http://hcsiinc.com
Breaches happen every day! Why not prevent having a breach turn into a 90 day audit? This presentation helps you develop your HIPAA Privacy and HIPAA Security program.
If interested in help, many companies are a hit and run operation. From day one and every quarter of the year, HCSI guides the compliance representative through the HIPAA process of preparing for an audit. The practice will have everything an auditor would need, resulting in the audit taking minutes instead of days.
Have you ever felt confused by HIPAA’s complex regulations? Even if you are well versed in the laws, there are still many headache inducing intricacies. In this webinar, an experienced HIPAA auditor will highlight the basics of HIPAA, its regulations, what you need to know about it, and how it may affect you, especially with a new wave of HHS audits looming. The webinar is designed for HIPAA novices and experts alike, and all questions are encouraged in this interactive session.
HIPAA applies to “PHI” (Protected Health Information).
PHI Information’s are those information that identifies who the health-related information belongs to. I.e. names, email addresses, phone numbers, medical record numbers, photos, driver’s license numbers, etc.
For an example if you have something that can identify a user together with health information of any kind (from an appointment, to a list of prescriptions, to test results, to a list of doctors) you have PHI that needs to be protected as per HIPAA regulations.
Have you ever felt confused by HIPAA’s complex regulations? Even if you are well versed in the laws, there are still many headache inducing intricacies. In this webinar, an experienced HIPAA auditor will highlight the basics of HIPAA, its regulations, what you need to know about it, and how it may affect you, especially with a new wave of HHS audits looming. The webinar is designed for HIPAA novices and experts alike, and all questions are encouraged in this interactive session.
HIPAA applies to “PHI” (Protected Health Information).
PHI Information’s are those information that identifies who the health-related information belongs to. I.e. names, email addresses, phone numbers, medical record numbers, photos, driver’s license numbers, etc.
For an example if you have something that can identify a user together with health information of any kind (from an appointment, to a list of prescriptions, to test results, to a list of doctors) you have PHI that needs to be protected as per HIPAA regulations.
PowerPoint presentation from the Human Subjects Research Committee at the University of North Alabama,
in Florence, AL, concerning HIPAA policies and procedures.
While this presentation offers a rudimentary understanding of HIPAA as it relates to PHRs, its primary objective is to highlight key aspects of PHR privacy policies provided by non-covered entities (Microsoft & Google) and argue that HIPAA, after significant amendments, should be extended to them.
The Health Insurance Portability and Accountability Act (HIPAA) was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage – such as portability and the coverage of individuals with pre-existing conditions.
https://www.hipaajournal.com/hipaa-training-requirements/
HIPAA compliance for Business Associates- The value of compliance, how to acq...Compliancy Group
HIPAA compliance for Business Associates has become critical as you deal with medical professionals. During this webinar we will explain the law and what Business Associates need to know and do and how to differentiate your firm to acquire new and maintain current clients.
In this webinar, we will discuss:
-The steps on how to become HIPAA compliant as a Business Associate
-What an effective BAA should include
-How to help existing and new healthcare clients with compliance
-Why it is important to differentiate yourself as HIPAA compliant
PowerPoint presentation from the Human Subjects Research Committee at the University of North Alabama,
in Florence, AL, concerning HIPAA policies and procedures.
While this presentation offers a rudimentary understanding of HIPAA as it relates to PHRs, its primary objective is to highlight key aspects of PHR privacy policies provided by non-covered entities (Microsoft & Google) and argue that HIPAA, after significant amendments, should be extended to them.
The Health Insurance Portability and Accountability Act (HIPAA) was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage – such as portability and the coverage of individuals with pre-existing conditions.
https://www.hipaajournal.com/hipaa-training-requirements/
HIPAA compliance for Business Associates- The value of compliance, how to acq...Compliancy Group
HIPAA compliance for Business Associates has become critical as you deal with medical professionals. During this webinar we will explain the law and what Business Associates need to know and do and how to differentiate your firm to acquire new and maintain current clients.
In this webinar, we will discuss:
-The steps on how to become HIPAA compliant as a Business Associate
-What an effective BAA should include
-How to help existing and new healthcare clients with compliance
-Why it is important to differentiate yourself as HIPAA compliant
Healthcare IT thought leadership and practice managers continually seek ways to foster a culture of alertness when it comes to HIPAA compliance. They have the dual challenge of staying on the right side of federal regulators and stopping would-be hackers. This is especially true given the potential impact a data breach can have on their organization’s reputation and bottom line. By reflecting on 2015, it becomes clear that covered entities and business associates alike will continue to prepare to mitigate the threat of cyber-attacks and the planned ramp up of OCR Phase 2 Audits.
HIPAA compliance Tune-up for 2016 is the topic of this webinar – which will be focused on mitigation strategies Covered Entities and BA’s alike can take to minimize the risk of data breach or actions prompting an OCR Audit.
"This session brings together the interests of engineering, compliance, and security as you align healthcare workloads to the controls in the HIPAA Security Rule. We'll discuss how to architect for HIPAA compliance using AWS, and introduce a number of new services added to the HIPAA program in 2015, such as Amazon Relational Database Service (RDS), Amazon DynamoDB, and Amazon Elastic MapReduce (EMR). You'll hear from customers who process and store Protected Health Information on AWS, and how they satisfied their compliance requirements while maintaining agility.
This session helps security and compliance experts see what's technically possible on AWS, and how implementing the Technical Safeguards in the HIPAA Security Rule is simple and familiar. We map the Security Rule's Technical Safeguards to AWS features and design patterns to help developers, operations teams, and engineers speak the language of their security and compliance peers."
Application Developers Guide to HIPAA ComplianceTrueVault
Software developers building mobile health applications need to be HIPAA compliant if their application will be collecting and sharing protected health information. This free plain language guide gives developers everything they need to know about mobile health app development and HIPAA.
Not every mHealth app needs to be HIPAA compliant. Not sure whether your mHealth application needs to be HIPAA compliant or not? Read the guide to find out!
The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164.
HIPAA Security Rule list 28 adminstrative safeguards, 12 Physical safeguards, 12 technical safeguards along with specific organization and policies and procedures requirements. EHR 2.0 HIPAA security assessment services help covered entities to discover the gap areas based on the required and addressable requirements.
There are two main rules for HIPAA. One is a rule on privacy and the other on Security.
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. The Privacy Rule is located at 45 CFR Part 160 and Subparts A and E of Part 164.
How often the security should be reviewed?
Security standard mentioned under HIPAA should be reviewed and modified as needed to continue provision of reasonable and appropriate protection of electronic protected health information.
Confidentiality
Limiting information access and disclosure to authorized users (the right people)
Integrity
Trustworthiness of information resources (no inappropriate changes)
Availability
Availability of information resources (at the right time)
http://ehr20.com/services/hipaa-security-assessment/
HIPAA & HITECH Made Easy for Behavioral Health Professionals -- Marlene MaheuMarlene Maheu
HIPAA & HITECH Made Easy for Behavioral Health Professionals
1-Hour Webinar
At the TeleMental Health institute, we have the option for you to earn CEUs while you learn thee updates of HIPAA and HITECH:
For 1 CEU for mental health professionals and nurses, go to this page: for details: http://telehealth.org/hipaa-hitech
Join the innovative group of over 1,200 mental health professionals at the TeleMental Health Institute: www.telehealth.org
Developers building healthcare applications for mobile devices, wearables and the desktop need to understand HIPAA requirements in order to build apps that are in compliance. This deck gives application developers an overview of the HIPAA rules and what it means for their software development.
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...Skoda Minotti
Most medical practices are aware of the HIPAA HITECH requirements that affect their organizations, and the fines that they face if they are not compliant in the ways they handle patient health information (PHI).
What a lot of professionals don’t know is that HIPAA HITECH regulations also hold business associates, (i.e. other professionals from other companies who could also have access to PHI) just as responsible for protecting the data as the medical practices who own that information.
Achieving HIPAA Compliance: The Roadmap to Certification SuccessShyamMishra72
Achieving HIPAA compliance is crucial for any organization handling protected health information (PHI) to ensure the privacy and security of patient data.
Here's a roadmap to certification success:
Understand HIPAA Requirements: Familiarize yourself with the Health Insurance Portability and Accountability Act (HIPAA) and its requirements, including the Privacy Rule, Security Rule, and Breach Notification Rule.
HIPAA Audits Are Here to Stay – Key Preparation Strategies for Business Assoc...Polsinelli PC
Our panel, which includes two former OCR staffers who played key roles in policy and enforcement activities, will provide status updates and practical tips to help you prepare for business associate and covered entity audits.
Our agenda:
-OCR Audit Status Update
-OCR Document Request List
-How to Document Your Security Rule Compliance
-The Importance of Up-To-Date Security Risk Analysis
-How to Build Your "HIPAA Audit Binder"
-Even if You Are Not Selected: How Audit Preparation Can Assist in Breach/Complaint Investigations
-Key Takeaways/Recommendations
Demystifying HIPAA Certification: Your Path to ComplianceShyamMishra72
In today's digital age, healthcare organizations face a myriad of challenges in safeguarding patient data while providing quality care. With the increasing adoption of electronic health records (EHRs) and digital health technologies, ensuring the security and privacy of sensitive health information has never been more critical.
This is where HIPAA (Health Insurance Portability and Accountability Act) comes into play as a vital framework for protecting patient data.
This is a proposed training outline for privacy compliance in the healthcare industry, specifically using electronic medical records, HIPAA and HITECH compliance.
3 Steps to Automate Compliance for Healthcare OrganizationsAvePoint
In this webinar, AvePoint's Chief Compliance & Risk Officer Dana Simberkoff and AvePoint's Director of Risk Management & Compliance Marc Dreyfus shared the playbook to jumpstart your comprehensive, automated program to mitigate the risk of data loss, privacy, and security breaches using AvePoint Compliance Guardian’s “Say it, do it, prove it” approach. To watch the webinar, please visit: http://www.avepoint.com/resources/videos/
Importance of HIPAA Compliance for Small Healthcare Clinics.pptxIT in DFW
HIPAA stands for Health Insurance Portability and Accountability Act. It acts as a national standard to protect sensitive patient health information from getting disclosed.
Patient confidentiality is very important in healthcare. Healthcare members of all capacity, are exposed to a multitude of information, and access to obtain information on many individuals. This presentation stresses those important factors as well as communicates the various ways we can protect PHI.
Navigating Healthcare Compliance: A Guide to HIPAA CertificationShyamMishra72
In the ever-evolving landscape of healthcare, protecting patient information is paramount. The Health Insurance Portability and Accountability Act (HIPAA) was enacted to safeguard the confidentiality and security of individuals' health data. As healthcare organizations strive to uphold these standards, many are exploring the concept of HIPAA certification. In this blog post, we will delve into the importance of HIPAA compliance, the role of certification, and how organizations can navigate the certification process.
What is HIPAA?
HIPAA: Health Insurance Portability and Accountability Act
It was passed by Congress in 1996
It includes requirements for:
Transfer and continuation of health insurance coverage for millions of American workers and their families when they change or lose their jobs
Reducing healthcare fraud and waste
The protection and confidential handling of protected health information
HIPAA Security Rule
Establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity.
Requires appropriate safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.
Safeguards include:
Administrative
Physical
Technical
Administrative Safeguards
HIPAA security rule requires covered entities to implement the following administrative safeguards:
Security Management Process
Security Personnel
Information Access Management
Workforce Training
Evaluation
Physical Safeguards
The security rule requires covered entities to implement physical safeguards such as:
Facility Access and Control
Access can be restricted through use of access cards, biometric scanners, keys, pass codes and so on
Workstation and Device Security
Develop and implement policies for workstation and device security
Implement unique password/user ids for each user
Proper user logs and records should be maintained
Technical Safeguards
The security rule requires a covered entity to implement technical safeguards such as:
Access Controls
Audit Controls
Integrity Controls
Transmission Security
Want to learn more about HIPAA, HIPAA Privacy and Security Rule, its requirements and best practices to comply with them? ComplianceOnline webinars and seminars are a great training resource. Check out the following links:
How to examine security policies, practices, and risk issues to comply with HIPAA
How to use social media and texting without breaking HIPAA rules
How to Conduct risk analysis to comply with HIPAA
HIPAA/HITECH Assessment for Healthcare Business Associates
How to comply with HIPAA Omnibus Rule
Understanding new rules and responsibilities of Privacy Officer under HIPAA
HIPAA Security and Breach Rule Compliance
For more details Visit us at:http://www.complianceonline.com/the-new-hipaa-audit-program-focus-webinar-training-703180-prdw?channel=ppt-slideshare
The increase level of awareness and training is also very important as is the culture impact of the CE’s environment. How you proceed to successfully train and change the culture depends on the choice of an external HIPAA-HITECH privacy and security auditor. Simply stated, your external auditor should possess the skills and knowledge to comprehensively evaluate all aspect of the HIPAA-HITECH impact on your practice. Upon completion of an audit each area should address its findings, impact and corrective action plan. The action plan should incorporate the training requirements and a training plan to address the specific requirements of each staff member’s relevance to their job function within the practice.
Similar to Leading your HIPAA Compliance Culture in 2016 (20)
QA Paediatric dentistry department, Hospital Melaka 2020Azreen Aj
QA study - To improve the 6th monthly recall rate post-comprehensive dental treatment under general anaesthesia in paediatric dentistry department, Hospital Melaka
How many patients does case series should have In comparison to case reports.pdfpubrica101
Pubrica’s team of researchers and writers create scientific and medical research articles, which may be important resources for authors and practitioners. Pubrica medical writers assist you in creating and revising the introduction by alerting the reader to gaps in the chosen study subject. Our professionals understand the order in which the hypothesis topic is followed by the broad subject, the issue, and the backdrop.
https://pubrica.com/academy/case-study-or-series/how-many-patients-does-case-series-should-have-in-comparison-to-case-reports/
Defecation
Normal defecation begins with movement in the left colon, moving stool toward the anus. When stool reaches the rectum, the distention causes relaxation of the internal sphincter and an awareness of the need to defecate. At the time of defecation, the external sphincter relaxes, and abdominal muscles contract, increasing intrarectal pressure and forcing the stool out
The Valsalva maneuver exerts pressure to expel faeces through a voluntary contraction of the abdominal muscles while maintaining forced expiration against a closed airway. Patients with cardiovascular disease, glaucoma, increased intracranial pressure, or a new surgical wound are at greater risk for cardiac dysrhythmias and elevated blood pressure with the Valsalva maneuver and need to avoid straining to pass the stool.
Normal defecation is painless, resulting in passage of soft, formed stool
CONSTIPATION
Constipation is a symptom, not a disease. Improper diet, reduced fluid intake, lack of exercise, and certain medications can cause constipation. For example, patients receiving opiates for pain after surgery often require a stool softener or laxative to prevent constipation. The signs of constipation include infrequent bowel movements (less than every 3 days), difficulty passing stools, excessive straining, inability to defecate at will, and hard feaces
IMPACTION
Fecal impaction results from unrelieved constipation. It is a collection of hardened feces wedged in the rectum that a person cannot expel. In cases of severe impaction the mass extends up into the sigmoid colon.
DIARRHEA
Diarrhea is an increase in the number of stools and the passage of liquid, unformed feces. It is associated with disorders affecting digestion, absorption, and secretion in the GI tract. Intestinal contents pass through the small and large intestine too quickly to allow for the usual absorption of fluid and nutrients. Irritation within the colon results in increased mucus secretion. As a result, feces become watery, and the patient is unable to control the urge to defecate. Normally an anal bag is safe and effective in long-term treatment of patients with fecal incontinence at home, in hospice, or in the hospital. Fecal incontinence is expensive and a potentially dangerous condition in terms of contamination and risk of skin ulceration
HEMORRHOIDS
Hemorrhoids are dilated, engorged veins in the lining of the rectum. They are either external or internal.
FLATULENCE
As gas accumulates in the lumen of the intestines, the bowel wall stretches and distends (flatulence). It is a common cause of abdominal fullness, pain, and cramping. Normally intestinal gas escapes through the mouth (belching) or the anus (passing of flatus)
FECAL INCONTINENCE
Fecal incontinence is the inability to control passage of feces and gas from the anus. Incontinence harms a patient’s body image
PREPARATION AND GIVING OF LAXATIVESACCORDING TO POTTER AND PERRY,
An enema is the instillation of a solution into the rectum and sig
Navigating the Health Insurance Market_ Understanding Trends and Options.pdfEnterprise Wired
From navigating policy options to staying informed about industry trends, this comprehensive guide explores everything you need to know about the health insurance market.
India Clinical Trials Market: Industry Size and Growth Trends [2030] Analyzed...Kumar Satyam
According to TechSci Research report, "India Clinical Trials Market- By Region, Competition, Forecast & Opportunities, 2030F," the India Clinical Trials Market was valued at USD 2.05 billion in 2024 and is projected to grow at a compound annual growth rate (CAGR) of 8.64% through 2030. The market is driven by a variety of factors, making India an attractive destination for pharmaceutical companies and researchers. India's vast and diverse patient population, cost-effective operational environment, and a large pool of skilled medical professionals contribute significantly to the market's growth. Additionally, increasing government support in streamlining regulations and the growing prevalence of lifestyle diseases further propel the clinical trials market.
Growing Prevalence of Lifestyle Diseases
The rising incidence of lifestyle diseases such as diabetes, cardiovascular diseases, and cancer is a major trend driving the clinical trials market in India. These conditions necessitate the development and testing of new treatment methods, creating a robust demand for clinical trials. The increasing burden of these diseases highlights the need for innovative therapies and underscores the importance of India as a key player in global clinical research.
Medical Technology Tackles New Health Care Demand - Research Report - March 2...pchutichetpong
M Capital Group (“MCG”) predicts that with, against, despite, and even without the global pandemic, the medical technology (MedTech) industry shows signs of continuous healthy growth, driven by smaller, faster, and cheaper devices, growing demand for home-based applications, technological innovation, strategic acquisitions, investments, and SPAC listings. MCG predicts that this should reflects itself in annual growth of over 6%, well beyond 2028.
According to Chris Mouchabhani, Managing Partner at M Capital Group, “Despite all economic scenarios that one may consider, beyond overall economic shocks, medical technology should remain one of the most promising and robust sectors over the short to medium term and well beyond 2028.”
There is a movement towards home-based care for the elderly, next generation scanning and MRI devices, wearable technology, artificial intelligence incorporation, and online connectivity. Experts also see a focus on predictive, preventive, personalized, participatory, and precision medicine, with rising levels of integration of home care and technological innovation.
The average cost of treatment has been rising across the board, creating additional financial burdens to governments, healthcare providers and insurance companies. According to MCG, cost-per-inpatient-stay in the United States alone rose on average annually by over 13% between 2014 to 2021, leading MedTech to focus research efforts on optimized medical equipment at lower price points, whilst emphasizing portability and ease of use. Namely, 46% of the 1,008 medical technology companies in the 2021 MedTech Innovator (“MTI”) database are focusing on prevention, wellness, detection, or diagnosis, signaling a clear push for preventive care to also tackle costs.
In addition, there has also been a lasting impact on consumer and medical demand for home care, supported by the pandemic. Lockdowns, closure of care facilities, and healthcare systems subjected to capacity pressure, accelerated demand away from traditional inpatient care. Now, outpatient care solutions are driving industry production, with nearly 70% of recent diagnostics start-up companies producing products in areas such as ambulatory clinics, at-home care, and self-administered diagnostics.
Telehealth Psychology Building Trust with Clients.pptxThe Harvest Clinic
Telehealth psychology is a digital approach that offers psychological services and mental health care to clients remotely, using technologies like video conferencing, phone calls, text messaging, and mobile apps for communication.
6. What
to
expect
Lead Your Culture, Select Your Team, and Learn
✓ Create a Culture of Privacy, Security, and Safety
✓ HIPAA Breach – Identifying a Breach, Exceptions to a Breach
✓ HIPAA Protections – Security Risk Analysis, Social Media
✓ Compliance Training
Document Your Process, Your Findings, and Actions
✓ Documentation
✓ Policies and Procedures
✓ HIPAA Privacy & Security
Develop an Action Plan
✓ Audit Preparation
Mitigating Risk
✓ Ongoing Training & Culture Maintenance
13. Day 1 Day 10 Day 30/90 Dependent on Completion of Fieldwork
AUDIT TIMELINE
14. 5 COMMON CIRCUMSTANCES FOR AN AUDIT
1. Disgruntled ex-employee
2. A self-reported breach
3. Employee activists
4. Patient’s fear of breach
5. Random OCR visit
18. CREATE A CULTURE OF PRIVACY &
SECURITY
• Communicate
• Guide
• Remind
19. IDENTIFYING A BREACH
1. Nature and extent of the PHI involved
2. The unauthorized person who used the PHI, or to whom it was
disclosed
3. Whether the PHI was actually viewed or acquired
4. The extent to which the risk to protect the PHI has been mitigated
“…unless the covered entity or business associate, as applicable,
demonstrates that there is a low probability that the protected health
information has been compromised based on a risk assessment of at
least the following factors”:
20. HIPAA BREACH
• Does your staff know who to go to
for leadership when there is a
HIPAA breach?
• Does your designated HIPAA
compliance officer know all of the
necessary steps to take in breach
notification?
• Does your HIPAA compliance
officer know where to receive
guidance?
21. EXCEPTIONS TO A BREACH
1.Unintentional
2.Inadvertent
3.Good faith
3 Exceptions to the definition of “breach”
22. HIPAA PROTECTIONS
• Ensure privacy
• Give patients more access
• Establish safeguards
• Hold violators accountable
• Strike a balance
• Enable patients
• Limit release of information
• Give patients the right to examine and obtain a copy
• Empower individuals to control certain uses and disclosures
Key Components of the HIPAA Privacy Rule:
23. HIPAA RISK PROTECTIONS
• Physical, Technical, and
Administrative measures
• Internal and External Security
threats
• Assessment of and
preparations for security risks
24. 7 STEPS TO HIPAA COMPLIANCE
1. Understand the rules
2. Assign Responsibility
3. List your PHI systems
4. Conduct a Risk Analysis
5. Implement Policies and Procedures
6. Training program
7. Ongoing HIPAA progress and compliance
25. SECURITY RISK
• Identify where PHI exists
• Identify potential threats and vulnerabilities
to PHI
• Identify risks and their associated levels of
high, medium, or low
26. • Educate staff about process
• Make security a high priority
• Have an action plan
• Involve your EHR developer
• Specific to your practice
TIPS FOR A BETTER SECURITY RISK ANALYSIS
27. 10 HIPAA SECURITY TIPS
1. Have A Written Security Policy
2. Encrypt Everything
3. Protect Your Website
4. Data Backups
5. Avoid Consumer Grade
6. Know Your Risks
7. Plan For BYOD
8. Who Is Guarding The Sheep
9. Physical Security Is Information Security
10. Know When To Call For Help
28. SECURITY RISK PRECAUTIONS
• Staff requests
• Hard drives
• Email
• Server
• Passwords
• Monitoring office staff
• Fire extinguishers
• Viruses and malware
Low-Cost Highly Effective Safeguards:
29. SOCIAL MEDIA
• Access Controls
• Personal
• Connecting with patients
• Patient waiver forms
• Training
To ensure your office remains in
HIPAA compliance, create policies
such as:
31. WORKFORCE EDUCATION &
TRAINING
• Hired or contracted
• Yearly retraining
• Changes in policies or procedures
• Changes in systems, location, or
infrastructure
• Responding to breach or disclosure
Educate and train your staff:
33. DOCUMENTATION
• Policies and procedures
• Security Risk Analysis
• Training materials, and certificates of completion
• Current Business Associate Agreements
• EHR audit logs
• Risk management action plan
• Security incident and breach information
Examples of records to retain:
34. POLICIES AND PROCEDURES
• Establish protocols
• Training program
• Instruct your workforce
• Sanction policy for violations
• Detail enforcement
• Business Associates
35. Employee HIPAA Privacy & Security
• Name/ID badges
• Quiet Communication
• PHI access
Guidelines for employees:
36. Workstation HIPAA Privacy & Security
• Viewing PHI Documents
• Disposing of PHI
• Workstations
• Protect user ID’s and passwords
• Computers not in use
Guidelines for workstations:
40. • All shapes and sizes
• Across-the-board compliance
• Document in advance
AUDIT PREPARATION
41. • Risk management plan
• Policies and procedures
• Business Associate agreements
• PHI inventory
• Mobile devices
• Documentation
• Compliance training records
• Evidence of encryption capabilities
Some of the areas the OCR audits will cover include:
AUDIT PREPARATION
52. Consultation and Support
• Weekly and Monthly Updates
• Quarterly Newsletter
• Phone and E-mail Support
• Quarterly Assessment
53. Customizable Forms
• Notice of Privacy Practices
• Business Associate Agreement
• All HIPAA Privacy
• All HIPAA Security
• Gap/Risk Analysis
• HIPAA HITECH Breach Notification
• All OSHA
• All Medicare
• Employment Law
• RAC
• Posters
54. “Our HIPAA/OSHA compliance was a huge concern in our office, especially
after one of our employees filed a complaint with OSHA.
We started using HCSI 4 years ago and couldn't be happier with the program.
It's simple to set up and easier to use.
Do yourself a favor and sign up, it will make your life easier!”
-Dr. Kody Krause, DDS
Comfort Dental Thompson Valley, CO
Customer Testimonial
55. “HCSI kept my fanny out of the hoosekow with a cranky (bit
weirdo/psycho) patient who thought we had been naughty in multiple
ways.
Our association with you all made the difference. We passed the
inspection with flying colors and OCR told the "patient" to bug
off!! Loved It!”
-Lee Mecham Thrall, Clinic Administrator
Old Farm Obstetrics & Gynecology, L.L.C
Customer Testimonial