|
Week 1 February 11, 2011
160.203 - State Law Preemption
160.204 - Exceptions to Preemption
160.310 - Record keeping and access
Summary:
State Law Preemption
HIPAA gave the HHS authority to regulate standards with respect to the privacy of individually identifiable health information when State law imposes more stringent standards.
Federal law preempts State law when preemption is the clear and manifest purpose of Congress. In instances where the purpose of Congress is not clear, only the judicial branch of government can determine whether a federal law preempts a State law under the Supremacy Clause.
This training schedule will discuss how to help lead Covered Entities and Business Associates in the direction towards complying with HIPAA law when state laws are unclear or promote a more stringent set of requirements.
In addition to the State Law Preemptions we will be discussing the Covered Entities responsibility to provide the appropriate records and compliance reports to ultimately set the president for tracking HIPAA compliance requirements hence the reason why HIPAA Sections 160.302, 160.204, 160.310 are the first sections in the SecureGRC SB Self-Assessment.
Further discussion will focus on the SB Self-Assessment Requirements and how to respond to questions regarding State Law and other Exceptions
|
|
Week 2 February 18, 2011
Assessment Analysis & Reporting
How to make a HROC
Summary:
Not to be confused with the HIPAA specific requirements to enable security management procedures for report on the confidentiality and integrity of patient health information which must exist in every Covered Entities infrastructure in order to protect against "attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations". This session will focus on the analysis and reporting abilities found within SecureGRC SB and how to build a final deliverable based on the review of the gap reporting mechanism. Using the SecureGRC SB reporting methodology we will demonstrate how to build and customize a final deliverable more commonly known as a HROC (HIPAA Report On Compliance)
|
|
Week 3 February 25, 2011
Data Backup Plan
Disaster Recovery Plan
Emergency Mode Operation Plan
Testing and Revision Procedure
Summary:
This session will discuss a critical aspect of the HIPAA ruling around Data Protection the required backup methodologies and incident response plans to be implemented to ensure the security and confidentiality of patient records. Health care providers who engage in electronic transactions must observe privacy safeguards to restrict the use and disclosure of individually identifiable health information as well as providing sufficient evidence that data and supporting operations can be restored to a functioning order in case of a disaster.
We will be reviewing SecureGRC's (164.308 -Assessing Availability Risks) ability to assess an infrastructures ability to meet the Data Backup and Recovery Requirements and pin point areas of focus for additional support and remediation
164.308 -Assessing Availability Risks
|
|
Week 4 March 4, 2011
164.504 -Business Associate
This week's discussion will review the HIPAA requirements for Covered Entities to adequately secure patient information when disclosed and how to affectively use SecureGRC SB to focus on areas of potential weakness. Additionally we will be discussing the Business Associate Contracts and proof of compliance requirements and how SecureGRC SB can be used to collect and store this information to meet compliance requirement and further reference for new business propositions.
HIPAA Business Associate Requirements
SecureGRC SB Business Associate Data Collection Process
|
|
Week 6 March 18, 2011
164.308a2 - Assigned Security Responsibility (Security Officer)
164.308a6 - Security Incident Procedures - Response and Reporting
|
|
Week 7 March 25, 2011
164.310 - Identifying Physical Safeguards
|
|
Week 8 April 1, 2011
164.312 - Identifying Technical Safeguards
|
|
Week 9 April 8, 2011
Applications and Data Criticality Analysis
|
|
Week 10 April 15, 2011
164.502a - Use and disclosures of PHI
164.502j - Release by whistleblowers
164.506 - Patient Consent Form
164.508 - Authorization Requirements - Patients Form
164.512 - Release without consent or authorization
|
|
Week 11 April 29, 2011
162.920 - Transaction Standards
|
|
Week 12 May 6, 2011
162.1000 - Standards for Electronic Transactions: Code Sets
|
|
Week13 May 13, 2011
Transaction Code Sets Part 2
|
|
Week14 June 24, 2011
11.00 Physical Safeguards Advanced
|
|
Week15 July 1, 2011
11.01 Physical Safeguards Advanced
|
|
Week16 July 15, 2011
Reporting and HROC Creation
|
|
Week17 August 11, 2011
How to Expand Channel Partners Presence in the Healthcare Vertical
|
|
Week18 August 18, 2011
SecureGRC Technical Training HIPAA 101-Part 2
|
|
Week23 September 23,2011
Channel Product Training Webinar
|
|
Week 25 October 07,2011
eGestalt training Webinar made easy
|
|
Week 27 October 21,2011
The HIPAA Umbrella Securing an Organization
|
|
Week 32 November 30,2011
HIPAA_HITECH Compliance How to effectively manage the security & compliance status for your business associates & subcontractors
|
|
Week 34 December 21,2011
HIPAA_HITECH Compliance How to effectively manage the security & compliance status for your business associates & subcontractors
|
|
Week 37 January 8,2012
eGestalt Sales Webinar - Partner Open Discussion
|
