Purchase any WEBINAR and get
10% Off
CODE: SAVE10
T&C applicable, please referFAQ
Validity : 20th Apr'24 to 30th Apr'24
Must Have Features in a HIPAA Compliance Tracking System
- Definition of a CTS
- Various ways that a CTS can be implemented
- CTS solutions that need to break the bank
- Must have features of a CTS
- A CTS—the embodiment of a “single version of truth” with respect to visible, demonstrable, evidence of compliance
Overview of the webinar
This seminar will cover the must have features that a CTS must possess in order adequate fulfill its mission within your organization. The following is a brief summary of the kinds of information that need to be tracked for enumerated list of stakeholders:
(1) Patients—tracking patient information involves much more than simply tracking their PHI; a CTS must help your organization track artifacts such as: (a) authorization requests; (b) restriction requests; (c) notice of privacy practices; (d) requests for access to PHI; (e) requests for amendments to PHI; and (f) requests for accounting for disclosures;
(2) Business Associates—the information that needs to be tracked for business associates encompasses significantly more that business associate contracts. It encompasses everything that your organization has reviewed to obtain “satisfactory assurances” that your business associates are complying with applicable law. This includes, but is not limited to, tracking business associates policies, procedures, risk assessments, security incidents, etc.
(3) Workforce—tracking your workforce means capturing results that they have read and signed off on policies, have been trained on the appropriate HIPAA Rules (i.e. Privacy, Security & Breach Notification), are sanctioned appropriate where required, register their personal devices according to you Mobile Device initiative, etc.
(4) Security Incidents—this is so fundamental to your HIPAA initiative that it often goes overlooked. If I were functioning in the capacity of an auditor this is likely the first question I would ask? Why? Because it is a natural lead into other aspects of the Security Rule that your organization is likely not performing consistent with the Rules. I would want to see you Security Incident Log; recently analyzed incidents; evidence of Security Reminders, etc.
(5) Security Reminders—something relatively easy to do yet often not done, or if done, not captured. The Security Rule requires that your organization periodically send out Security Reminders. These might include reminders about changing passwords; not storing PHI locally; latest phishing schemes. There are numerous Internet resources that can provide you timely updates; you just need to ensure that the get disseminated within your organization.
(6) Risk Assessments & Remediations—you simply cannot comply with the Security Rule unless your organization consistently performs Risk Assessments. The threat landscape is changing much too fast for a Risk Assessment to be a “set and forget” one-time project. We recommend that you perform/track Risk Assessments at a minimum at least once a year, with the best practice being once a quarter. Further, it should be clear that the real value of a Risk Assessment is not in this pure analytical step, but rather in actually performing the remediations discovered therein.
(7) Reporting—this category has to do with the old adage that “you can manage what you don’t measure. One sure fire indicator that your organization is not measuring the correct metrics is that you are not reporting on same. Again, as an auditor, I am going to want to see reporting on a whole “laundry list” metrics that you are likely not capturing today.
Who should attend?
- HIPAA Privacy Officer
- HIPAA Security Officer
- HIPAA Compliance Officer
Why should you attend?
You should attend this session if you want to understand why having a Compliance Tracking System (“CTS”) is a mission-critical component of your HIPAA initiative. Compliance is an iterative process. Simply having policies and procedures in place, although necessary, is woefully insufficient with respect to demonstrating process due diligence over time. In addition to providing assistance in the creation and management of policies and procedures, a CTS must also allow an organization to manage its compliance processes in order to demonstrate that it is capturing visible, demonstrable evidence of process results to interested stakeholders (e.g. HHS and other stakeholders).
Faculty - Mr.Carlos Leyva
Carlos Leyva's combination of legal, business, healthcare, and technology experience allows him to collaborate with clients as a trusted adviser, one that understands their legal challenges not as a knowledgeable outsider would, but rather because he has often been in their shoes. Carlos, in addition to being Managing Shareholder of The Digital Business Law Group, PA., is also CEO of 3Lions Publishing, Inc., an online new media company that publishes the HIPAA Survival Guide, one of the most authoritative healthcare regulatory compliance sites on the Internet.