HIPAA Compliance Through Policies
The webinar will explain the process for covered entities and business associates to use to draft, adopt, and implement HIPAA compliance policies. Writing a policy is easier than one may think. It is a three-step process: researching, drafting and revising. This webinar will teach you to ask questions, solicit help, collect samples, keep the principles of substance, organization, coherence, style, and correctness in mind while you are drafting, send your draft out for review, incorporate comments, implement the policy, and repeat as necessary. The prospect of developing and writing perhaps as many as 70 policies to attain HIPAA compliance may still seem daunting, but this webinar will teach you how to make a checklist, take it step by step, and enlist the help of others when you need it.
Why should you attend this webinar?
Many of the seven-figure civil money penalties and settlements in lieu there of result from not having any policies in place that might have to prevent of breach of Protected Health Information (PHI) or having insufficient policies. DHHS entered into a settlement with Massachusetts General Hospital for $1 million for a breach involving leaving paper PHI records on a subway. The sanction was because Massachusetts General had not trained its workforce on proper security for PHI taken offsite and did not have a work-at-home policy. Significantly, HIPAA does not even mention working at home, much less specifically require such a policy. Note that often HIPAA does not specify a particular security measure but merely says you must have a policy concerning that measure, such as a destruction plan (i.e. policy). In other words, they don't say that you must degauss electronic PHI, but that you must have a policy detailing the secure way you will destroy ePHI.
Areas Covered in the Session:
Use HIPAA required Risk Analysis to help you decide which policies and procedures to develop.
Research before drafting policies and procedures, by asking and answering the right questions, soliciting help, and collecting samples.
Draft policies and procedures that comply with HIPAA's requirements, based on sound principles of substance, organization, coherence, style, and correctness.
Revise policies and procedures, including steps of reviewing, incorporating recommended changes, and implementing.
Draft required policies under HIPAA.
Decide whether you must draft addressable policies under HIPAA.
Decide what other policies you need to draft that HIPAA doesn't mention but that affect your organization.
Conclusion and question and answer.
Who can Benefit:
Privacy and Security Officers, Medical Records Professionals, IT Professionals, Clinicians, Office Managers, Risk Managers, Business Associates of Covered Entities (those that provide a service for the Covered Entity involving the use of individually identifiable health information (transcription services, billing services, cloud storage companies, and the like), Healthcare Attorneys, Compliance Officers.
Compliance Key INC