Overview: Everyone that has access to Protected Health Information has a role in activity review monitoring. The user may need to monitor activity under their login, supervisors, managers and directors should understand what is happening within their departments, security personnel must know and understand what they should be reviewing, the management of the organizations should know what is being reviewed,why it is being reviewed and what that means to the organization. This session will include activity review at the application and network layer.
Audit logs and information can be found at the network, server and application level and all levels of the organization should be aware of the importance of these activity reviews. This includes every employee to the board of the company. This session will explore the type of information everyone should be aware of and methods to communicate this to them. When actively reviewing access reports this session will discuss methods to accomplish this important task.
Why should you attend: The HIPAA Security Management Standard is the foundation of the security rule and it requires organizations to - Implement procedures to regularly review records of information system activity, such as:
Access Reports; and
Security incident tracking reports
In this session we will review what audit logs should be reviewed and why, how to review access reports and what construes a security incident and why and how an organization should review them. In addition, this session will discuss what information should be communicated to various levels within the organization. Security is everyone’s responsibility and understanding what can be reviewed and by whom is critical.
Areas Covered in the Session:
Why it is important to review this information
Who should be involved in this review
What information should be reviewed
How to obtain this information
Who Will Benefit:
Information Security Officers
Compliance and Privacy Officers
IT/IS Management and Staff
Contract Management Department
William Miaoulis CISA, CISM, is a senior healthcare information system (IS) professional with more than 20 years of healthcare Information Security experience. Bill is the founder and primary consultant for HSP Associates. Prior to starting HSP Associates in January of 2013, Bill was the Chief Information Security Officer (CISO) and led the HIPAA security and privacy consulting efforts for Phoenix Health Systems for over 11 years and also was the HIPAA Consulting Manager for SAIC for 18 months. For seven years, Miaoulis was the University of Alabama Birmingham (UAB) Medical Center’s Information Security Officer, where he instituted the first security and privacy programs at UAB starting in October 1992.
Phone No: 800-385-1607
Event Link: http://bit.ly/1cvopTU
Overview: The webinar will explain the process for covered entities and business associates to use to draft, adopt, and implement HIPAA compliance policies. The webinar will begin with a discussion of how to decide, using a gap analysis and a risk analysis, what policies the organization needs, including required, addressable, and other policies. Then, the webinar will cover writing a policy. Writing a policy is easier than one may think. It is a three-step process: researching, drafting, and revising.
This webinar will teach you to ask questions, solicit help, collect samples, keep the principles of substance, organization, coherence, style, and correctness in mind while you are drafting, send your draft out for review, incorporate comments, implement the policy, and repeat as necessary. The prospect of developing and writing perhaps as many as 70 policies to attain HIPAA compliance may still seem daunting, but this webinar will teach you how to make a checklist, take it step by step, and enlist the help of others when you need it.
Why should you attend: The majority of the DHHS civil money penalties and settlements in lieu thereof involve, sometimes with other violations, failure to perform a written risk analysis, failure to develop required policies, and failure to conduct adequate HIPAA training. These penalties usually are in the seven-figure range.
Failure to conduct a written risk analysis, adopt required policies, or conduct required training qualifies as "willful neglect," which carries the highest civil money penalty ("CMP") and which penalty cannot be waived by DHHS as can violations due to a reasonable cause. DHHS entered into a settlement with Massachusetts General Hospital for $1 million for a breach involving leaving paper PHI records on a subway. The sanction was because Massachusetts General had not trained its workforce on proper security for PHI taken offsite and did not have a work-at-home policy. Significantly, HIPAA does not even mention working at home, much less specifically require such a policy.
Areas Covered in the Session:
Learn how to decide which policies to write and adopt, using gap analysis and risk analysis
Learn which policies are required and which are addressable
Learn about other policies that your organization may need that are not mentioned in the HIPAA regulations but that organizations have nonetheless been fined for not having
Ask questions. Learn why you need to nail down the answers to at least 12 questions before you try to write a policy and how to do so
Solicit help. Learn whom to solicit help from both within and outside your organization and when and why and how
Collect samples. Learn what samples to collect and from whom
Substance. Learn what substance means and how to achieve it
Organization. Learn how to draft a clear beginning, a clear middle, and a clear end
Coherence. Learn how to connect your ideas so that readers will not have to wonder where something came from or why
Style. Learn how to write for your target audience as simply and clearly as possible
Correctness. Learn how to get rid of the static in your writing
Review. Learn whom to contact to review your drafts
Incorporate. Learn how to resolve disputes and incorporate changes
Implement. Learn how to lay out a plan for implementation of the policy, including publishing, distribution, implementing (and perhaps even training the workforce on the policy), and schedule for annual review and revision, if necessary
Questions and answers
Who Will Benefit:
Information Systems Manager
Chief Information Officer
Health Information Manager
Alice M. McCart has been an editor for more than three decades and an attorney admitted to practice law in Illinois since 1993. She has master’s degrees in teaching and journalism and enjoys freelance editing, tutoring, and teaching effective writing to adults. She has held positions in the federal government, in professional associations, in the corporate world, in private law practice, and in HIPAA consulting.
Phone No: 800-385-1607
Event Link: http://bit.ly/1kERG1f