Conference Details

Event Categories

Browse C5 Companies

C5 Group
www.C5groupinc.com

Canadian Institute
www.canadianinstitute.com

C5 (UK)
www.C5-online.com
ACI : 2012 : Health Care Information Privacy and Security Forum : Workshops

Health Care Information Privacy and Security Forum

Monday, December 05 to Tuesday, December 06, 2011
Union League, Philadelphia, PA

INTERACTIVE TRAINING SESSION

Monday, December 5, 2011 • 8:30 am -11:30 am
(Registration opens at 7:15 am – Continental Breakfast Will Be Served)

A HIPAA and HITECH Boot Camp: Intensive Training in Privacy and Security Essentials for Health Care Professionals

Linn Foster Freedman
Partner, Leader, Privacy & Data Protection Group
Chair, HIPAA Compliance Group, Chair, (HIT) Team Nixon Peabody LLP(Providence, RI)

Edward A. Sturchio, Jr.
Counsel
Day Pitney LLP(Parsippany, NJ)

This hands-on workshop will provide you with an in-depth review of health care privacy and security essentials under HIPAA and HITECH. The workshop leaders will lay the necessary foundation for you to comprehend thoroughly the dynamics of the privacy and security backdrop underlying the topics explored in the main conference. They will help you fully appreciate the complexities of the privacy and security conundrums facing the health care industry today as we enter the age of electronic health information.

  • HIPAA and HITECH overview
    • exploring HIPAA privacy rules and later adoption of security rules
    • the role of HITECH under ARRA and its further amendment of the HIPAA privacy and security rules
      • transforming privacy guidelines designed for paper records to electronic records
      • electronic protected health information (e-PHI)
  • Analyzing HITECH in the context of the privacy of electronic health records (EHRs)
    • examining the role of privacy in the fi rst phase of “meaningful use” under HITECH
  • Understanding what health care information is protected under HIPAA
    • disclosures
    • exceptions
    • accountings – draft Accounting of Disclosures rule
  • Privacy of health information vs. security of health information
    • what is required?
    • risk analysis
  • Identifying HIPAA covered entities
  • Defi ning and redefi ning business associates
    • expansion of definition under HITECH
  • Breach
    • protection and remedial measures
  • Liabilities
    • civil
    • criminal
  • Reconciling federal privacy and security requirements under HIPAA and HITECH with various state law privacy and security requirements

INTERACTIVE STRATEGY SESSION

Tuesday, December 6, 2011 2:00 pm – 5:00 pm
(Registration opens at 1:30 pm)

B Working Group on Auditing, Updating and Perfecting Your Existing HIPAA / HITECH Privacy and Security Compliance Program

Carole A. Klove, RN, JD, CHRC
Special Projects
UCSF Medical Center(San Francisco, CA)

Frank Price
Vice President, Global Information Security
Medco Health Solutions(Montvale, NJ)

Frances Rao, CIPP, CIPP/G
Vice President, Compliance and Ethics
Medco Health Solutions(Montvale, NJ)

With the anticipated release of the Final Omnibus HIPAA Privacy Rule, it is imperative that you audit your current HIPAA and HITECH Security and Compliance program so that it can be easily reconciled with any amendments that this Rule may make to existing regulation. However, your work does not end with the Final Rule’s release. Provisions must also be made for the future release of the Final Accounting of Disclosures Rule, not to mention breach alerts for the age of social media and other key privacy and security measures. This is all the more apparent through Section 13411 of the HITECH Act which specifi cally requires HHS to conduct periodic compliance audits of both HIPAA covered-entities and business associates.Auditing of your HIPAA and HITECH privacy program is an ongoing and dynamic process by which your system is constantly updated and perfected. Our panel of compliance experts will help you develop and streamline practical and real world techniques for what may appear to be a daunting task. Points of discussion include:

  • Preparing for OCR audits
    • OCR HIPAA Audit Candidate Identification
    • covered entity and business associate audits
  • Using risk management principles to effectively audit your existing HIPAA and HITECH privacy and security program
    • relationship between risk management and “meaningful use” achievement under HITECH
  • Improving your existing audit program through the incorporation of innovative risk management techniques
    • accounting for the human element in addition to HIT systems
  • Ensuring system flexibility for reconciliation with new privacy and security requirements
  • Benchmarking your privacy and security program against industry standards and state and federal government requirements
  • Keeping track of business associate and other third party activities that may expose you to breach risks
  • Developing strategies for managing and minimizing identified risks, including known breach risks
    • social media vs. traditional media provisions
  • Safeguarding against unforeseen, undefined risks and breaches
  • Testing security systems
    • evaluating current encryption program or the need for an encryption program
  • Identifying and isolating program weaknesses for correct