HIPAA Security Training

The main motive of the two-days classroom HIPAA training course is to understand the HIPAA Security rule implications and some of the crucial compliance requirements for your client or business. By this training, you will be able to form frameworks that will help you work better towards being HIPAA Security Compliant and be able to conduct periodical audits to avoid penalties.

Our Training includes changes to the HIPAA regulations due to Health Information Technology for Economic and Clinical Health (HITECH) Act which is part of American Recovery and Reinvestment Act of 2009 (ARRA) and Omnibus rule published in 2013. Our HIPAA trainers, who are as well HIPAA consultants, provide their support to your organization or entity to be HIPAA compliant, by going through the HIPAA requirements checklist for Auditing as issued by the Department of Health and Human Services (DHHS). Through the relevant steps, our trainers also guide how you can be compliant with the latest HIPAA audit specifications as per the DHHS Office of e-Health Standards and services requirements.

In this HIPAA training, we also elaborate on the importance of HIPAA in relation to steps towards being HIPAA compliant and the infrastructure of information systems. You will also equip with the necessary information for your HIPAA Certification of Certified HIPAA Privacy Associate (CHPA) and Certified HIPAA Security Expert (CHSE).

Certificate for Continuing Education Credits:

Students can buy CE credits certificate for this course at the time of registration. You will receive 16 CE credits for this course through Approved Provider of California Board of Registered Nursing after completing the course.

HIPAA Training for Security: Learning Objectives

This training will give you advanced competency in designing, implementing, and administering comprehensive security protection programs for all types of health-care organizations. You will learn the following about HIPAA:

  • New updates to HIPAA rule due to HITECH, a part of ARRA and Omnibus rule published in 2013.
  • Specific requirements and implementation features within each security category.
  • How to plan and prepare for HIPAA compliance step vise: HIPAA is about awareness first, assessment second and finally action focused on gaps identified.
  • All required and addressable HIPAA Security Implementation specifications.
  • Core elements of security policy document for a health-care entity.
  • Core elements of a compliance plan which every health-care entity is required to develop for business continuity and disaster recovery.
  • International security standards, NIST, ISO’s 27002 and the BS 7799.
  • Crosswalk between NIST, SOX, ISO and HIPAA requirements.

HIPAA Training for Security: Target Audience

  • Healthcare Provider & Payer security compliance employees
  • IT Managers
  • IT Staff
  • Security Auditors
  • Security Consultants
  • Security Lawyers involved in health care
  • Network Manager and engineers
  • Database administrators
  • Software Developers
  • Consultants who provide security advice to health-care organizations

Course Outline for HIPAA Security

HIPAA Security Training – Day 1 HIPAA Security Rule

HIPAA Security Rule Part 1

  1. General:
  2. Threats: General review of threats (real and perceived) prompting Congress to include security requirements in the HIPAA Administrative Simplification Title.
  3. Definition and Terminology: Review of general definitions of security and specifically how those definitions apply to the rule and what data must be protected by implementation of appropriate security measures.
  1. Security
  2. Security Services
  3. Security Mechanisms
  1. Security Rules: Detailed review of the security rule, components of the security rule and specific requirements (including a reference back to security requirements referenced in the HIPAA Privacy Rule).
  1. Categories of Safeguards
  2. Implementation Specifications
  3. Approach and Philosophy
  4. Security Principles
  1. Administrative Safeguards
  2. Physical Safeguards
  3. Technical Safeguards
  4. Organizational Requirements
  5. Policies and Procedures, and Documentation Standards
  6. Administrative Safeguards: Definition of “administrative safeguards” as they relate to security and the rule. A review of required administrative safeguards and their application within a covered entity and business associate.
  7. Administrative Safeguards
  8. Security Management Process
  9. Assigned Security Responsibility
  10. Workforce Security
  11. Information Access Management
  12. Security Awareness and Training
  13. Security Incident Procedures
  14. Contingency Plan
  15. Evaluation
  16. Business Associate Contracts Standard
  17. Physical Safeguards: Definition of “physical safeguards” as they relate to security and the rule. A review of required physical safeguards and their application within a covered entity and business associate.
  18. Requirements
  19. Facility Access Controls
  20. Workstation Use
  21. Workstation Security
  22. Device and Media Controls
  23. Physical Safeguards Review

HIPAA Security Rule Part 1

  1. Technical Safeguards (general): Definition of “technical safeguards” as they relate to security and the rule. A review of required technical safeguards and their application within a covered entity and business associate.
  2. Requirements
  3. Access Control
  4. Audit Controls
  5. Integrity
  6. Person or Entity Authentication
  7. Security Compliance process: Risk Analysis, Vulnerability Assessment, Remediation, Contingency Planning, Audit & Evaluation
  8. Transmission Security
  9. Technical Safeguards (technical details): A review of required technical safeguards including a more technical review of required or addressable safeguards, implementation, and on-going maintenance.
  10. TCP/IP Network Infrastructure
  11. Firewall Systems
  12. Virtual Private Networks (VPNs)
  13. Wireless Transmission Security
  14. Encryption
  15. Overview of Windows XP and Vista Security

HIPAA Security Training – Day 2 Security, Enforcement Rule & ARRA 2009

HIPAA Security Rule Part 2

  1. Digital Signatures & Certificates: A review of the use of higher forms of individual or entity authentication that is quickly becoming a requirement legally and to reduce legal risk.
  2. Requirements
  3. Digital Signatures
  4. Digital Certificates
  5. Public Key Infrastructure (PKI)
  6. Solution Alternatives
  7. Identity theft prevention and HIPAA
  8. Security Policy: A review of the requirements to document security program practices and processes in policy and related workforce training requirements. Also a review of required policy maintenance and retention.
  9. Risks, Risk Management and Policy Development/Implementation
  10. General Security Standards Impact on Policy Development
  11. Policy Training Requirements
  12. Security Policy Considerations

Enforcement Rule

  1. Overview: An overview of the rule and rule requirements including entities and individuals the rule applies to.
  2. Definitions: A review of rule definitions including (not inclusive) what represents a violation, compliance, definition of agent, resolution processes and HHS enforcement powers.
  3. Informal resolution process: A discussion of what an informal resolution is and what it entails. Also, a review of the rule’s emphasis on informal resolution and language allowing such resolution at any phase of violation investigation, penalty assessment and appeal.
  4. Formal resolution process (i.e., penalties, administrative hearings, appeal process, etc.): A discussion of what would likely trigger a formal resolution process, HHS requirements and authority to investigate, rights and responsibilities of covered entities and resulting actions if civil penalties are levied and paid by the covered entity.
  5. Compliance audits A discussion of the authority to conduct compliance audits, current audit activity, and prospective audit activity.

Identity Theft Protection Laws
A general review of existing identity theft protection laws and breach notification requirements. Includes the specific discussion of California identity theft and medical identity theft protection laws.

American Recovery and Reinvestment Act of 2009 (ARRA), Title XIII
This should be an introduction that will cover general aspects on the incentives and requirements provisions of the Title XIII health information technology (HIT). These discussions will also touch on the purpose of security and privacy in HIT investment provisions and development of standards.

American Recovery and Reinvestment Act of 2009 (ARRA), Title XIII, Subtitle D – HITECH

  1. Privacy Provision Overview: Overview of the privacy provisions included ARRA and the relationship to the HIPAA Administrative Simplification Title provisions.
  1. Business Associates – New Requirements: A discussion of business associates’ new requirement to statutorily adhere to the provisions of the HIPAA Administrative Simplification Title Privacy and Security Rules. The discussion includes a review of the timeline for compliance and the implications for business associates.
  2. National Identity Theft Protection Provisions: A discussion of the requirements of the new identity theft protection provisions, what is considered a breach or inappropriate disclosure, breach notification requirements and entities/individuals covered. The discussion also includes new reporting requirements by entity/individual, HHS and the Federal Trade Commission (FTC).
  3. Marketing Prohibitions and Restrictions: An overview of the enhanced restrictions related to the use and disclosure of PHI where the entity or individual is paid for such use and disclosure and stricter prohibitions against using PHI for marketing purposes.
  4. Enforcement Provisions: A discussion of the new enforcement provisions, entities/individuals covered and how such enforcement relates to the HIPAA Enforcement Rule and current compliance audits. The discussion also includes a discussion of changes in penalties and the addition of a newly defined criminal act (formerly a civil violation).
  5. Reporting Requirements: A discussion of new requirements for the reporting of breaches to HHS and/or the FTC and annual reports relating to compliance, rule violations, breaches, etc. to Congress and the public.

Omnibus Rule of January 2013

  1. Background
  2. Breach Notification Rule
  3. New Limits on Uses and Disclosures of PHI
  4. Business Associates
  5. Increased Patient Rights
  6. Notice of Privacy Practices
  7. Increased Enforcement

HIPAA Training Schedule

If you need additional information for this course or conduct onsite HIPAA Security Training for your employees, contact us at Bob@supremusgroup.com or call (515) 865-4591.

HIPAA Training for Security: Pricing

(Opens in New Window)
$1500 per student.
The cost includes Training Kit

  • HIPAA Compliance Training Manual (worth $450) & meals during training).

Course Duration: 2 Days

To View Training Schedule:

View Training Schedule for  Here

HIPAA Certification Test:

The above training prepares you for:

  • Certified HIPAA Security Expert (CHSE)
  • Certified HIPAA Privacy Associate (CHPA)

Continuing Education Requirements After Getting Certified:

Once a year all students will have to go through one hour of update course which will include relevant regulation changes and other OCR/HHS activities on compliance and enforcement.

To maintain your certification, you will continue taking update courses when they are released. You will receive a new certificate when your certificate will expire if you have taken all required update courses. You will NOT be required to take any test if you have taken the update courses regularly.

View Training Class Schedule for  HIPAA Security Training of CHSE

(Opens in New Window)

Our mission is to provide the highest quality service to achieve your educational goals.

For more information, please contact us at bob@supremusgroup.com or call (515) 865-4591

Refund Policy (Opens in New Window)