The Health Insurance Portability and Accountability Act (HIPAA) was established by the U.S. Department of Health and Human Services to set standards and requirements for maintaining and transmitting healthcare information. HIPAA aims to safeguard electronic patient health information’s security and confidentiality while reducing the costs associated with paper-based record transactions. It applies to any organization that accesses, stores, maintains, or transmits patient-identifiable information and mandates compliance with specified deadlines.
Our comprehensive four-day training program, conducted both in classrooms and online, focuses on understanding the implications of HIPAA legislation and identifying critical compliance requirements for businesses and clients. Participants gain insights into the Administrative Simplification Act of HIPAA, learn how to establish frameworks for Privacy and HIPAA Security compliance, and develop strategies for regular audits to prevent regulatory violations.
Our training also covers revised HIPAA regulations influenced by the Health Information Technology for Economic and Clinical Health (HITECH) Act, a component of the American Recovery and Reinvestment Act (ARRA) of 2009, and the Omnibus Rule of 2013. Our instructors, who are HIPAA consultants, provide guidance to meet the requirements outlined in the HIPAA audit checklist issued by the Department of Health and Human Services (DHHS), Office of e-Health Standards and Services.
This training will prepare you for HIPAA Certification of Certified HIPAA Privacy Security Expert (CHPSE), Certified HIPAA Security Expert (CHSE), Certified HIPAA Privacy Expert (CHPE), and Certified HIPAA Privacy Associate (CHPA).
Register Now for the Instructor-led Classroom Training: $2799
Register Now for Live Instructor-led Webcast Training: $3299
HIPAA Training for Security, Privacy, and Transaction: Learning Objectives
Our training equips individuals with advanced skills in designing, implementing, and managing comprehensive privacy and security programs tailored for various healthcare organizations. The training aims to:
- Provide a thorough understanding of HIPAA, its implications for organizations, and the potential policy, procedural, and process changes required to handle patient records in compliance with HIPAA regulations.
- Explore the impact of HIPAA rule changes resulting from the ARRA 2009 HITECH Act and the Omnibus rule of 2013.
- Delve into the federal meaningful use program and incentives for adopting electronic health records.
- Examine the current and potential applications of social media, mobile technologies, and big data in healthcare, while addressing associated privacy and security risks.
- Illuminate the foundational objectives of HIPAA, including ensuring continuity and portability of health benefits, combating fraud and abuse in healthcare, reducing administrative costs, establishing uniform standards for electronic healthcare transactions, and safeguarding patient health information.
- Develop a comprehensive understanding of HIPAA Security, Privacy, and Transaction rules.
- Define the roles and responsibilities of Business Associates and outline the necessary steps they must take to ensure HITECH HIPAA compliance.
- Assess the organizational impact of HIPAA implementation on staff structuring and compliance monitoring for patient privacy and confidentiality.
- Familiarize participants with the new Enforcement rule.
- Explore specific requirements and implementation features within each security category.
- Guide participants through step-by-step planning and preparation for HIPAA compliance, including awareness, assessment, and action focused on identified gaps.
- Cover all mandatory and addressable HIPAA Security Implementation specifications.
- Review essential components of a security policy document tailored for healthcare entities.
- Provide insights into business continuity and disaster recovery planning, highlighting core elements of compliance plans required for healthcare entities.
- Analyze international security standards such as NIST, ISO 27002, and BS 7799, and establish crosswalks between NIST, SOX, ISO, and HIPAA requirements.
Course Outline for HIPAA Compliance
HIPAA Compliance Training – Day 1
HIPAA Fundamentals
- HIPAA Basics: An overview of the Health Insurance Portability and Accountability Act of 1996 (all provisions)
- HIPAA’s Administrative Simplification Title: Review of the provisions of the Administrative Simplification Title. This includes transaction and code set standards (administrative transactions), national identifiers, privacy requirements, and security requirements.
- HIPAA Penalties: Review of the HIPAA enforcement rule including informal and formal remedies, requirements of covered entities, the role of business associates as agents, and enforcement bodies.
- HIPAA-Related Organizations: Discussion of entities/organizations specifically designated as standard maintenance organizations and statutorily defined advisory bodies.
- HIPAA Terminology and Definitions Covered Entity: Review of definitions included in the
Administrative Simplification Title-related rules (list not inclusive).
- Covered Entity
- Health Plan
- Clearing House
- Health Care Provider
- Business Associates
- Trading Partner Agreement
- Workforce
- Organized Health Care Arrangement
HIPAA Transactions, Code Sets, and Identifiers
- Transactions
- Impacted Health Care Transactions
- Target Entities
- Scope
- Penalties
- ASCA
ANSI ASC X12 Standard
- Transaction Type 270
- Transaction Type 271
- Transaction Type 276
- Transaction Type 277
- Transaction Type 278 Request and Response
- Transaction Type 820
- Transaction Type 834
- Transaction Type 835
- Transaction Type 837 – Professional
- Transaction Type 837 – Institute
- Transaction Type 837 – Dental
HIPAA Code Sets
- ICD-9-CM Volumes 1 and 2
- CPT-4
- CDT
- ICD-9-CM Volume 3
- NDC
- HCPC
HIPAA National Health Care Identifiers
- Provider Identifier
- Employer Identifier
- Health Plan Identifier
- Individual Identifier
HIPAA Compliance Training – Day 2 Privacy
HIPAA Privacy Rule Part 1
- Introduction: Overview of the HIPAA Privacy Rule
- Who is Impacted (e.g., the definition of covered entities, business associates)?
- Scope (Activities covered by the rule)
- Exceptions (Specifically included or referenced exceptions that allow the use and disclosure of patient/health plan member protected health information (PHI))
- Timeline (Effective date of the rule, timelines related to certain requirements identified in the privacy rule such as accounting of disclosures, document retention requirements, etc.)
- Key Definitions: Review of key definitions associated with the privacy rule and how they apply to rule application and compliance.
- IIHI
- PHI
- Deidentified Information
- Use
- Disclosure
- Treatment
- Payment
- Health Care Operations
- Notice Requirement: Review of the requirements to draft and make available a notice of privacy practices, the content of the such notice, revision requirements, and availability requirements.
- Core Elements
- Changes to a Notice
- First Interaction
- Authorization versus Consent Requirement: Review the legal definitions of consent and authorization and what they would be used for. Review of the legal requirements related to obtaining authorization, the form of such authorization, and content requirements.
- Definition of “consent”
- Definition of “authorization”
- Legal differences between “consent” and “authorization”
- Core Data Elements and Required Statements
- Defective Authorizations
- Revocations
- Key Parties Impacted: A discussion of all entities or individuals directly or indirectly impacted by the rule and why.
- Minimum Necessary: Discussion of the definition of the minimum necessary and when it applies to the use and disclosure of PHI (internally and externally)
- Oral and Other Non-electronic Communications: A discussion of what constitutes PHI pursuant to the rule and the related requirements to protect non-electronic PHI, including oral PHI.
- Health-Related Communications, Fund Raising, and Marketing: Review of the requirements related to the use of PHI for communications other than treatment, payment, and health care operations. Also, a review of the strict requirements relating to the use of PHI for marketing and fundraising.
- Research: A review of the requirements related to the use of PHI for research including what processes must be followed prior to allowing the use of PHI in research without the patient/health plan member’s authorization.
HIPAA Privacy Rule Part 2
- Policy & Training Requirements: A review of the implied and explicit requirements to develop, implement and maintain privacy policies and procedures and the requirement to provide initial and ongoing staff training.
- Preemption Requirements: A review of state law preemption. This includes a discussion regarding when state law may preempt the rule without specific authorization from the US Department of Health and Human Services (HHS) and when authorization is required prior to state law preemption of HIPAA.
- State Privacy Laws: A general review of state privacy laws that preempt HIPAA (categorized as specially protected health information) with specific reference to select California state laws.
- Federal Privacy Law – 42 CFR Pt. 2: A discussion of the most stringent requirements found in 42 CFR Pt. 2 relating to alcohol and chemical dependency
- Statutory/Rule Conflict Resolution: Discussion of how to respond when federal and/or state law conflicts.
- Case Law: A review of general case law that has impacted the application of HIPAA, state privacy laws, and impacts legal risks.
HIPAA Compliance Training – Day 3 Security
HIPAA Security Rule Part 1
- General:
- Threats: General review of threats (real and perceived) prompting Congress to include security requirements in the HIPAA Administrative Simplification Title.
- Definition and Terminology: Review of general definitions of security and specifically how those definitions apply to the rule and what data must be protected by the implementation of appropriate security measures.
- Security
- Security Services
- Security Mechanisms
- General (continued):
- Security Rules: Detailed review of the security rule, components of the security rule, and specific requirements (including a reference back to security requirements referenced in the HIPAA Privacy Rule).
- Categories of Safeguards
- Implementation Specifications
- Approach and Philosophy
- Security Principles
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
- Organizational Requirements
- Policies and Procedures, and Documentation Standards
- Administrative Safeguards: Definition of “administrative safeguards” as they relate to security and the rule. A review of required administrative safeguards and their application within a covered entity and business associate.
- Administrative Safeguards
- Security Management Process
- Assigned Security Responsibility
- Workforce Security
- Information Access Management
- Security Awareness and Training
- Security Incident Procedures
- Contingency Plan
- Evaluation
- Business Associate Contracts Standard
- Physical Safeguards: Definition of “physical safeguards” as they relate to security and the rule. A review of required physical safeguards and their application within a covered entity and business associate.
- Requirements
- Facility Access Controls
- Workstation Use
- Workstation Security
- Device and Media Controls
- Physical Safeguards Review
HIPAA Security Rule Part 1
- Technical Safeguards (general): Definition of “technical safeguards” as they relate to security and the rule. A review of required technical safeguards and their application within a covered entity and business associate.
- Requirements
- Access Control
- Audit Controls
- Integrity
- Person or Entity Authentication
- Security Compliance process: Risk Analysis, Vulnerability Assessment, Remediation, Contingency Planning, Audit & Evaluation
- Transmission Security
- Technical Safeguards (technical details): A review of required technical safeguards including a more technical review of required or addressable safeguards, implementation, and ongoing maintenance.
- TCP/IP Network Infrastructure
- Firewall Systems
- Virtual Private Networks (VPNs)
- Wireless Transmission Security
- Encryption
- Overview of Windows XP and Vista Security
HIPAA Compliance Training – Day 4 Security, Enforcement Rule & ARRA 2009
HIPAA Security Rule Part 2
- Digital Signatures & Certificates: A review of the use of higher forms of individual or entity authentication that is quickly becoming a requirement legally and to reduce legal risk.
- Requirements
- Digital Signatures
- Digital Certificates
- Public Key Infrastructure (PKI)
- Solution Alternatives
- Identity theft prevention and HIPAA
- Security Policy: A review of the requirements to document security program practices and processes in policy and related workforce training requirements. Also a review of required policy maintenance and retention.
- Risks, Risk Management, and Policy Development/Implementation
- General Security Standards Impact on Policy Development
- Policy Training Requirements
- Security Policy Considerations
Enforcement Rule
- Overview: An overview of the rule and rule requirements including entities and individuals the rule applies to
- Definitions: A review of rule definitions including (not inclusive) what represents a violation, compliance, definition of agent, resolution processes, and HHS enforcement powers.
- Informal resolution process: A discussion of what an informal resolution is and what it entails. Also, a review of the rule’s emphasis on informal resolution and language allowing such resolution at any phase of a violation investigation, penalty assessment, and appeal.
- Formal resolution process (i.e., penalties, administrative hearings, appeal process, etc.): A discussion of what would likely trigger a formal resolution process, HHS requirements and authority to investigate, rights and responsibilities of covered entities and resulting actions if civil penalties are levied and paid by the covered entity.
- Compliance audits A discussion of the authority to conduct compliance audits, current audit activity, and prospective audit activity.
Identity Theft Protection Laws
A general review of existing identity theft protection laws and breach notification requirements. Includes a specific discussion of California identity theft and medical identity theft protection laws.
American Recovery and Reinvestment Act of 2009 (ARRA), Title XIII
A general overview of Title XIII health information technology (HIT) incentives and requirements provisions. This discussion will focus on an overview of the role of privacy and security in HIT investment provisions and standards development.
American Recovery and Reinvestment Act of 2009 (ARRA), Title XIII, Subtitle D HITECH
- Privacy Provision Overview: Overview of the privacy provisions included ARRA and the relationship to the HIPAA Administrative Simplification Title provisions.
American Recovery and Reinvestment Act of 2009 (ARRA), Title XIII, Subtitle D HITECH
- Business Associates – New Requirements: A discussion of business associates’ new requirement to statutorily adhere to the provisions of the HIPAA Administrative Simplification Title Privacy and Security Rules. The discussion includes a review of the timeline for compliance and the implications for business associates.
- National Identity Theft Protection Provisions: A discussion of the requirements of the new identity theft protection provisions, what is considered a breach or inappropriate disclosure, breach notification requirements, and entities/individuals covered. The discussion also includes new reporting requirements by entity/individual, HHS, and the Federal Trade Commission (FTC).
- Marketing Prohibitions and Restrictions: An overview of the enhanced restrictions related to the use and disclosure of PHI where the entity or individual is paid for such use and disclosure and stricter prohibitions against using PHI for marketing purposes.
- Enforcement Provisions: A discussion of the new enforcement provisions, entities/individuals covered, and how such enforcement relates to the HIPAA Enforcement Rule and current compliance audits. The discussion also includes a discussion of changes in penalties and the addition of a newly defined criminal act (formerly a civil violation).
- Reporting Requirements: A discussion of new requirements for the reporting of breaches to HHS and/or the FTC and annual reports relating to compliance, rule violations, breaches, etc. to Congress and the public.
Red Flag Rules
With identity theft and other problems on the increase, the additional efforts needed to be made to combat this new avenue of fraud against health care. With so much information available and in the hands of many people delivering care, processing payment, and handling the operational and regulatory uses of this information, it was inevitable that healthcare would become a target for exploitation. Changes to the law have helped, and this chapter covers the following topics to better protect your information resources:
- Red Flag Rule Overview
- Definition of “red flags” and how to spot them
- State Identity Theft Protection Laws & ARRA Breach Notification Requirements
- Identity Theft Protection Program Requirements
- Implementation Tips
HIPAA Solutions – Parts 1 & 2
One of the cornerstones of a successful HIPAA security program is the performance of risk analysis and the creation of a risk management program. These two chapters will walk you through a program of risk analysis and show you how to perform one that focuses on the specific areas that HIPAA requires. You will learn techniques to set a severity scale that is specific to your organization; evaluate and compare risk elements against it; identify and quantify your assets; clarify threats and vulnerabilities that can compromise those assets; develop a strategy to protect against those threats that are both operationally effective and economically efficient. When you complete this section, you will be ready to help get your organization compliant now and keep it that way into the future.
Meaningful Use
Meaningful Use is one of the hottest current topics in Healthcare. In stages, the Meaningful Use program lays out a series of accomplishments and metrics that over time lead to achieving the objective of securely automating healthcare institutions and providers. In addition to having a program of steps over the years of 2011-2016, the US Government has outlined a financial incentive program to further encourage participation and compliance, and reduce the impact of this pervasive change. This module covers:
- ARRA & Meaningful Use Rule Overview
- Meaningful Use Requirements – Stage 1 & 2
- Privacy & Security Related Measures
- Meeting Core Requirement 15 (HIPAA Compliance)
- Vendor Requirements
- How to Prepare
Omnibus Rule of January 2013
- Background
- Breach Notification Rule
- New Limits on Uses and Disclosures of PHI
- Business Associates
- Increased Patient Rights
- Notice of Privacy Practices
- Increased Enforcement
Upon completion, the attendee will know what is required, how it will be measured, and how to achieve and measure it.
HIPAA Compliance Training – Day 5 (part of onsite training/customized HIPAA training only)
Call for details on content for this day.
HIPAA Compliance Training
Our HIPAA Compliance Training course will help key compliance team members to be compliant with HIPAA job role based training requirement.
4.6 based on 767 reviews
$2700
New
HIPAA Training for Security, Privacy, and Transaction: Pricing
Register Now for the Instructor-led Classroom Training: $2799
Register Now for Live Instructor-led Webcast Training: $3299
The cost includes Training Kit:
- HIPAA Compliance Training Manual (worth $450)
- HIPAA Security Policy Templates (sent by e-mail) (worth $495)
HIPAA Certification Test:
The above training prepares you for:
- Certified HIPAA Privacy Security Expert (CHPSE)
- Certified HIPAA Security Expert (CHSE)
- Certified HIPAA Privacy Expert (CHPE)
- Certified HIPAA Privacy Associate (CHPA)
Continuing Education Requirements After Getting Certified:
All certified professionals are required to take Cyber Security Awareness For Employees within 1 month of getting certified. You can take this training before or after getting certified. If you are a cybersecurity professional, you can request an exception (provide the reason why you should not take the training and provide your cybersecurity certification credentials) to take this training but you will have to complete the test.
Course Name: CyberSecurity Awareness For Employees
Description: OCR is focusing on cybersecurity awareness for the covered entities and business associates after the FBI issued a warning for the healthcare industry. This training is a continuing education course needed for all HIPAA certifications (CHPSE, CHPE, and CHSE) professionals to maintain their credentials. This is a non-technical course and anyone can take it. There are no prerequisites for it.
Students learn how hackers use social engineering tools like spoofing, Deceptive Phishing, W2 Phishing, Search Engine Phishing, Pharming, Spear Phishing, Whaling / CEO Fraud, Vishing, SMiSHing, Dropbox Phishing, Google Docs Phishing, Image Phishing, Piggybacking, Dumpster diving, Eavesdropping and many more on company employees. With different types of Malware like Computer viruses, Worms, Trojan horses, Ransomware, Spyware, Adware, Scareware, Keylogger, etc., you want to be aware of threats around you. The overall goal is to protect you from financial losses, identity theft, and damage to your reputation caused due to breaches of security by criminals.
Cost: Included with the HIPAA training cost. You need to buy a Certified Cybersecurity Awareness Professional (CCAP) certification exam if needed.
Visit Here for CyberSecurity Awareness For Employees Course Outline
Once a year all students will have to go through one hour of update course (normal cost $99) which will include relevant regulation changes and other OCR/HHS activities on compliance and enforcement.
To maintain your HIPAA certification, you will continue taking updated courses when they are released. You will receive a new certificate when your certificate will expire if you have taken all required updated courses. You will NOT be required to take any test if you have taken the updated courses regularly.
Certificate for Continuing Education Credits:
Students can buy a CE credits certificate for this course at the time of registration. You will receive 32 CE credits for this course through the Approved Provider of California Board of Registered Nursing after completing the course.
To View Training Schedule:
Click Here for HIPAA Training Schedule
Our mission is to provide the highest quality service to achieve your educational goals.
For more information, please contact us at Bob@supremusgroup.com or call (515) 865-4591 FREE