Health Insurance Portability and Accountability Act, including fundamentals, privacy, security, and common myths. This course will shows you where and how HIPAA affects health care and insurance through modifications to other related laws. Offered in an easy-to-follow format, the text includes examples, real-life scenarios, and optional interactive features to help you better understand important concepts, test that understanding, and prepare you for a rewarding career in health care.

Prerequisite: Knowledge of Healthcare Technology 

Course Concepts

• The original reason for writing HIPAA
• The scope of HIPAA law to both health care and the insurance industry
• The need to protect privacy and security of health information
• Types of entities who are Covered Entities
• The importance of the HIPAA Officer
• Scenario to bring the ruling into work place perspective
• Know the definition of protected health information (PHI).
• Recognize the difference between consent and authorization and their use in HIPAA.
• Be familiar with required disclosures, those permitted without authorization, and those permitted with authorization.
• Identify when Business Associate contracts must be obtained.
• Understand how HIPAA mandates training for the public and health care workforce.
• Grasp how the DHHS has ordered compliance with HIPAA law.
• The need for national standards for electronic transactions
• The code sets mandated by HIPAA law
• The structure of the electronic transactions to simplify reimbursement for health care services
• The value of Trading Partner agreements
• The enforcement guidelines set up by the Department of Health and Human Services
• The need for safeguards of electronic protected health information (ePHI)
• The basics of administrative, physical, and technical safeguards for ePHI
• The role of the HIPAA security officer who is responsible for local training and enforcing of HIPAA security regulations
• The government’s role in overseeing compliance and receiving a complaint
• The unique identifiers defined by HIPAA
• Identifiers that have been mandated and status of other identifiers to date
• Where to find latest information of changes to HIPAA law
• The problems of medical identify theft
• Some myths related to HIPAA

Top 10 Reasons Why HIPAA Compliance Should Matter to You

1. The HITECH Act and HIPAA Omnibus Rule have substantially increased civil penalties for non-compliance. The penalty cap for HIPAA violations was increased from $25,000/year to $1,500,000/year per violation. Willfully ignoring or failing to be compliant means mandatory investigations and penalties can be initiated by any complaint, breach, or discovered violation.

2. New Breach Notification rules will increase the number of HIPAA violations determined to be breaches. The HIPAA Omnibus Rule expands the definition of a breach and the consequences of failure to address it properly. Providing proper notification can trigger federal investigations and eventual fines and penalties.

3. The mandated deadline for new HIPAA compliance rules has already passed. All Covered Entities and Business Associates were required to update their HIPAA policies, procedures, forms, and Notices of Privacy Practices by September 23, 2013.

4. All Covered Entities must have documented policies and procedures regarding HIPAA compliance. Recently, a dermatology practice in Concord, MA, learned this lesson the hard way, getting slapped with a $150,000 fine for allowing the health information of just 2,200 individuals to be compromised via a stolen thumb drive. The company also had to incur the cost of implementing a corrective action plan to address Privacy, Security, and Breach Notification rules.

5. Business Associates are now required to be compliant with HIPAA Privacy and Security Rules. Business Associates will be held to that standard by Covered Entities, who are now responsible for ensuring their BAs are compliant.

6. While Meaningful Use incentives for Electronic Health Records (EHR) are optional, HIPAA compliance is not. If you manage Protected Health Information (PHI), you must comply with federal regulations or face substantial civil and criminal penalties. If a Covered Entity accepts Meaningful Use funding, a Security Risk Analyze is required — and any funding may have to be returned if adequate documentation is not provided upon request.

7. The Department of Human & Health Services’ (HHS) Office of Civil Rights (OCR) is expanding its Division of Health Information Privacy enforcement team. The federal bureau is stepping up hiring for HIPAA compliance activities calling for professionals with experience in privacy and security compliance and enforcement.

8. State Attorney Generals are getting involved in HIPAA enforcement. HHS has even posted HIPAA Enforcement Training for State Attorneys General agendas on its www.HHSHIPAASAGTraining.com website.

9. HIPAA compliance requires staff privacy and security training on a regular basis. All clinicians and medical staff that access PHI must be trained and re-trained on proper HIPAA procedures. Documentation of provided training is required to be kept for six years.

10. Protecting your practice means avoiding the HIPAA “Wall of Shame.” The list of health care organizations reporting major breaches and receiving substantial penalties is growing at an alarming rate. The details of these breaches are widely available to the general public — and widely reported in the media.