HIPAA Compliance Officer Training
Michael McCoy has been performing HIPAA risk assessments for the past 8 years. With over 1000 clients, Michael has a wide breadth of experience in dealing with all HIPAA matters and the Office for Civil Rights. Michael’s background before going into HIPAA was 23 years in the medical field performing Administration and Marketing for outpatient radiology facilities. Michael used his experience to create a methodology that was simple to follow and cost-effective for practices of all sizes to meet their HIPAA requirements.
There is a lot to know about HIPAA and there have been numerous changes in the past few years most practices are not aware of that could cost your practice in productivity, fines and loss of reputation. We will review HIPAA compliance from A to Z. Everything you need to know will be covered, including your responsibilities of holding the title, HIPAA Compliance Officer. Patient rights to their medical records are the biggest change to the Privacy Laws and they are being strictly enforced. The average fine is $85,000, even to small practices. We will go over the patient’s rights and the policies that need to change in your office. We will also review all of the other HIPAA rights given to patients. Healthcare cybersecurity is extremely important. We will go over actual incidents and how they were handled so you know what to expect. Even more informing, we will help you process what can happen so that your office will be better prepared when the worst happens.
Staff training and awareness are key to avoiding security incidents and breaches. We will go over the best way to train and inform your staff on common social engineering tactics and how to recognize them so that your office is not a victim. We will also review “Reasonable” security that will protect your practice in a cost-effective manner. We go over the essentials you need to discuss and implement with your IT vendor or department. This training will aid the small physician practice all the way to hospital security. Both are different and the HIPAA Security Rule gives you the flexibility to protect patient privacy in a manner that makes cost/benefit sense.
Finally, we will go over a breach, small, under 500 and major, 500 records or more. First, you and your staff need to be able to identify a breach. Next, a breach risk assessment is required and that will determine if the breach is reportable. Not reporting breaches yearly flags the OCR that you do not have the documentation to show a “Culture of Compliance”. We know that this 90-minute training will make your practice/organization not only HIPAA compliant, but a much more secure practice for the valuable patient records you maintain.
- Access Rights Initiative
- Patient Privacy Rights
- Breach Identification and Notification
- Ransomware and other Malicious Activity
- Healthcare Cybersecurity
- Permitted Disclosures
- Disclosures to Law Enforcement
- IT Review to Meet HIPAA Security Rule Requirements
- What to do when your office is struck with Ransomware
- Policies and Procedure requirements
- HIPAA Staff Training and On-going Training Requirements
- Willful Neglect
- Required Posting
- HIPAA is Changing – Proposed Changes to the HIPAA Regulations
- Your responsibility as the HIPAA Compliance Officer
- Documentation Requirements
- Mobile Device Policy
- Email and Text Messages
- Security Risk Assessment
- Business Associates
- Required Plans
- Minimum Necessary Standard
- Reasonable Security to Protect Patient Privacy
- Culture of Compliance – Documentation Required from Actual Breach Audits from the OCR
Course Level - Basic to Advanced
Who Should Attend
CEO, COO, Office Managers, Administrators, HIPAA Privacy and Security Officer, Physicians, and Administrative Staff.
Why Should You Attend
The Office for Civil Rights, the government agency that enforces HIPAA, is enforcing HIPAA violations as never before. Your practice could face substantial fines for violating the Patient Access Initiative. Most HIPAA Compliance Officers are unaware of a patient’s right to access their medical records via email or have the proper documentation to charge a patient for medical records. Your state allowable fees are no longer valid for patients seeking copies of their medical records. In addition, most practices are not properly handling small breaches when they occur, thereby violating both Federal and State Breach Notification Laws. There are huge fines for breach violations and not reporting breaches, required yearly, is a major red flag. If you are not reporting breaches as required, what other HIPAA documentation are you lacking? We will go over the most common HIPAA violations with easy corrections and fixes, show you how to address Healthcare Cybersecurity by raising Awareness in your office and how to identify and report breaches. We will also review what is required in the form of cybersecurity from your IT department or vendor. Being proactive is a Security Rule and Privacy Rule requirements. We will show you how your practice can be proactive in the protection of your patient records.