HIPAA Survival Guide October 2018 Newsletter


HIPAA Survival Guide® Newsletter October, 2018: Issue 106  
Your HIPAA Compliance Companion
HIPAA Survival Guide® Webinar
Description:  HIPAA Education: Learning HIPAA in an Attention Deficit Digital World!
October's webinar will describe and provide examples of how to quickly come up to speed on the HIPAA Regulations through HIPAA "Shorts!" It will also continue to explore the meta-concept of "How much HIPAA training is enough!" that was initiated and well-received in the August webinar.

This webinar in October is a repeat of last month's webinar due to the last webinar being heavily oversubscribed. If you want a seat then you need to login about 10 minutes early.

October Webinar Date and Time, including Time Zone
October 4, 2018 2:00 pm EST

New Products!
Coming Soon!  
  • Privacy Rule Training Shorts and Micro Shorts!
  • Privacy Rule Training for Clinicians
  • Breach Notification Training for Clinicians
Learning HIPAA in an Attention Deficit Digital World?

In last month's newsletter, we covered what we consider to be the basics of microlearning from our perspective. However, our webinar introduced the idea of search as a foundational building block for a micro-learning strategy, and I want to take the opportunity to elaborate on that a little this month. First, humans have a primal fear of being lost. The ability to venture forth and find our way back has been essential to our survival for millions of years. The sense of panic that envelopes us when our innate navigation system fails is palpable.


Search is by far the most important activity that knowledge workers engage in on a daily basis, followed closely by communication. We need to be able to find, assimilate and communicate quickly and accurately to function (survive) in a knowledge-driven world. When we can't find what we need in the timeframe that we need it, not only do we become irritated, we often become disoriented. Therefore, the ability to find training when we need it is an essential imperative in any micro learning system.

WHAT DOES AN MLS (Micro Learning System) LOOK LIKE?

What we posit is a portal that has "native search" enabled but that also provides a navigational hierarchy (i.e., organizational menu structure) allowing users to find what they need quickly. The ability to perform a "Google Like" search within a portal and a navigational structure that manifests the internal components of the microlearning system enables users to navigate between training components easily.

Let's again take the Security Rule, Privacy Rule, and Breach Notification rules ("Rules") as the primary subject matter components of our micro learning system ("MLS"). We would certainly desire to navigate available training by Rule because a Rule is foundational to our micro learning navigational strategy ("MLNS"), in the case of HIPAA. Further, we would want to find concept shorts and micro shorts within a Rule. As previously mentioned a Rule is an obvious navigational vector in this type of MLS. However, if our MLNS ended there, it would be functional to a certain extent but otherwise broken. Why? Because we would have left out other not so visible but mission-critical navigational vectors that are equally important.

For example, our MLNS should allow a user to navigate via other subject matter domains. Other domains may include: (1) agile methodology training; (2) training that spans the three Rules; (3) Business Associate training; (4) training specific to different kinds of workforce members (e.g. those that process PHI access/amendment/accounting requests; (5) training for audits; and (6) training regarding project plans and how to launch your compliance initiative in general. In short, to deliver on the promise of find-ability, our portal must not only support search but, must also support an MLNS from multiple vectors-underpinning the concept that different workforce members have different "worldviews" of their training requirements.


This article has discussed other requirements of a micro-learning system that must be present for it to succeed on its dual objectives: (1) provide high quality curated content in "byte" sized chunks; and (2) make that content's "ambient find-ability" manifested through an MLNS that supports the necessary navigation vectors.
Examples of HIPAA Survival Guide Training 
Foundational Training for Other Staff

The following list of training modules is recommended for other workforce members, including the executive management team. 
I have been asked if there is a HIPAA LITE for Business Associates, and the answer is No! Business Associates need to be as aware of the regulations as Covered Entities if they are "touching PHI." That said, we also provide specialized training for Business Associates in situations where their needs differ from Covered Entities (see below).
Specific Training for Compliance Officers
In addition to the training above, compliance officers should consider taking the following training classes to obtain their certification. We offer a HIPAA Certified Professional ("HCP") certification after taking an exam that covers material from the training modules listed below.

Certification Training Modules
1.    Breach Notification
3.    Audit
7.    Documentation* 
8.    HITECH Act
9.    Omnibus Rule
We also recommend that Compliance Officers who have our HIPAA Survival Guide Subscription Plan, take advantage of a pre-recorded four-part training series entitled: "Surviving a HIPAA Audit." Subscribers may log in to the Compliance Hub Member website to:
Non-subscribers can download the HIPAA Handbook: A Definitive Guide of Articles from the HIPAA Survival Guide Store.

For some the amount of information may be overwhelming, but just like HIPAA you bite off a piece of the elephant one at a time.
Specialty Workforce Training
Finally, we recommend that staff who are responsible for items in the list below, and Compliance Officers and/or Executive Officers become knowledgeable on the following topics:
  1. Training for workforce members that are designated as "point persons" for the Patient's Bill of Rights; these are sections 164.520 through 164.528 of the Privacy Rule. 
    • The regulations require that individuals "sign off" on certain processes pertaining to providing access to a patient's PHI; 
    • Helping a patient amend their PHI; 
    • Distributing the notice of privacy practices, etc.
  2. Training for individuals that handle Privacy Rule requests for authorizations, restrictions, etc.
  3. Training for personnel assigned the responsibility of tracking security incidents.
  4. Training for information technology personnel that are required to audit information systems containing PHI.
  5. Training for personnel that is assigned the responsibility for disposing of PHI.
This is not an exhaustive list. The "final" list of training will depend on your operational environment, the size and complexity of your organization, and the resources you have available, etc. One thing is certain, look for training that provides answers, not just a description of the problems.
At 3Lions Publishing, Inc. our mission is to provide clients with:
  • Premium Compliance Products,
  • Education,
  • Free Monthly Webinars, 
  • Newsletter Articles on HIPAA and regulatory topics, as well as 
  • "High Touch" LIVE assistance with Products for Risk Assessment and Remediation. 
We do NOT charge extra for compliance support like many of our competitors. The cost for your LIVE assistance is included in your Subscription purchase. 

A full 360-degree circle of Risk Assessment and Remediation products are provided in 3Lions Publishing Inc.'s HIPAA and Expresso Subscription Plan
The Subscription Plan includes  Expresso®, the Risk Assessment "SaaS" based software, over 30+ compliance and remediation products, and training videos that help Covered Entities and Business Associates understand how to implement the necessary Controls to be in compliance with HIPAA regulations. Our LIVE "High Touch" Assistance helps you "get it done" fast!
Our many Training products describe various aspects of the regulations as well as demonstrations of how to use Expresso and associated compliance tools. As part of the Subscription Plan, we also provide certification for clients seeking designation as a HIPAA Certified Professional ("HCP").
A "Crosswalk" between Expresso Risks and Remediation tools provides easy access to model policies, procedures and tracking mechanisms for compliance. 
FREE Monthly newsletters and webinars provide education on topics of regulatory concern. Missed one? Webinars and articles are posted to the HIPAA Survival Guide Store Website for future reference.
So, why are we sharing this information in our Newsletter? Education, Education, Education. Stay tuned not only for Product updates but also for new capabilities and value offered to our elite group of clients. Save time and money with our high quality, bargain Subscription Plan! 
Or, take advantage of our FREE 15 day trial of Expresso to complete your Risk Assessment! 
Questions? Please call or write using the contact information below.
Email:     Support@3Lionspublishing.com
Phone:   (800) 516-7903    
What is the new LinkedIn GDPR Survival Guide?
What is the HIPAA Survival Guide® Subscription Plan and what does it include?
HIPAA Requirements for Cloud, Social Media, and Mobile including Policies and Procedures
HIPAA Requirements for Breach Notification including Policies and Procedures
HIPAA Requirements for a  Business Associate Agreement including the essential terms of the agreement
How to prepare for a HIPAA Security Rule Audit  
How to prepare for a HIPAA Privacy Rule Audit  
How to prepare for a HIPAA Breach Notification Audit  
How to prepare for a HIPAA Risk Assessment Audit  
For HIPAA Help send us an Email at support@3lionspublishing.com