The U.S. Department of Health and Human Services, Office for Civil Rights, regulators describe HIPAA as the “floor” with respect to what is required of healthcare organizations to protect patient data and related information assets. In addition to HIPAA, healthcare organizations are subject to a host of other state and federal privacy and security laws. These include:
- Payment Card Industry Data Security Standard (PCI DSS),
- Clinical Laboratory Improvement Amendments (CLIA),
- Patient Safety and Quality Improvement Act (PSQIA)
- Children’s Online Privacy Protection Rule (COPPA),
- Fair and Accurate Transaction Act (FACTA)
- Food and Drug Administration (FDA) rules,
- Health Information Technology for Economic and Clinical Health (HITECH) Act,
- Laws that govern electronic media and protect information asset.
Various state laws that address breach notification, protection of personal information, encryption, and medical records also affect a healthcare organization’s privacy and information security programs. As use of electronic media in healthcare organizations increase, so too will laws that govern their use. Increasing demand and the expectations of clinicians, patients, and researchers to control individual health information while meeting the challenges of improving the health of individuals and populations will require new and innovative approaches to protecting privacy.
This one and a half day seminar on state and federal privacy and security laws for healthcare organizations will:
- Discuss how HIPAA myths and misconceptions have negatively affected privacy and information security programs.
- Explain why the emphasis on HIPAA may be preventing you from evolving your programs to meet patient and provider expectations in the era of electronic records and new directions in population health.
- Provide an overview of other laws affecting healthcare organizations.
- Describe how to select and implement privacy and security frameworks that will enable you to evolve your programs from a regulatory perspective to a cultural norm.
- Introduce risk analysis and risk management methods, strategies, and key principles of risk mitigation to help you develop an effective and efficient risk process tailored to the uniqueness of your organization.
- Discuss privacy and information security governance processes, the foundation for effective and robust programs and will explore case studies on how to evaluate governance.
- Present a comprehensive methodology for evaluating your privacy and information security programs, including tools you can use to evaluate your programs.
- Discuss the future roles of privacy and information security professionals in healthcare including new requirements and job skills needed to lead and manage programs.
Upon completing this course on healthcare compliance participants will:
- Understand how HIPAA represents the “floor” of privacy and information security programs and how to change this perspective in their organization.
- Understand how other federal and state privacy and security laws affect healthcare.
- Describe the primary functions and uses of the Notice of Privacy Practices and why this document is the primary foundation for their privacy and information security program.
- Investigate various privacy and security program frameworks and determine which frameworks will work best in their organization and how to implement them.
- Learn risk analysis methods and tools and how to develop a risk profile for their organization.
- Perform risk assessments more effectively and develop methods to monitor risk on an ongoing basis.
- Develop effective and measurable risk mitigation plans for their organization.
- Understand the paradigm shift that will change privacy and information security programs from a regulatory perspective to becoming a cultural norm.
- Understand why privacy and information security governance is critical to developing and maintaining effective, robust, and sustainable programs.
- Develop methods for evaluating governance processes.
- Learn the components of effective privacy and information security programs and how to evaluate programs.
- Understand new concepts in data governance and what this means for the future of programs and privacy and information security professionals.
- Understand the future roles of privacy and security officers, including new skills needed, how responsibilities will change, and new opportunities.
Who Will Benefit:
This course is designed for privacy and information security professionals in healthcare or professionals in other fields who aspire to become officers in healthcare organizations. It will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers or IT companies serving hospitals. Senior leaders and trustees will benefit by learning why privacy and information security programs are changing and the essential roles they can play in this transformation. The following personnel will benefit from the course:
- Trustees and Directors of Healthcare Organizations
- Clinical Trial Analyst
- Senior Leaders and Managers in Healthcare
- Privacy Officers
- Information Security Officers
- Clinical Data Management Personnel
- Record Management Professionals
- Quality Professionals
- Safety Officers
- Compliance Professionals
- Health Information Management Professionals
- Chief Information Officers and Information Technology Professionals
- Informatics Officers
- Biomedical Engineers
- Legal Affairs
- Internal Auditors
- Risk Managers