|
| |
Getting Practical with Privacy and Security - Session Descriptions
Getting Practical with Privacy and Security |
 |
April 19-20, 2004
Sheraton Anchorage Hotel
Register Today
|
Session Descriptions |
Preemption and Analysis of State Laws
Although HIPAA sets a national floor for minimum privacy standards, some states have stronger laws that provide additional privacy protection. In drafting the HIPAA privacy regulations, legislators decided not to preempt these state mandates. Make sure you’re aware of how this provision adds an additional challenge as you work toward HIPAA compliance.
Overview of the Security Rule
This session provides an overview of the HIPAA Security Rule and its key concepts. After this overview, we’ll move into a more detailed discussion of security.
Accounting of Disclosures
Learn how to establish a HIPAA-compliant process for tracking and reporting an accurate accounting of disclosures. You get everything you need to understand the requirements for meeting this mandate, including sample documents and tools.
Risk Analysis
HIPAA requires that covered entities perform a risk analysis. Find out how to assess and analyze your organization’s information security risks.
Handling Patient Complaints
The Privacy Rule established an individual’s right to file a complaint regarding how protected health information is used and disclosed by a covered entity. Here’s how to get your organization ready to respond to complaints by showing you how to establish workable procedures.
Audit Trails
Audit trails are necessary for detecting inappropriate data access within systems. Gain an understanding of the responsibilities, types, and objectives inherent in audit trails and monitoring.
Special Challenges in Disclosure: Marketing, De-Identification, Research, and Registries
There are many unique health information environments with their own special disclosure issues beyond routine disclosures of protected health information. Come away with a solid grasp of the various types of disclosure guidelines for marketing, research, and cancer registries as a part of HIPAA.
Business Associate Release of Information
The contract between the covered entity and a business associate must establish the permitted and required uses and disclosures of protected health information by the business associate. Get practical advice on the best way to write, implement, and monitor the release of information function of business associate agreements.
Selecting and Implementing Security Controls
When you consider the security controls for your organization, you’ll discover there’s no shortage of options or vendors. Cut through the process and understand your role in making the most effective choices.
Minimum Necessary and Access Controls: Impact on Privacy and Security
The minimum necessary standard requires covered entities to make a reasonable effort to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. Discover how information access controls are a clear means to establish and maintain formal, documented policies and procedures for granting different levels of access to healthcare information and meeting the minimum necessary use requirements. You’ll leave the session with a plan of action that allows you to address both issues.
Managing Security
Security is an ongoing responsibility. After you have established controls, you need to understand how to properly manage them. We’ll give you recommendations for managing information security and ideas for keeping up with new threats and vulnerabilities.
Tracking HIPAA Compliance Documentation
Covered entities must keep records and submit compliance reports to the Department of Health and Human Services, so they can determine compliance. Gain the means for establishing a workable process for managing and tracking the myriad HIPAA compliance documents you’re required to maintain.
Privacy and Security Education and Training
Equip yourself with a positive approach to conducting privacy and security training and awareness. Discover ways to assess and improve your program’s effectiveness.
Sanctions and Employee Termination Procedures
Covered entities are required to have appropriate sanctions against employees who do not comply with the entity’s privacy and security policies and procedures. Here’s how to enhance your workplace’s policy with consistency. We give you the tools you need, including: training programs, job descriptions, employee manuals, confidentiality statements, and disciplinary review protocols.
Business Continuity Planning
Our reactions to an event can often be more important than the event itself. The focus of this session is on the fundamental components of contingency and disaster recovery planning.
FACULTY
Carol Ann Quinsey, RHIA
Ms. Quinsey is a professional practice manager at AHIMA and has spent over 20 years working in the HIM profession. Prior to joining AHIMA, she served on the HIPAA Implementation Team for Children’s Hospital/Regional Medical Center in Seattle, WA, and has worked extensively in acute care settings as the organizational leader for medical records, medical transcription, quality improvement, utilization management, and medical staff services. She has also held leadership positions for the implementation of clinical information systems in two large HMOs. Ms. Quinsey holds a Bachelor of Science in Health Information Management from Seattle University.
Tom Walsh, CISSP
Mr. Walsh is owner of Tom Walsh Consulting, LLC, and conducts security training, risk analysis, and remediation activities for healthcare clients. He speaks at numerous national conferences on implementing the HIPAA privacy and security requirements. Mr. Walsh has also held positions as a principal consultant at CTG HealthCare Solutions, and manager of enterprise security at Healthcare Computing Strategies, Inc. He was also the information security manager for Saint Luke’s-Shawnee Mission Health Systems in Kansas City, MO, where he was responsible for the development and implementation of the information security program.
|
[ About AHIMA
| Schools/Jobs
| Professional Development
| HIM Resources
| Foundation
| Help
| Site Map
]
|
Copyright © 2008 by the American Health Information Management Association. All rights reserved. No part of this site may be reproduced, reprinted, stored in a retrieval system, or transmitted, in any form or by any means, electronic, photocopying, recording, or otherwise, without the prior written permission of the association. |
|
All contents, including images and graphics, on this Web site are copyrighted by AHIMA unless otherwise noted. You must obtain permission to reproduce any information, graphics, or images from this site. Permission must also be obtained to link to any of AHIMA's Web sites. To request permission, fill out the AHIMA Permissions Request or contact permissions@ahima.org. |
| |
Print page
