Privacy and Security Institute

October 11, 2008

Washington State Convention and Trade Center

Seattle, WA

(This program is being offered in conjunction with the 2008 AHIMA Convention & Exhibit)

[Agenda | Registration | Hotel & Transportation]

General Description

Compliance monitoring and risk assessment responsibilities pose ongoing challenges for privacy and security professionals – especially in the face of dynamic organizational and industry change.  Programs design, activities, and follow-through are impacted by service level changes, system implementations, advancing technology, and the degree to which the two programs work together.  This interactive, all-day program offers participants best practice knowledge for updating programs and demonstrating compliance. Join like-minded colleagues for knowledge sharing and collegial networking.  Take away practical insights to evolve your privacy and security programs and reduce organizational risk.

Objectives/Benefits -- What Participants will Learn: 

• Identify key steps to ease administration of risk assessment updates
• Learn effective management approaches to ongoing privacy and security compliance monitoring
• Gain insights into oversight organizations’ privacy and security compliance survey activities -- CMS, OCR and the OIG
• Understand key steps for synchronizing privacy and security programs to optimize information privacy protections

Session  Descriptions

Keeping Up with Privacy and Security Risk Assessment Updates

Dynamic healthcare industry and organization changes make risk assessment updates in privacy and security programs a moving target.  How do healthcare organizations remain proactive in addressing privacy and security practice risks to help ensure optimal compliance within their facilities in the face of system implementations and service level changes?  This session will focus on identification of key steps to ease the administration of this ongoing process.        

Privacy and Security Compliance Monitoring: What and How

Even when written privacy and security policies and procedures are up-to-date and education and training is fresh, do organizations know whether practices are being interpreted consistently and the directives are optimally followed by the workforce?  An individual’s privacy rights depend on it. It’s common industry knowledge that behind every privacy breach is a security breach – and most commonly perpetrators are internal within a healthcare organization.  This session will assist you in thinking through effective management approaches to ongoing privacy and security compliance monitoring.

Privacy and Security Compliance Surveys: What to Expect from OCR, CMS, and the OIG

Privacy and security compliance enforcement is picking up in the US.  Previous industry patterns of cooperative federal assistance for compliance issues and low incidence of breach penalties have paralleled frequent media stories of lax interpretation and management of breach activity.  This session will review changing industry enforcement activity and offer participants insights into how to weave readiness into privacy and security risk assessments and compliance monitoring programs.

Synching Up: Privacy and Security Programs Working Together to Optimize Confidentiality

Achieving privacy and security compliance is an ongoing challenge, perhaps made more so, by a tendency toward silo management of privacy and security programs within healthcare organizations.  Privacy might be thought of as the administrative, human aspects while security is technological. Yet their goal is the same -- confidentiality of patient health information. This session addresses the symbiotic opportunities and benefits that come from synching up the two programs. Attendees will take away key insights on how and where operational and compliance advantages can come from program integration.  

Minimum of 6 CEUs for this one day institute.

Learning Level

[ About AHIMA | Schools/Jobs | Professional Development | HIM Resources | Foundation | Help | Site Map ]

Copyright © 2009 by the American Health Information Management Association. All rights reserved. No part of this site may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association. All contents, including images and graphics, on this Web site are copyrighted by AHIMA unless otherwise noted. You must obtain permission to reproduce any information, graphics, or images from this site. Permission must also be obtained to link to any of AHIMA's Web sites. To request permission, fill out the AHIMA Permissions Request or contact permissions@ahima.org.