HIPAA Newsletter November 2015 Archive

November 2015                                                                                 Issue 72
HIPAA Survival Guide Newsletter
What HIPAA Training Does My Staff Require?
     Training is a question that often comes up during our webinars or in inquiries to our customer service department. It is not an easy question to answer in the abstract because the answer is highly dependent on the characteristics of an individual organization.  Part of the answer however is that your old "feel good" and largely "dumbed down" training is not sufficient post HITECH. The HITECH Act changed the game for everyone and now all your workforce needs to acquire a higher degree of HIPAA literacy if you hope to build HIPAA compliance into your organization's DNA (i.e. into day-to-day workflows and processes). In our view, if you do not succeed in building compliance into your DNA you have little hope of ever establishing a culture of compliance, something the HHS is auditing for, despite the fact that this requirement is not expressly captured in HHS' Audit Protocol.
      For the purpose of this article we will use the HIPAA Training Products contained within our Subscription Plan to recommend training for different categories of workforce members. Again, remember the our principal premise is that all workforce members need to become more HIPAA literate now that you have the 800 pound gorilla of Breach Notification staring you in the face.
Training for All Staff
The following list of training modules are recommended for all staff, including all clinicians and the executive management team (i.e. your entire workforce).
     In addition to the training above, compliance officers are required to take the following training classes after completing the foundational training listed above.
  1. HITECH Act Training
  2. Risk Assessment Training
  3. Risk Management Training
  4. Audit Preparation Training Overview
  5. Privacy Rule Audit Preparation Training
  6. Security Rule Audit Preparation Training
  7. Breach Notification Audit Preparation Training
  8. Omnibus Rule Training
  9. Agile Compliance Training
We also recommend that compliance officers take advantage of our pre-recorded four part training series entitled: "Surviving a HIPAA Audit." Compliance officers will also want to review the recordings of our public webinars for topics that may be of interest.
Speciality Workforce Training
    Finally, we recommend that the compliance officer take the training materials described above (e.g. the Powerpoint slide decks) and customize training for specific members of your workforce. Examples of specialty training are provided below.
  1. Training for workforce members that are designated as the "point persons" for the Patient's Bill of Rights; these are sections 164.520 through 164.528 of the Privacy Rule. The regulations require that individuals "sign off" on certain processes pertaining to providing access to a patient's PHI; helping a patient amend their PHI; distributing the notice of privacy practices, etc.
  2. Training for individuals that handle Privacy Rule requests for authorizations, restrictions, etc.
  3. Training for information technology personnel that are assigned the responsibility of tracking security incidents.
  4. Training for information technology personnel that are required to audit information systems that contain PHI.
  5. Training for personnel that are assigned the responsibility for disposing of PHI.

This is not an exhaustive list. The "final" list of training will depend on your particular operational environment, the size and complexity of your organization, the resources you have available, etc. One thing is certain, the "one size fits all" training developed prior to the HITECH Act should be abolished as completely inadequate. 

 Accountable Care Organizations Survival Guide
Your ACO Compliance Companion
NEW! From THe ACO Survival Guide
ACO Quality Measures Checklist
     The ACO Quality Measures Checklist is intended to deliver step-by-step guidance, including suggested policies, processes, and tracking mechanisms that will allow you to make sense out of this complex terrain.
     The ACO Quality Measures Checklist is a knowledge transfer vehicle that allows you to derive the ACO Quality Measures compliance solution that works best within your organization and helps your organization to reach the goal of maximizing its reimbursement from CMS.
     The ACO Quality Measures Checklist  will "walk you through" the relevant statutory/regulatory sections of Quality Measures compliance, highlighting the policies, processes and tracking mechanisms required at a granular level.
The Checklist is comprised of Checklist Items that have the following components:
  1) a policy statement that reflects an organization's intentions: FileDocument the what;
  2) a definition of a process by which the policy is implemented: RefreshCircle the how; and
  3) suggested tracking mechanism(s) for capturing process results: Tools1 the measurement.
For more information about Accountable Care Organizations Click Here 
HIPAA Audit Preparation Training Suite
     Our HIPAA Audit Preparation Training Module gets you up to speed on how to prepare for an HHS audit by focusing on the 169 requirements that HHS has published in its Audit Protocol. HHS' 169 requirements span the following HIPAA Rules: 1) the HIPAA Security Rule; 2) the HIPAA Privacy Rule; and 3) the Breach Notification Rule.
     We walk you through how to eliminate the guess work when preparing for an HHS audit. This training module provides comprehensive coverage regarding what HHS will require you to address should it launch a HIPAA audit of your organization. It also provides a methodology for addressing the "big picture" questions that may provoke the "deer in the headlights" look for the unprepared. 
This package includes the following Audit Preparation Training Modules:
  1. Audit Preparation Training Over View
  2. Security Rule Audit Preparation Training
  3. Privacy Rule Audit Preparation Training
  4. Breach Notification Audit Preparation Training
Available for Download to Subscription Plan Holders
HIPAA Survival Guide Product Videos 
 Subscription Plan  Privacy Rule Checklist 
 Breach Notification Training   Breach Notification Framework   HIPAA CSMM Checklist 
HIPAA Survival Guide Store
Jumpstart your Compliance Initiative with our Subscription Plan Suite
or choose from Individual Compliance Products to fit your needs.
Products Training Checklists
Model Mobile Policy HIPAA Audit Preparation Training  NEW Privacy Rule Checklist
Model Privacy Rule Policy HIPAA Security Rule Audit Preparation Training NEW Security Rule Checklist 
Model Notice of Privacy Practices Privacy Rule Training Cloud, Social Media and Mobile Checklist
Model Security Rule Policy Breach Notification Training Three Checklist Combo Package
Breach Notification Framework Business Associate Training  
Breach Notification Policy HITECH Core Training Combo  
HIPAA Frameworks Combo
Omnibus Rule Training  
HIPAA Survival Guide 4th Edition Mobile Devices Training  
Business Associate Agreement Social Media Training  
Security Rule For Business Associates Risk Assessment Training  
Business Associate-to-Business Associate Agreement Risk Management Program Training  
  HITECH Act Training  
  Security Rule Training  
  Agile Compliance Training
  *Subscription Plan Only
Stay in the "Loop" - Join the HIPAA Survival Guide Conversation On
  FaceBook                                         LinkedIn  
Copyright 2015 All Rights Reserved