atanu1982 / major-hipaa-survival-guide Goto Github PK

The HIPAA Survival Guide was developed as a collaborative effort between an attorney and a registered nurse, both licensed in the State of Florida. In addition the authors, both individually and collectively, have significant technology experience. However, neither author had significant HIPAA experience prior to this effort, although both had compliance experience in other industries. For personal and professional reasons, the need arose to acquire a much deeper understanding of HIPAA, especially in light of the recent nationwide initiatives of the administration regarding electronic health records. HIPAA 2018 Changes: In this HIPAA session we will be discussing HIPAA 2018 Changes taking place in Washington with the Health and Human Services when it comes to the enforcement of the HIPAA regulations already on the books as well as some step-by-step discussions on the audit method and some current functions regarding HIPAA cases (both in courtrooms and from live audits). Attend this Session Items in your Checklist Folders Documenting everything in the company from the company privacy, security and breach policies Reviewing training, rule, procedures used, documentation & updating them from time to time Having and implementing a foolproof risk mitigation plan Having a budget in the company allocated to ensure HIPAA compliance Performing an internal audit, at regular intervals of security risk analysis to find any vulnerability Creating and updating an action plan to address any security risk analysis Documenting all actions, correspondences and agreements with the patient or Business Associates at company and the involved personnel level Training employees on the steps, recording the same against employee and training on how to implement HIPAA compliance requirements on protecting PHI and ePHI Updating the provider's risk analysis or risk management plans if the same has not been done for two years or more Partial Privacy rule checklist that your auditor would bring in: Policy and procedure statement Steps on how to follow the policy and procedure Tracking your practice mechanism Keeping documentation of past history HIPAA - Texting & Emailing in 2018: With the introduction of smartphones, emails have become the even more accessible form of communication. In conjunction with email comes the issue of security and them being intercepted and read by unintended persons. Precautions and steps are to be taken at every step of the way. So for a Healthcare concern or a business associate, it's a key to maximize patient communication tools while protecting itself and the organization from government penalties and patient lawsuits. Attend this Session Violation of the rule and its consequences: Proving if they have violated will mean they go through the steps used to follow and implement the rule backward and showing its loop holes Sanction and training issue which is not tracked for future purpose or training of procedures do not reach employees Breach notification is when we have found out that a procedure is violated by going step by step into how it was implemented Any unsecured PHI leaving the company should be authorized else it’s a breach under most situations Defending and settling a law suit is real heavy - like 100k defend the case, fine for breach and 500k for settlement HIPAA Privacy Officer: Module 1: HIPAA Privacy Officer Training will uncover all HIPAA and HITECH expectations in protecting patient and member's right to privacy and the confidentiality of Protected Health Information (PHI) as you engage in treatment, payment, and healthcare operations (TPO) services. Attend this Session Incident management in HIPAA basically has these thought process involved: How do we investigate if the issue/incident is a violation? How are we handling the incident? How are we tracking issue on a continuous basis? How are you resolving the incidents? How are we recording the issue? How do we contact the person/employee involved? Who is carrying on the investment, the incident manager? Invoking methodology for determining if the incident has happened - it could be a rule violation or requires a breach notification Plan how to handles sanction against an employee who violates the rules Store violations/breaches data in a specified compliance repository folder at all times Any sanctions against an employee should be stored against him/his personal file HIPAA Privacy Officer Module: 2 : HIPAA Privacy Officer Training will cover all ongoing activities of a Privacy Program related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, and access to, patient health information in compliance with federal and state laws and the healthcare organization's information privacy practices. Attend this Session Authorization of PHI access: Have a global process for how the authorization is handled From tracking when it's applied Who made the request? Who took the application? Who signed the authorization? How the authorization is handled? How is the patient communicated? Process should be in place and documented as to how authorizations are done per access Document when authorizations are mandated by HIPAA rule for using PHI data Ensure you always match the authorization in house with the actual HIPAA privacy rules Train staff when authorization is needed and keep track of the training in their personal file Always revisit your rule and match them to HIPAA rule and train guys Documents not reviewed regularly are willful neglect and can by itself mean a breach Always track who has access and authorization in a public repository at company level Patient file should have the request for data tracked and recorded in their personal files Self-audit at random times about how we can track authorization for PHI......https://www.complyarena.com/articledetails/HIPAA-Survival-Guide