To better understand the implications of HIPAA legislation and identify critical compliance requirements for your business/client, our 2-days classroom HIPAA training program is very helpful. Our Training includes changes to the HIPAA regulations due to the Health Information Technology for Economic and Clinical Health (HITECH) Act which is part of the American Recovery and Reinvestment Act of 2009 (ARRA) and Omnibus rule published in 2013. Our HIPAA Instructors/Consultants help organizations to better understand the steps to meet HIPAA audit requirements (checklists etc.) issued by the Department of Health and Human Services (DHHS) Office of e-Health Standards and Services. They will also help you to better understand HIPAA’s Administrative Simplification Act and HIPAA Security rules and regulations, and as well as how to create a framework for initiating and working towards a blueprint for HIPAA Privacy Compliance.
Benefits of our HIPAA Privacy Classroom Training
- Our HIPAA Instructors have many years of healthcare organization experience, have practical experience in HIPAA compliance, and are Security experts (CISSP or equivalent).
- Students receive templates and additional reference materials and proper guidance toward the next steps of compliance.
- Instructor’s support was also provided to the student in the form of additional instructions, via e-mail.
- To make the first pass at the HIPAA training material, the study material is sent to the student as soon as the class is confirmed.
- Small class size training allows more focus on a study to a student.
- To train others in your organization acquired tools like PowerPoint is very helpful.
- Focused classroom training ensures that the student is truly focused, and does not allow any student at the back desk to handle emails and telephone calls even during breaks and lunch. While trying to learn new material, continual distractions lead to less retention of material by students and frustrations with competing for job requirements.
- Private group HIPAA training in classrooms staff focuses that students should get learning without the distractions of the workplace.
HIPAA Training for Security, Privacy, and Transaction: Learning Objectives
By this HIPAA training, you will get advanced competency in designing, implementing, and administering comprehensive privacy protection programs in all types of healthcare organizations:
- Understand what HIPAA means? How it affects your organization? and What significant changes are in policies, procedures, and processes within the organization in the handling of patient records due to HIPAA.
- Understand the impact of changes in HIPAA rules due to ARRA 2009, HITECH Act, and Omnibus rule published in 2013.
- Identify the main reasons behind HIPAA, specifically: to provide continuity/portability of health benefits to individuals between jobs; to combat fraud/abuse in health insurance and healthcare delivery; to reduce administrative costs in health care; to provide uniform standards for electronic healthcare transactions; and, to ensure security and privacy of patient’s health information.
- Develop an in-depth understanding of HIPAA Security, Privacy, and Transaction rule.
- Examine how implementing HIPAA will affect the way healthcare entities organize their staff to achieve and monitor compliance with patient’s privacy/confidentiality needs.
- Understand the new Enforcement rule.
- Understand planning and preparation for HIPAA compliance step vise, i.e.: step one, awareness; step two, assessment; and step three, action focused on gaps identified.
- Understand, Who are Business Associates? and What necessary steps they have to take up to ensure HITECH HIPAA compliance.
HIPAA Training for Security, Privacy, and Transaction: Target Audience
Following are the Target Audience for this training:
- Healthcare provider & payer privacy compliance employees
- Privacy lawyers involved in health care
- Compliance teams for HIPAA privacy
- HR staff & manager
- Privacy Auditors
- Privacy Consultants
- Clinical physicians and office managers
- Head nurse
- Privacy instructors
Course Outline for HIPAA Privacy and Intermediate Security
HIPAA Privacy Training – Day 1
- HIPAA Basics: An overview of the Health Insurance Portability and Accountability Act of 1996 (all provisions)
- HIPAA’s Administrative Simplification Title: Review of the provisions of the Administrative Simplification Title. This includes transaction and code set standards (administrative transactions), national identifiers, privacy requirements, and security requirements.
- HIPAA Penalties: Review of the HIPAA enforcement rule including informal and formal remedies, requirements of Covered Entities, the role of business Associates as agents and enforcement bodies.
- HIPAA-Related Organizations: Discussion of entities/organizations specifically designated as standard maintenance organizations and statutorily defined advisory bodies.
- HIPAA Terminology and Definitions Covered Entity: Review of definitions included in the
Administrative Simplification Title-related rules.
- Covered Entity
- Health Plan
- Health Care Provider
- Business Associates
- Trading Partner Agreement
- Organized Health Care Arrangement
HIPAA Transactions, Code Sets, and Identifiers
- Impacted Health Care Transactions
- Target Entities
ANSI ASC X12 Standard
- Transaction Type 270
- Transaction Type 271
- Transaction Type 276
- Transaction Type 277
- Transaction Type 278 Request and Response
- Transaction Type 820
- Transaction Type 834
- Transaction Type 835
- Transaction Type 837 – Professional
- Transaction Type 837 – Institute
- Transaction Type 837 – Dental
HIPAA Code Sets
- ICD-9-CM Volumes 1 and 2
- ICD-9-CM Volume 3
HIPAA National Health Care Identifiers
- Provider Identifier
- Employer Identifier
- Health Plan Identifier
- Individual Identifier
HIPAA Privacy Rule Part 1
- Introduction: Overview of the HIPAA Privacy Rule
- Who is Impacted (e.g., the definition of Covered Entities, Business Associates)?
- Scope (Activities covered by the rule)
- Exceptions (Specifically included or referenced exceptions that allow use and disclosure of patient/health plan member protected health information (PHI))
- Timeline (Effective date of the rule, timelines related to certain requirements identified in the privacy rule such as accounting of disclosures, document retention requirements, etc.)
- Key Definitions: Review of key definitions associated with the Privacy Rule and how they apply to rule application and compliance.
- Deidentified Information
- Health Care Operations
- Notice Requirement: Review of the requirements to draft and make available a notice of privacy practices, the content of such notice, revision requirements, and availability requirements.
- Core Elements
- Changes to a Notice
- First Interaction
- Authorization versus Consent Requirement: Review the legal definitions of consent and authorization and what they would be used for. Review of the legal requirements related to obtaining authorization, the form of such authorization, and content requirements.
- Definition of “consent”
- Definition of “authorization”
- Legal differences between “consent” and “authorization”
- Core Data Elements and Required Statements
- Defective Authorizations
- Key Parties Impacted: A discussion of all entities or individuals directly or indirectly impacted by the rule and why.
- Minimum Necessary: Discussion of the definition of the minimum necessary and when it applies to the use and disclosure of PHI (internally and externally)
- Oral and Other Non-electronic Communications: A discussion of what constitutes PHI pursuant to the rule and the related requirements to protect non-electronic PHI, including oral PHI.
- Health-Related Communications, Fund Raising, and Marketing: Review of the requirements related to the use of PHI for communications other than treatment, payment, and health care operations. Also, a review of the strict requirements relating to the use of PHI for marketing and fundraising.
- Research: A review of the requirements related to the use of PHI for research including what processes must be followed prior to allowing the use of PHI in research without the patient/health plan member’s authorization.
HIPAA Privacy Training – Day 2 Privacy
HIPAA Privacy Rule Part 2
- Policy & Training Requirements: A review of the implied and explicit requirements to develop, implement and maintain privacy policies and procedures and the requirement to provide initial and ongoing staff training.
- Preemption Requirements: A review of state law preemption. This includes a discussion regarding when state law may preempt the rule without specific authorization from the US Department of Health and Human Services (HHS) and when authorization is required prior to state law preemption of HIPAA.
- State Privacy Laws: A general review of state privacy laws that preempt HIPAA (categorized as specially protected health information) with specific reference to select California state laws.
- Federal Privacy Law – 42 CFR Pt. 2: A discussion of the more stringent requirements found in 42 CFR Pt. 2 relating to alcohol and chemical dependency
- Statutory/Rule Conflict Resolution: Discussion of how to respond when federal and/or state law conflicts.
- Case Law: A review of general case law that has impacted the application of HIPAA, state privacy laws, and impacts legal risks.
HIPAA Security Rule Part 1
- Threats: General review of threats (real and perceived) prompting Congress to include security requirements in the HIPAA Administrative Simplification Title.
- Definition and Terminology: Review of general definitions of security and specifically how those definitions apply to the rule and what data must be protected by the implementation of appropriate security measures.
- Security Services
- Security Mechanism
- Security Rules: Detailed review of the security rule, components of the security rule, and specific requirements (including a reference back to security requirements referenced in the HIPAA Privacy Rule).
- Categories of Safeguards
- Implementation Specifications
- Approach and Philosophy
- Security Principles
- Administrative Safeguards
- Physical Safeguards
- Technical Safeguards
- Organizational Requirements
- Policies and Procedures, and Documentation Standards
- Overview: This is normally an overview of the HIPAA rule and its requirements which include individuals and entities subject to it.
- Definitions: It comprises of reviews on rule definitions including what is; a violation, to be HIPAA compliant, the definition of an agent, HHS enforcement powers, and resolution processes.
American Recovery and Reinvestment Act of 2009 (ARRA), Title XIII – HITECH
This is the general overview of the required provisions and incentives of Title XIII Health Information Technology (HIT). The overview is meant to cover the role of security and privacy in investment provisions and the development of standards of HIT.
American Recovery and Reinvestment Act of 2009 (ARRA), Title XIII, Subtitle D – HITECH
- Privacy Provision Overview: This should be a brief introduction to the privacy provisions which are part of ARRA and their relationship to HIPAA Administrative Simplification Title provisions.
Omnibus Rule of January 2013
- Breach Notification Rule
- New Limits on Uses and Disclosures of PHI
- Business Associates
- Increased Patient Rights
- Notice of Privacy Practices
- Increased Enforcement
HIPAA Training for Security, Privacy, and Transaction: Pricing
The cost includes Training Kit:
- HIPAA Compliance Training Manual (worth $450)
HIPAA Certification Test:
The above training prepares you for HIPAA certification of:
- Certified HIPAA Privacy Expert (CHPE)
- Certified HIPAA Privacy Associate (CHPA)
Continuing Education Requirements After Getting Certified:
All certified professionals are required to take Cyber Security Awareness For Employees within 1 month of getting certified. You can take this training before or after getting certified. If you are a cybersecurity professional, you can request an exception (provide the reason why you should not take the training and provide your cybersecurity certification credentials) to take this training but you will have to complete the test.
Course Name: CyberSecurity Awareness For Employees
Description: OCR is focusing on cybersecurity awareness for the covered entities and business associates after the FBI issued a warning for the healthcare industry. This training is a continuing education course needed for all HIPAA certifications (CHPSE, CHPE, and CHSE) professionals to maintain their credentials. This is a non-technical course and anyone can take it. There are no prerequisites for it.
Students learn how hackers use social engineering tools like spoofing, Deceptive Phishing, W2 Phishing, Search Engine Phishing, Pharming, Spear Phishing, Whaling / CEO Fraud, Vishing, SMiSHing, Dropbox Phishing, Google Docs Phishing, Image Phishing, Piggybacking, Dumpster diving, Eavesdropping and many more on company employees. With different types of Malware like Computer viruses, Worms, Trojan horses, Ransomware, Spyware, Adware, Scareware, Keylogger, etc., you want to be aware of threats around you. The overall goal is to protect you from financial losses, identity theft, and damage to your reputation caused due to breaches of security by criminals.
Cost: Included with the HIPAA training cost. You need to buy a Certified Cybersecurity Awareness Professional (CCAP) certification exam if needed.
Once a year all students will have to go through one hour of an update course (normal cost $99) which will include relevant regulation changes and other OCR/HHS activities on compliance and enforcement.
To maintain your HIPAA certification, you will continue taking updated courses when they are released. You will receive a new certificate when your certificate will expire if you have taken all required updated courses. You will NOT be required to take any test if you have taken the updated courses regularly.
Certificate for Continuing Education Credits:
Students can buy a CE credits certificate for this course at the time of registration. You will receive 16 CE credits for this course through the Approved Provider of California Board of Registered Nursing after completing the course.
To View HIPAA Training Schedule:
For more information, please contact us at: Bob@supremusgroup.com