SlideShare a Scribd company logo
1 of 23
Download to read offline
864-200-2419
info@healthsecuritysolutions.com
HIPAA Q & A
With
Steve Spearman
&
Mary Pat Whaley
September 17, 2013
864-200-2419
info@healthsecuritysolutions.com
#1:#1: I am not quite sure what to ask, II am not quite sure what to ask, I
guess I should start with how is thisguess I should start with how is this
going to affect our practice and whatgoing to affect our practice and what
changes do I need to be aware of?changes do I need to be aware of?
864-200-2419
info@healthsecuritysolutions.com
Today’s QuestionsToday’s Questions
• Risk Analysis
• Notice of Privacy Practices (NPPs)
• Business Associate Agreements (BAAs)
• HIPAA Training & Policies/Procedures
864-200-2419
info@healthsecuritysolutions.com
Key Provisions of HIPAA OmnibusKey Provisions of HIPAA Omnibus
• Breach Notification
• BAAs and
Subcontractors
• Fundraising and
Marketing
• NPP Changes
• Hybrid Entity
treatment
• Deceased patients
• Immunization
Records release
• Concealment rule
864-200-2419
info@healthsecuritysolutions.com
#2:#2: Do you have a suggested or preferredDo you have a suggested or preferred
format/method for conducting andformat/method for conducting and
documenting a security risk analysis, sincedocumenting a security risk analysis, since
the OCR has not specified such? It is truly athe OCR has not specified such? It is truly a
large amount of documentation with solarge amount of documentation with so
many "moving" parts!many "moving" parts!
864-200-2419
info@healthsecuritysolutions.com
How to Conduct aHow to Conduct a
Security Risk AnalysisSecurity Risk Analysis
• NIST
– “Guidance on Risk Assessment
(NIST 800-30)
– SP 800-66 – Resource Guide for
Implementing HIPAA
• Audit Protocol – June 2012
• ONC Guide to Privacy and
Security of HIT
– Myths and Facts (p.11)
864-200-2419
info@healthsecuritysolutions.com
Security Risk Analysis Myths and FactsSecurity Risk Analysis Myths and Facts
Myths Facts
Optional for small providers No. All eligible providers (EP)
Installing a certified EHR is enough No. The risk analysis must look at all systems
with ePHI.
My EHR vendor is handling this No. EPs are solely responsible for the risk
analysis.
A checklist will suffice No. While useful, they are inadequate.
Only needs to look at EHR No. All IT assets processing, storing, accessing
ePHI.
I must outsource the risk analysis. No. You can conduct this yourself.
864-200-2419
info@healthsecuritysolutions.com
Meaningful Use and Risk AnalysisMeaningful Use and Risk Analysis
MEANINGFUL USE CRITERIA
#12 Provide patients with electronic copy of their health information upon request
#13 Provide clinical summaries for patients for each offic
# 14 Perform at least one test of certified EHR technica
#15 Conduct or review a Security Risk Analysis per 45 CFR
Conduct or review a
Security Risk Analysis
per 45 CFR 164.308 (a)(1)
and implement security
updates as necessary.
Conduct or review a
Security Risk Analysis
per 45 CFR 164.308 (a)(1)
and implement security
updates as necessary.
864-200-2419
info@healthsecuritysolutions.com
Copier/Scanner Hard DrivesCopier/Scanner Hard Drives
Cloud StorageCloud Storage
Patient Portal SecurityPatient Portal Security
Emailing Records to Patients/Emailing andEmailing Records to Patients/Emailing and
Texting With PatientsTexting With Patients
Best Encryption MethodBest Encryption Method
Employees Working From HomeEmployees Working From Home
Related Questions:Related Questions:
864-200-2419
info@healthsecuritysolutions.com
Special Offer for Attendees:Special Offer for Attendees:
Risk Analysis is the MOST overlooked provision of HIPAA - it is the first HIPAA
safeguard and is the last Meaningful Use Core Measure (will you have to give
your MU money back?)
The RAIAB includes 50-70 page Risk Analysis Report, customized HIPAA security
policies, security management plan, and security awareness posters. This is
everything a 2-provider/1-location needs!
A Great Value at $1,795! Find it in the Manage My Practice store.
864-200-2419
info@healthsecuritysolutions.com
#3:#3: What has changed with theWhat has changed with the
Notice of Privacy Practices (NPP)?Notice of Privacy Practices (NPP)?
Do I update the one I have or startDo I update the one I have or start
over with a new one?over with a new one?
864-200-2419
info@healthsecuritysolutions.com
Notice of Privacy Practices (NPP)Notice of Privacy Practices (NPP)
NPP Changes
•Types of uses requiring authorization:
– Psychotherapy notes
– Those that constitute a sale of PHI
– Anything not covered in YOUR NPP
•Fundraising right to opt out
•Right to restrict disclosure for OOP payments
•Right to be notified in the event of a breach
864-200-2419
info@healthsecuritysolutions.com
Sign-in SheetsSign-in Sheets
Releasing original records vs. all recordsReleasing original records vs. all records
Transporting charts in vehiclesTransporting charts in vehicles
Allowable/Non-allowable Records ReleaseAllowable/Non-allowable Records Release
Mail received by the wrong entityMail received by the wrong entity
Verbal permission vs. written permissionVerbal permission vs. written permission
Related Questions:Related Questions:
864-200-2419
info@healthsecuritysolutions.com
#4:#4: How do I know when I have to haveHow do I know when I have to have
a BAA? If I use an EHR vendor that has aa BAA? If I use an EHR vendor that has a
33rdrd
party provide part of the service, orparty provide part of the service, or
will my BAA with the vendor cover all 3will my BAA with the vendor cover all 3rdrd
parties?parties?
864-200-2419
info@healthsecuritysolutions.com
Business Associate AgreementsBusiness Associate Agreements
• Treatment of subcontractors
– Clarifies that they are BAs
– BAs must have BAA in place with
downstream vendors
864-200-2419
info@healthsecuritysolutions.com
Is the provider of off-site storage a BA?Is the provider of off-site storage a BA?
Are janitorial staff BAs?Are janitorial staff BAs?
Is Care Credit a BA?Is Care Credit a BA?
Related Questions:Related Questions:
864-200-2419
info@healthsecuritysolutions.com
#5: What type of HIPAA training is#5: What type of HIPAA training is
required for new employees and howrequired for new employees and how
often is HIPAA retraining required foroften is HIPAA retraining required for
all employees?*all employees?*
* Covered in more depth next month!
864-200-2419
info@healthsecuritysolutions.com
Security Training SafeguardsSecurity Training Safeguards
Security Awareness and Training
 Security Reminders (A)
 Protection from Malicious Software
(A)
 Log-in Monitoring (A)
 Password Management (A)
864-200-2419
info@healthsecuritysolutions.com
Is my existing HIPAA manual still usable?Is my existing HIPAA manual still usable?
What’s the best way to train employeesWhat’s the best way to train employees
on the new rules?on the new rules?
What policies need to be put in placeWhat policies need to be put in place
and how should employees sign off onand how should employees sign off on
them?them?
Related Questions:Related Questions:
864-200-2419
info@healthsecuritysolutions.com
#6: What are the first steps to#6: What are the first steps to
ensuring Best Practices for the HIPAAensuring Best Practices for the HIPAA
Omnibus Rules?Omnibus Rules?
864-200-2419
info@healthsecuritysolutions.com
Risk Assessment (internal or external)Risk Assessment (internal or external)
NPP (sample provided in Action Pack)NPP (sample provided in Action Pack)
BAA (sample provided in Action Pack)BAA (sample provided in Action Pack)
Training & PoliciesTraining & Policies
Action Plan:Action Plan:
864-200-2419
info@healthsecuritysolutions.com
October 15th
1:00 – 2:00 p.m. EST
Register Here!
NextNext FREEFREE HIPAA Webinar:HIPAA Webinar:
Mark your calendar today!
864-200-2419
info@healthsecuritysolutions.com
Contact Us!Contact Us!
Steve Spearman
sspearman@healthsecuritysolutions.com
864-200-2419
Mary Pat Whaley
marypat@managemypractice.com
919-370-0504
&

More Related Content

Recently uploaded

Male Infertility Panel Discussion by Dr Sujoy Dasgupta
Male Infertility Panel Discussion by Dr Sujoy DasguptaMale Infertility Panel Discussion by Dr Sujoy Dasgupta
Male Infertility Panel Discussion by Dr Sujoy DasguptaSujoy Dasgupta
 
power point presentation of Clinical evaluation of strabismus
power point presentation of Clinical evaluation  of strabismuspower point presentation of Clinical evaluation  of strabismus
power point presentation of Clinical evaluation of strabismusChandrasekar Reddy
 
MedMatch: Your Health, Our Mission. Pitch deck.
MedMatch: Your Health, Our Mission. Pitch deck.MedMatch: Your Health, Our Mission. Pitch deck.
MedMatch: Your Health, Our Mission. Pitch deck.whalesdesign
 
Mental health Team. Dr Senthil Thirusangu
Mental health Team. Dr Senthil ThirusanguMental health Team. Dr Senthil Thirusangu
Mental health Team. Dr Senthil Thirusangu Medical University
 
ORAL HYPOGLYCAEMIC AGENTS - PART 2.pptx
ORAL HYPOGLYCAEMIC AGENTS  - PART 2.pptxORAL HYPOGLYCAEMIC AGENTS  - PART 2.pptx
ORAL HYPOGLYCAEMIC AGENTS - PART 2.pptxNIKITA BHUTE
 
ayurvedic formulations herbal drug technologyppt
ayurvedic formulations herbal drug technologypptayurvedic formulations herbal drug technologyppt
ayurvedic formulations herbal drug technologypptPradnya Wadekar
 
How to cure cirrhosis and chronic hepatitis naturally
How to cure cirrhosis and chronic hepatitis naturallyHow to cure cirrhosis and chronic hepatitis naturally
How to cure cirrhosis and chronic hepatitis naturallyZurück zum Ursprung
 
Breast cancer -ONCO IN MEDICAL AND SURGICAL NURSING.pptx
Breast cancer -ONCO IN MEDICAL AND SURGICAL NURSING.pptxBreast cancer -ONCO IN MEDICAL AND SURGICAL NURSING.pptx
Breast cancer -ONCO IN MEDICAL AND SURGICAL NURSING.pptxNaveenkumar267201
 
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdf
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdfSGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdf
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdfHongBiThi1
 
BENIGN BREAST DISEASE
BENIGN BREAST DISEASE BENIGN BREAST DISEASE
BENIGN BREAST DISEASE Mamatha Lakka
 
Unit I herbs as raw materials, biodynamic agriculture.ppt
Unit I herbs as raw materials, biodynamic agriculture.pptUnit I herbs as raw materials, biodynamic agriculture.ppt
Unit I herbs as raw materials, biodynamic agriculture.pptPradnya Wadekar
 
Red Blood Cells_anemia & polycythemia.pdf
Red Blood Cells_anemia & polycythemia.pdfRed Blood Cells_anemia & polycythemia.pdf
Red Blood Cells_anemia & polycythemia.pdfMedicoseAcademics
 
PAIN/CLASSIFICATION AND MANAGEMENT OF PAIN.pdf
PAIN/CLASSIFICATION AND MANAGEMENT OF PAIN.pdfPAIN/CLASSIFICATION AND MANAGEMENT OF PAIN.pdf
PAIN/CLASSIFICATION AND MANAGEMENT OF PAIN.pdfDolisha Warbi
 
Bulimia nervosa ( Eating Disorders) Mental Health Nursing.
Bulimia nervosa ( Eating Disorders) Mental Health Nursing.Bulimia nervosa ( Eating Disorders) Mental Health Nursing.
Bulimia nervosa ( Eating Disorders) Mental Health Nursing.aarjukhadka22
 
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptxANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptxWINCY THIRUMURUGAN
 
"Radical excision of DIE in subferile women with deep infiltrating endometrio...
"Radical excision of DIE in subferile women with deep infiltrating endometrio..."Radical excision of DIE in subferile women with deep infiltrating endometrio...
"Radical excision of DIE in subferile women with deep infiltrating endometrio...Sujoy Dasgupta
 

Recently uploaded (20)

Male Infertility Panel Discussion by Dr Sujoy Dasgupta
Male Infertility Panel Discussion by Dr Sujoy DasguptaMale Infertility Panel Discussion by Dr Sujoy Dasgupta
Male Infertility Panel Discussion by Dr Sujoy Dasgupta
 
power point presentation of Clinical evaluation of strabismus
power point presentation of Clinical evaluation  of strabismuspower point presentation of Clinical evaluation  of strabismus
power point presentation of Clinical evaluation of strabismus
 
MedMatch: Your Health, Our Mission. Pitch deck.
MedMatch: Your Health, Our Mission. Pitch deck.MedMatch: Your Health, Our Mission. Pitch deck.
MedMatch: Your Health, Our Mission. Pitch deck.
 
Mental health Team. Dr Senthil Thirusangu
Mental health Team. Dr Senthil ThirusanguMental health Team. Dr Senthil Thirusangu
Mental health Team. Dr Senthil Thirusangu
 
ORAL HYPOGLYCAEMIC AGENTS - PART 2.pptx
ORAL HYPOGLYCAEMIC AGENTS  - PART 2.pptxORAL HYPOGLYCAEMIC AGENTS  - PART 2.pptx
ORAL HYPOGLYCAEMIC AGENTS - PART 2.pptx
 
ayurvedic formulations herbal drug technologyppt
ayurvedic formulations herbal drug technologypptayurvedic formulations herbal drug technologyppt
ayurvedic formulations herbal drug technologyppt
 
How to cure cirrhosis and chronic hepatitis naturally
How to cure cirrhosis and chronic hepatitis naturallyHow to cure cirrhosis and chronic hepatitis naturally
How to cure cirrhosis and chronic hepatitis naturally
 
Breast cancer -ONCO IN MEDICAL AND SURGICAL NURSING.pptx
Breast cancer -ONCO IN MEDICAL AND SURGICAL NURSING.pptxBreast cancer -ONCO IN MEDICAL AND SURGICAL NURSING.pptx
Breast cancer -ONCO IN MEDICAL AND SURGICAL NURSING.pptx
 
How to master Steroid (glucocorticoids) prescription, different scenarios, ca...
How to master Steroid (glucocorticoids) prescription, different scenarios, ca...How to master Steroid (glucocorticoids) prescription, different scenarios, ca...
How to master Steroid (glucocorticoids) prescription, different scenarios, ca...
 
Immune labs basics part 1 acute phase reactants ESR, CRP Ahmed Yehia Ismaeel,...
Immune labs basics part 1 acute phase reactants ESR, CRP Ahmed Yehia Ismaeel,...Immune labs basics part 1 acute phase reactants ESR, CRP Ahmed Yehia Ismaeel,...
Immune labs basics part 1 acute phase reactants ESR, CRP Ahmed Yehia Ismaeel,...
 
Rheumatoid arthritis Part 1, case based approach with application of the late...
Rheumatoid arthritis Part 1, case based approach with application of the late...Rheumatoid arthritis Part 1, case based approach with application of the late...
Rheumatoid arthritis Part 1, case based approach with application of the late...
 
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdf
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdfSGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdf
SGK RỐI LOẠN KALI MÁU CỰC KỲ QUAN TRỌNG.pdf
 
BENIGN BREAST DISEASE
BENIGN BREAST DISEASE BENIGN BREAST DISEASE
BENIGN BREAST DISEASE
 
Unit I herbs as raw materials, biodynamic agriculture.ppt
Unit I herbs as raw materials, biodynamic agriculture.pptUnit I herbs as raw materials, biodynamic agriculture.ppt
Unit I herbs as raw materials, biodynamic agriculture.ppt
 
Red Blood Cells_anemia & polycythemia.pdf
Red Blood Cells_anemia & polycythemia.pdfRed Blood Cells_anemia & polycythemia.pdf
Red Blood Cells_anemia & polycythemia.pdf
 
PAIN/CLASSIFICATION AND MANAGEMENT OF PAIN.pdf
PAIN/CLASSIFICATION AND MANAGEMENT OF PAIN.pdfPAIN/CLASSIFICATION AND MANAGEMENT OF PAIN.pdf
PAIN/CLASSIFICATION AND MANAGEMENT OF PAIN.pdf
 
GOUT UPDATE AHMED YEHIA 2024, case based approach with application of the lat...
GOUT UPDATE AHMED YEHIA 2024, case based approach with application of the lat...GOUT UPDATE AHMED YEHIA 2024, case based approach with application of the lat...
GOUT UPDATE AHMED YEHIA 2024, case based approach with application of the lat...
 
Bulimia nervosa ( Eating Disorders) Mental Health Nursing.
Bulimia nervosa ( Eating Disorders) Mental Health Nursing.Bulimia nervosa ( Eating Disorders) Mental Health Nursing.
Bulimia nervosa ( Eating Disorders) Mental Health Nursing.
 
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptxANATOMICAL FAETURES OF BONES  FOR NURSING STUDENTS .pptx
ANATOMICAL FAETURES OF BONES FOR NURSING STUDENTS .pptx
 
"Radical excision of DIE in subferile women with deep infiltrating endometrio...
"Radical excision of DIE in subferile women with deep infiltrating endometrio..."Radical excision of DIE in subferile women with deep infiltrating endometrio...
"Radical excision of DIE in subferile women with deep infiltrating endometrio...
 

HIPAA Question & Answer Session (September 2013)

  • 1. 864-200-2419 info@healthsecuritysolutions.com HIPAA Q & A With Steve Spearman & Mary Pat Whaley September 17, 2013
  • 2. 864-200-2419 info@healthsecuritysolutions.com #1:#1: I am not quite sure what to ask, II am not quite sure what to ask, I guess I should start with how is thisguess I should start with how is this going to affect our practice and whatgoing to affect our practice and what changes do I need to be aware of?changes do I need to be aware of?
  • 3. 864-200-2419 info@healthsecuritysolutions.com Today’s QuestionsToday’s Questions • Risk Analysis • Notice of Privacy Practices (NPPs) • Business Associate Agreements (BAAs) • HIPAA Training & Policies/Procedures
  • 4. 864-200-2419 info@healthsecuritysolutions.com Key Provisions of HIPAA OmnibusKey Provisions of HIPAA Omnibus • Breach Notification • BAAs and Subcontractors • Fundraising and Marketing • NPP Changes • Hybrid Entity treatment • Deceased patients • Immunization Records release • Concealment rule
  • 5. 864-200-2419 info@healthsecuritysolutions.com #2:#2: Do you have a suggested or preferredDo you have a suggested or preferred format/method for conducting andformat/method for conducting and documenting a security risk analysis, sincedocumenting a security risk analysis, since the OCR has not specified such? It is truly athe OCR has not specified such? It is truly a large amount of documentation with solarge amount of documentation with so many "moving" parts!many "moving" parts!
  • 6. 864-200-2419 info@healthsecuritysolutions.com How to Conduct aHow to Conduct a Security Risk AnalysisSecurity Risk Analysis • NIST – “Guidance on Risk Assessment (NIST 800-30) – SP 800-66 – Resource Guide for Implementing HIPAA • Audit Protocol – June 2012 • ONC Guide to Privacy and Security of HIT – Myths and Facts (p.11)
  • 7. 864-200-2419 info@healthsecuritysolutions.com Security Risk Analysis Myths and FactsSecurity Risk Analysis Myths and Facts Myths Facts Optional for small providers No. All eligible providers (EP) Installing a certified EHR is enough No. The risk analysis must look at all systems with ePHI. My EHR vendor is handling this No. EPs are solely responsible for the risk analysis. A checklist will suffice No. While useful, they are inadequate. Only needs to look at EHR No. All IT assets processing, storing, accessing ePHI. I must outsource the risk analysis. No. You can conduct this yourself.
  • 8. 864-200-2419 info@healthsecuritysolutions.com Meaningful Use and Risk AnalysisMeaningful Use and Risk Analysis MEANINGFUL USE CRITERIA #12 Provide patients with electronic copy of their health information upon request #13 Provide clinical summaries for patients for each offic # 14 Perform at least one test of certified EHR technica #15 Conduct or review a Security Risk Analysis per 45 CFR Conduct or review a Security Risk Analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary. Conduct or review a Security Risk Analysis per 45 CFR 164.308 (a)(1) and implement security updates as necessary.
  • 9. 864-200-2419 info@healthsecuritysolutions.com Copier/Scanner Hard DrivesCopier/Scanner Hard Drives Cloud StorageCloud Storage Patient Portal SecurityPatient Portal Security Emailing Records to Patients/Emailing andEmailing Records to Patients/Emailing and Texting With PatientsTexting With Patients Best Encryption MethodBest Encryption Method Employees Working From HomeEmployees Working From Home Related Questions:Related Questions:
  • 10. 864-200-2419 info@healthsecuritysolutions.com Special Offer for Attendees:Special Offer for Attendees: Risk Analysis is the MOST overlooked provision of HIPAA - it is the first HIPAA safeguard and is the last Meaningful Use Core Measure (will you have to give your MU money back?) The RAIAB includes 50-70 page Risk Analysis Report, customized HIPAA security policies, security management plan, and security awareness posters. This is everything a 2-provider/1-location needs! A Great Value at $1,795! Find it in the Manage My Practice store.
  • 11. 864-200-2419 info@healthsecuritysolutions.com #3:#3: What has changed with theWhat has changed with the Notice of Privacy Practices (NPP)?Notice of Privacy Practices (NPP)? Do I update the one I have or startDo I update the one I have or start over with a new one?over with a new one?
  • 12. 864-200-2419 info@healthsecuritysolutions.com Notice of Privacy Practices (NPP)Notice of Privacy Practices (NPP) NPP Changes •Types of uses requiring authorization: – Psychotherapy notes – Those that constitute a sale of PHI – Anything not covered in YOUR NPP •Fundraising right to opt out •Right to restrict disclosure for OOP payments •Right to be notified in the event of a breach
  • 13. 864-200-2419 info@healthsecuritysolutions.com Sign-in SheetsSign-in Sheets Releasing original records vs. all recordsReleasing original records vs. all records Transporting charts in vehiclesTransporting charts in vehicles Allowable/Non-allowable Records ReleaseAllowable/Non-allowable Records Release Mail received by the wrong entityMail received by the wrong entity Verbal permission vs. written permissionVerbal permission vs. written permission Related Questions:Related Questions:
  • 14. 864-200-2419 info@healthsecuritysolutions.com #4:#4: How do I know when I have to haveHow do I know when I have to have a BAA? If I use an EHR vendor that has aa BAA? If I use an EHR vendor that has a 33rdrd party provide part of the service, orparty provide part of the service, or will my BAA with the vendor cover all 3will my BAA with the vendor cover all 3rdrd parties?parties?
  • 15. 864-200-2419 info@healthsecuritysolutions.com Business Associate AgreementsBusiness Associate Agreements • Treatment of subcontractors – Clarifies that they are BAs – BAs must have BAA in place with downstream vendors
  • 16. 864-200-2419 info@healthsecuritysolutions.com Is the provider of off-site storage a BA?Is the provider of off-site storage a BA? Are janitorial staff BAs?Are janitorial staff BAs? Is Care Credit a BA?Is Care Credit a BA? Related Questions:Related Questions:
  • 17. 864-200-2419 info@healthsecuritysolutions.com #5: What type of HIPAA training is#5: What type of HIPAA training is required for new employees and howrequired for new employees and how often is HIPAA retraining required foroften is HIPAA retraining required for all employees?*all employees?* * Covered in more depth next month!
  • 18. 864-200-2419 info@healthsecuritysolutions.com Security Training SafeguardsSecurity Training Safeguards Security Awareness and Training  Security Reminders (A)  Protection from Malicious Software (A)  Log-in Monitoring (A)  Password Management (A)
  • 19. 864-200-2419 info@healthsecuritysolutions.com Is my existing HIPAA manual still usable?Is my existing HIPAA manual still usable? What’s the best way to train employeesWhat’s the best way to train employees on the new rules?on the new rules? What policies need to be put in placeWhat policies need to be put in place and how should employees sign off onand how should employees sign off on them?them? Related Questions:Related Questions:
  • 20. 864-200-2419 info@healthsecuritysolutions.com #6: What are the first steps to#6: What are the first steps to ensuring Best Practices for the HIPAAensuring Best Practices for the HIPAA Omnibus Rules?Omnibus Rules?
  • 21. 864-200-2419 info@healthsecuritysolutions.com Risk Assessment (internal or external)Risk Assessment (internal or external) NPP (sample provided in Action Pack)NPP (sample provided in Action Pack) BAA (sample provided in Action Pack)BAA (sample provided in Action Pack) Training & PoliciesTraining & Policies Action Plan:Action Plan:
  • 22. 864-200-2419 info@healthsecuritysolutions.com October 15th 1:00 – 2:00 p.m. EST Register Here! NextNext FREEFREE HIPAA Webinar:HIPAA Webinar: Mark your calendar today!
  • 23. 864-200-2419 info@healthsecuritysolutions.com Contact Us!Contact Us! Steve Spearman sspearman@healthsecuritysolutions.com 864-200-2419 Mary Pat Whaley marypat@managemypractice.com 919-370-0504 &