg Completion Time: 1.5 Hours
- Format: Online Self-Paced Training
- Number of Total Slides: 66
- Access: Online Access for 60 Days
- Certificate of Completion: Yes
- Certificate Expiry: 2 Years
- Audio: Yes
- License: Single User
Course Outline:
- Refresher on HIPAA
- Definition: Health information
- Health Information: Sets and Subsets
- Information Covered: Privacy Rule
- Information Covered: Security Rule
- Minimum Necessary
- Required Retention Documentation
- Civil Penalties
- Criminal Penalties
- HIPAA Security Rule – Overview
- Administrative Standards
- Additional Standards
- Covered Entities
- Business Associates
- Contracting Arrangements
- Rules for the BA’s
- Business Associate Contracts
- Business Associate: BA Agreements
- Business Associate Close-Up: Insurance Broker-Agents
- Business Associate: Health Plan Broker/Agents
- Authorization versus Consent
- Authorization Requirements
- Defective Authorizations
- Permissible Activities and Patient Options
- Agenda
- Breach Notification Requirements
- Examples of Breaches
- Breaches & Fines
- Recent Healthplan Breaches
- Lessons – Learned?
- Ramifications
- Agenda
- Documentation
- Event Response & Risk Assessment
- Quick Review
- Agenda
- What the Future May Hold
- HHS/OCR Issuances
- Audits: Candidate Matrix
- Audits: Planned Approach
- Audits: Results
- Outcomes and Trends
- Summary
- Next Steps
This compliance templates manual kit includes the following templates suite in it. You can buy them as a complete suite or separately depending on which areas you need help in complying with.
Click on the following links for more details
- Fifty-Five (55) Privacy Policies, forms, and contracts ($300)
- Seventy (70) Security Policies, forms, and contracts ($495)
- Risk Analysis as per Security rule & Gap analysis as per Privacy rule ($495)
- Contingency plans as per security rule ($549)
- Ongoing Audit ($300)
Compliance Documentation Templates features
- Prebuilt policies and procedures to help you achieve compliance faster (see privacy policy sample)
- Prebuilt documents, contacts, and forms allow you to customize them and start using them quickly (see security policy sample)
- Prebuilt best practices of all the HIPAA documents required
- Documents are customizable as all templates are in Microsoft Word format
- Guides & samples on how to use Contingency plan templates are in PDF format
- The average implementation time is around 4-8 weeks
- CHPSE training for the compliance officer helps with the hands-on implementation
- Call in support included if you have questions
- If regulation changes, we provide you with updates to the documents so you do not have to buy the full suite.
Templates Overview
- Annual Cost: No
- Updated for Omnibus and HITECH: Yes
- Delivery: Emailed as Zip file
- Format: Microsoft Word Templates
- License: Single Organization
- Option to buy Consultant’s time: Yes
- Support Included: Yes
Cost for less than 50 employees (includes all 5 templates kits mentioned above): $1,890
More Info on HIPAA Compliance Template Suites
Buy Covered Entity HIPAA Compliance Tool NOW
Cost for more than 50 employees (includes all 5 templates kits mentioned above): $2,490
Vulnerability Assessment & Penetration Testing
IT Network is one of the most important elements of any organization and to ensure that your IT network is fully secured and working fine, we will conduct IT Network Penetration testing. This testing consists of a process that intentionally attacks your IT Network system with an intention of finding security weaknesses. This process will help in identifying the vulnerability in your IT network security before any real cyber-attack happens.
Vulnerability Assessment is a procedure that helps in identifying and correctly pinpointing the weaknesses in the overall IT Network and Communication system.
Using predefined profiles or customized configurations, the scan is run against the external portal facing the Internet or on your internal network. It runs quietly without consuming much network capacity, and in a non-disruptive manner: nothing is modified, and processes operate uninterrupted and as expected.
Read More on Computer Hacking Protection
Ransomware Protection for Healthcare Entities
Ransomware is a type of malware (malicious software) distinct from other malware; its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware until a ransom is paid. After the user’s data is encrypted, the ransomware directs the user to pay the ransom to the hacker (usually in a cryptocurrency, such as Bitcoin) in order to receive a decryption key. However, hackers may deploy ransomware that also destroys or exfiltrates2 data, or ransomware in conjunction with other malware that does so.
A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015). Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting that data. However, there are measures known to be effective to prevent the introduction of ransomware and recover from a ransomware attack. We can help with ransomware attack prevention and recovery from a healthcare sector perspective. Our solution will assist covered entities and business associates to prevent and recover from ransomware attacks, and how HIPAA breach notification processes should be managed in response to a ransomware attack.
Our Endpoint Protection Platform provides a multi-layered approach for detecting malware, exploit, and script-based attacks using a combination of machine learning coupled with both static analysis and system-wide behavior monitoring to isolate and mitigate threats in real-time. The management system, which can be deployed either in the cloud or on-premise, provides forensic analysis of threats and allows administrators to quickly resolve attacks through automated remediation and rollback features.
Read More on HIPAA Ransomware Protection Solution
Let us help you to Secure your network from Malware & Viruses. Call us at 515-865-4591
Implementation of HIPAA Remediation Project
HIPAA Remediation is the next step after identifying the gaps in the area of security. The goal is to address all gaps and meet the regulation requirements. After the risk analysis is complete, it is time to begin prioritizing remediation targets. In the risk analysis process, the gaps are divided into three priorities: High, Medium, and Low. Addressing the issues that are high priority can protect & secure PHI.
Sometimes some of the gaps identified are “quick fixes” without devoting more resources. This helps in moving quickly towards achieving complete HIPAA compliance.
Categorizing the gaps in priority levels will help in planning the timelines, devoting the time of compliance team members, and budgeting to complete the projects in a timely manner. It is important to take time and plan the remediation phases properly so there are no delays in the process.
After identifying resources to address the highest priority and easiest issues, schedule resources to address the longer-term remediation targets, as well as those of lower priority or of lesser risk.
After remediation projects are completed, conduct the final audit to make sure you are fully compliant. It is beneficial to use a third party to conduct your final audit to determine your compliance. The network assessment including external internal penetration testing & ransomware protection by the third party will ensure that you did not miss anything.
Compliance Audit
OCR does not need to understand your environment: they simply need to confirm that you are doing all you are required to do, and find you if you aren’t. They have no interest in your operations beyond this determination and result. Other audit firms are likewise driven. Neither is concerned with the burden this can create, or whether any efficiencies can be cogenerated along with achieving compliance to offset it. This is precisely where we are different from all the rest. We do care.
We understand the escalating costs you face, the mounting bureaucracy of regulations and paperwork, the increased drive to automate, and the disruptive change that can cause. Most firms do not grasp this because they have no direct experience themselves. We know the challenges you face because we have been there ourselves. That is why we work with and for you to achieve these goals: get you compliant and set it up to stay that way by building it into your processes.
Our techniques are the industry-standard, time-proven methods used by all firms:
- Interview
- Examination
- Observation
- Substantive Testing
We interview your in-house experts to determine their knowledge, awareness, and engagement with the importance of these requirements to gain a sense of the environment. We share with them our knowledge about the regulations to enhance their knowledge.
We examine your policy and guidance documentation to ensure that the regulatory requirements and properly embodied in them so that you have established the correct framework for performance, internal enforcement, and corrective action when needed.
We observe your staff at work as part of our gaining familiarity with your environment and to ensure that what we found in your documentation we actually find being practiced by your workforce.
We substantively test various parts of your automated systems to ensure that the stated specifications to support privacy and achieve the requirements of the Security Rule are in place and functioning correctly.
Our process verifies that all the requirements are being met regularly and reliably so that your expectations are being met and so that you can be confident by knowing rather than trusting that things are working properly.
The process is the same for both Covered Entities and Business Associates. One standard for all appropriate to each operational context means the Covered Entity can have the needed assurance that their Business Associates are meeting the requirements just as they are, thus having greater peace of mind and greater risk control at all levels.
Certificate for Continuing Education Credits:
Students can buy a CE credits certificate for this course at the time of registration. You will receive one CE credit for this course through the Approved Provider of California Board of Registered Nursing after completing the course.
Compliance Officer Training (25 hours duration):
This is comprehensive training for an employee/owner who is designated as a compliance officer. This person is responsible for ensuring that the company is HIPAA compliant. After the training officer shall have a better understanding and will be able to oversee all ongoing activities related to the development, implementation, and maintenance of the practice/organization’s privacy security policies and standards in accordance with applicable federal and state laws.
This course is comprehensive in nature as the job role requires it. There is no shortcut to this training just like if you want to be a doctor, can you take the 1-year course and become MD? Our Client list will show why we are trusted by so many companies.
Cost: $1200 (Additional Options to buy: $300 printed manual of 700 pages, $19.99 full-color 56 pages overview manual, $99 CHPSE® practice test, $250 two hours of Instructor support, $180 unlimited CHPSE® exam attempts)
Overview
- Avg Completion Time: 24-Hours
- Format: Online Self-Paced Training
- Audio: Yes
- Access: Online Access for 180 Days
- Certificate of Completion: Yes
- Certificate Expiry: 3 Years
- License: Single User
Course Outline For CHPSE Training For The Compliance Officer
CHPSE Training Demo
CHPSE Certificate Sample
Print your HIPAA certification immediately online upon successful completion of each course
One Hour HIPAA Overview Training Demo
HIPAA Certificate Sample
Print your HIPAA certification immediately online upon successful completion of each course
Course Features
- 24 x 7 access from anywhere for self-paced online courses
- One course for $25 to meet privacy and security awareness training requirement
- Courses created by HIPAA Expert with practical compliance experience and security expert
- Course updated for HITECH, Omnibus rule, meaningful use, and breach notification
- Instantly print or download Nationally Recognized Certificates
- Complete your course in one hour and get certification
- Online course with audio and PowerPoint slides for easy understanding of training
- American Disability Act (ADA) compliant course format and delivery
- 56 pages printed color manual available for purchase
- Online courses compatible with windows, apple, iPad, and other tablets
- Option to upgrade to Certified HIPAA Privacy Associate (CHPA) credential. Spanish Version is available too for CHPA.
- Complete compliance solution available based on your specific needs
- Group, university, and Colleges discounts available
- Unlimited Phone and Email Support
Each student receives their own HIPAA certificate online immediately upon successful completion of the training in PDF format which can be printed, emailed, or saved for future use.
Expert-Level Professional Certification Courses
CERTIFIED HIPAA PRIVACY SECURITY EXPERT (CHPSE)
To avoid civil money penalties and criminal penalties related to non-compliance with HIPAA and other associated acts, it is essential to have a comprehensive understanding of these acts. With CHPSE, advanced training in the areas of HIPAA Security rule & Privacy rule is imparted. This type of training is critical for compliance officers, consultants, and business associates who work in the healthcare industry.
CERTIFIED HIPAA SECURITY EXPERT (CHSE)
CHSE allows trained individuals to seamlessly implement the HIPAA Security rule in their organizations and protect the important health information of their clients. This training also includes elementary knowledge of the Privacy rule so that all the important bases are covered with respect to HIPAA compliance.
CERTIFIED HIPAA PRIVACY EXPERT (CHPE)
This certification is essential to have in-depth compliance knowledge of the HIPAA’s Privacy rule; through this training, you will also get a good understanding of the Security rule as well. CHPE training ensures that your employees are well-versed with the various aspects of the complex Privacy rule.
CERTIFIED HIPAA PRIVACY ASSOCIATE (CHPA)
This is an entry-level certification that provides a basic understanding of HIPAA. CHPA training is targeted towards those individuals (new employees, students, etc.) who are only required to have a fundamental knowledge of HIPAA and not advanced. CHPA Course & exam are now available in Spanish also.
Other Company Versions
Frequently Asked Questions
General
Is your training certified by the government?
Is this training valid in all states?
What if I don’t pass the final exam? Do I have to pay for the training again?
Do I need to take the HIPAA Awareness training course, HIPAA Security training course, or both?
How long do I have to take the training?
Do you have an eval program where I could view the training?
Individual Training
What is the cost of training for an individual?
What course do I need to take?
Do you offer training that an organization can use to train its employees?
Can I train multiple people using an individual account?
What if I want to put a different name on the certificate from the information I enter on the registration screen for my billing information?
Organizational Training
Do you offer training that an organization can use to train its employees?
Who is the organizational training for?
What is the minimum number of seats I need to create an organizational training account?
Can I add seats later on?
If I purchase seats after my initial purchase do I still get a volume discount?
Do you offer to report with the organizational training account so I can tell who has taken the training?
If I am an organization, can I just purchase the training only?
Works on PCs, Macs, iPads, iPhones, Android Tablets, Android Phones,and
more
Complete your training online on any device, anywhere,
anytime 24 x 7.