HIPAA Risk Analysis: The HIPAA Standard, HIPAA Security Rule

MentorHealth
Duration: 60 Minutes
Instructor: Joyce Freville
Webinar Id: 800312

Recorded

$225.
One Attendee

Overview:

The HIPAA Security Rule establishes national standards to protect individuals electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

The Administrative Safeguards provisions in the Security Rule require covered entities to perform risk analysis as part of their security management processes. The risk analysis and management provisions of the Security Rule are addressed separately because by helping to determine which security measures are reasonable and appropriate for a particular covered entity, risk analysis affects the implementation of all of the safeguards contained in the Security Rule.

Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the HIPAA Security rule.

The webinar will discuss key elements of the Security Rule including who is covered, what information is protected, and what safeguards must be in place to ensure appropriate protection of electronic protected health information.

Risk analysis should be an ongoing process, in which a covered entity regularly reviews its records to track access to e-PHI and detect security incidents, periodically evaluates the effectiveness of security measures put in place, and regularly reevaluates potential risks to e-PHI. The HIPAA Breach Notification Rule, 45 CFR ยงยง 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information.

HHS Office for Civil Rights is responsible for enforcing the Privacy and Security Rules. Enforcement of the Privacy Rule began April 14, 2003 for most HIPAA covered entities. Since 2003, OCR's enforcement activities have obtained significant results that have improved the privacy practices of covered entities. The corrective actions obtained by OCR from covered entities have resulted in systemic change that has improved the privacy protection of health information for all individuals they serve.

HIPAA covered entities were required to comply with the Security Rule beginning on April 20, 2005. OCR became responsible for enforcing the Security Rule on July 27, 2009. OCR enforces the Privacy and Security Rules by 1) investigating complaints filed with it, 2) conducting compliance reviews to determine if covered entities are in compliance, and 3) performing education and outreach to foster compliance with the Rules' requirements.

OCR also works in conjunction with the Department of Justice (DOJ) to refer possible criminal violations of HIPAA.

The Health Information Technology for Clinical and Economic Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009, gave State Attorneys General the authority to bring civil actions on behalf of state residents for violations of the HIPAA Privacy and Security Rules.

The HITECH Act permits State Attorneys General to obtain damages on behalf of state residents or to enjoin further violations of the HIPAA Privacy and Security Rules.

Areas Covered in the Session:

  • Overview of Office of Civil Rights (OCR)
  • How to evaluate the likelihood and impact of potential risks to e-PHI
  • How to implement appropriate security measures to address the risks identified in the risk analysis
  • How to maintain continuous, reasonable, and appropriate security protections

Who Will Benefit:
  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager

Speaker Profile
Dr. Freville is an independent consultant who advises healthcare clients regarding many regulatory issues including but not limited to compliance and HIPAA/HITECH program effectiveness.

She establishes compliance department operations to include planning, designing, and implementing system-wide Corporate Compliance and HIPAA/HITECH Programs. She writes Codes of Ethical Conduct and compliance policies and procedures for providers.

In a previous position, Dr. Freville assisted with the design and management of a company-wide infrastructure to support a Corporate Integrity Agreement (CIA) with the U.S. Department of Health and Human Services with clinical and financial components.

In addition, she was a Senior Medicare Auditor and has over 14 years experience as Directors of Finance, Accounting, and Reimbursement in home health, hospital, pharmacy, and long-term care. In addition, she was a healthcare Compliance Officer for 13 years. Dr. Freville retired from the U.S. Army Reserve as a Command Sergeant Major.

Dr. Freville earned a doctorate in Human Services with a specialization in Health Care Administration from Capella University. In addition, she earned a Master of Business Administration from Webster University, a Bachelor of Science in Accounting from Arizona State University, and is certified in Health Care Compliance (CHC) and Health Privacy Compliance (CHPC). Additionally, she is a member of the Health Care Compliance Association, Louisville Armed Forces Committee and Federal Bureau of Investigation Citizen Academy Alumni.


You Recently Viewed