Purchase any WEBINAR and get
Validity : 25th Sep'23 to 05th Oct'23
One of the major requirements of the health care organization to be HIPAA compliant is to develop and implement a set of HIPAA privacy and security policies and procedures. This can be a daunting task for those not knowing where to start and what a set of HIPAA privacy and security policies and procedures should look like. For the cost conscious health care organization, the HIPAA policies and procedures can have multiple uses: first, they can become a basis for training the health care organization workforce; second, they can be used as a basis for conducting a HIPAA self-assessment; and third, they can be used to demonstrate due diligence should there be a breach or an external HIPAA compliance audit.
In today’s world it is not necessary that the health care organization spend significant funds to develop a set of HIPAA privacy and security policies and procedures from scratch. The health care organization can likely find templates on the internet that can be used as a starting point to customize HIPAA policies and procedures to be unique for the health care organization.
The preparation of a well-documented set of HIPAA policies and procedures needs to be addressed through the development of Privacy and Security policies and procedures that address each of the requirements shown in the HIPAA regulations as amended by the HITECH law and the final Omnibus Regulations. The process of developing the HIPAA privacy and security policies and procedures also provides a reference for the health care organization how to consider the security addressable and required regulation requirements.
There are three situations where having a set of HIPAA policies and procedures are needed:
First, the policies and procedures become a good reference to ensure that all areas are addressed for becoming HIPAA compliant.
Second, the HIPAA regulations REQUIRE covered entities and business associates to have a set of policies and procedures directing the workforce to perform their tasks in a controlled environment. Having a set of policies and procedures is positive evidence of the health care organization exercising due diligence.
Third, if there is a breach, the health care organization needs to demonstrate that it has proactively implemented a comprehensive set of HIPAA policies and procedures to keep any penalties to a minimum.
Jim Wener has over 50 years of experience in assisting health care organizations – both providers and payers- in identifying their automation requirements and helping these organizations select and successfully implement the automation most applicable for their needs. Since 1996 he has been an active lecturer, trainer and HIPAA assessment consultant helping a variety of health care providers (hospitals, payers, clinics and individual physician practitioners) become HIPAA compliant. He developed the IBM HIPAA assessment and training products for their consulting practice. Mr. Wener is a certified HIPAA consultant and has authored articles regarding various topics on the subject. His HIPAA consulting practice offers full HIPAA Assessments, comprehensive HIPAA privacy and security consulting tools, practice walkthrough assessment tools, a full set of HIPAA privacy and security policy and procedures templates, training presentations and a breach mitigation tool – all geared and used by small and large health care organizations. Mr. Wener has also performed as an expert witness on behalf of both plaintiffs and defendants in HIPAA breach litigation matters.