Day 1
|
Lesson 1: HIPAA Fundamentals |
|
|
| |
• HIPAA Basics |
|
|
| |
• HIPAA’s Administrative Simplification
Title |
|
|
| |
• HIPAA Penalties |
|
|
| |
• HIPAA-Related Organizations |
|
|
| |
|
• Covered Entity |
|
|
| |
|
• Health Plan |
|
|
| |
|
• Clearinghouse |
|
|
| |
|
• Health Care Provider |
|
|
| |
|
• Business Associates |
|
|
| |
|
• Trading Partner Agreement |
|
|
| |
|
• Workforce |
|
|
| |
|
• Organized Health Care Arrangement |
|
|
| |
|
• UMO |
|
|
| |
|
|
|
|
Day 2
|
Lesson 2: HIPAA Transactions, Code Sets
and Identifiers |
|
|
| |
• Transactions |
|
|
| |
|
• Impacted Health Care Transactions |
|
|
| |
|
• Target Entities |
|
|
| |
|
• Scope |
|
|
| |
|
• Penalties |
|
|
| |
|
• ASCA |
|
|
| |
• ANSI ASC X12 Standard |
|
|
| |
|
• Transaction Type 270 |
|
|
| |
|
• Transaction Type 271 |
|
|
| |
|
• Transaction Type 276 |
|
|
| |
|
• Transaction Type 277 |
|
|
| |
|
• Transaction Type 278 Request and Response |
|
|
| |
|
• Transaction Type 820 |
|
|
| |
|
• Transaction Type 834 |
|
|
| |
|
• Transaction Type 835 |
|
|
| |
|
• Transaction Type 837 - Professional |
|
|
| |
|
• Transaction Type 837 - Institute |
|
|
| |
|
• Transaction Type 837 - Dental |
|
|
| |
• HIPAA Code Sets |
|
|
| |
|
• ICD-9-CM Volumes 1 and 2 |
|
|
| |
|
• CPT-4 |
|
|
| |
|
• CDT |
|
|
| |
|
• ICD-9-CM Volume 3 |
|
|
| |
|
• NDC |
|
|
| |
|
• HCPC |
|
|
| |
• HIPAA National Health Care Identifiers |
|
|
| |
|
• Provider Identifier |
|
|
| |
|
• Employer Identifier |
|
|
| |
|
• Health Plan Identifier |
|
|
| |
|
• Individual Identifier |
|
|
| |
|
|
|
|
Day 3
|
Lesson 3: HIPAA Privacy Rule |
|
|
| |
• Introduction |
|
|
| |
|
• Who is Impacted? |
|
|
| |
|
• Scope |
|
|
| |
|
• Exceptions |
|
|
| |
|
• Timeline |
|
|
| |
• Key Definitions |
|
|
| |
|
• IIHI |
|
|
| |
|
• PHI |
|
|
| |
|
• Deidentified Information |
|
|
| |
|
• Use |
|
|
| |
|
• Disclosure |
|
|
| |
|
• Treatment |
|
|
| |
|
• Payment |
|
|
| |
|
• Health Care Operations |
|
|
| |
• Notice Requirement |
|
|
| |
|
• Core Elements |
|
|
| |
|
• Changes to a Notice |
|
|
| |
|
• First Interaction |
|
|
| |
|
|
|
Day 4
|
Lesson 3: HIPAA Privacy Rule (Contd.) |
|
|
| |
• Authorization Requirement |
|
|
| |
|
• Core Data Elements and Required Statements |
|
|
| |
|
• Defective Authorizations |
|
|
| |
|
• Revocations |
|
|
| |
• Key Parties Impacted |
|
|
| |
• Minimum Necessary |
|
|
| |
• Oral Communications |
|
|
| |
• Health-Related Communications and
Marketing |
|
|
| |
• Research |
|
|
| |
|
|
|
|
Day 5
|
Lesson 4: HIPAA Security Rule |
|
|
| |
• Threats |
|
|
| |
• Definition and Terminology |
|
|
| |
|
• Security |
|
|
| |
|
• Security Services |
|
|
| |
|
• Security Mechanisms |
|
|
| |
• Security Rules |
|
|
| |
|
• Categories of Safeguards |
|
|
| |
|
• Implementation Specifications |
|
|
| |
|
• Approach and Philosophy |
|
|
| |
|
• Security Principles |
|
|
| |
• Administrative Safeguards |
|
|
| |
• Physical Safeguards |
|
|
| |
• Technical Safeguards |
|
|
| |
• Organizational Requirements |
|
|
| |
• Policies and Procedures, and Documentation
Standards |
|
|
| |
• Electronic Signatures (proposed
rule) |
|
|
| |
|
|
|
|
Day 6
|
Lesson 5: Crafting a Plan (Getting Started) |
|
|
| |
• HIPAA and e-Business |
|
|
| |
|
• Developing a Compliance Strategy |
|
|
| |
• Planning for Privacy Compliance |
|
|
| |
|
• Key Privacy Policy Documents |
|
|
| |
|
• PHI Data Exchange Scenarios |
|
|
| |
|
• Privacy Officer Responsibilities |
|
|
| |
|
• Addressing Business Associates |
|
|
| |
|
• Releasing PHI to Third Parties |
|
|
| |
• Planning for Security Compliance |
|
|
| |
|
• Security Manager Job Description |
|
|
| |
|
• Establishing the Security Compliance Framework |
|
|
| |
• Possible Framework for Compliance |
|
|
| |
|
• Step 1: Training and Awareness |
|
|
| |
|
• Step 2: Security Assessment |
|
|
| |
|
• Step 3: Business Risk Analysis |
|
|
| |
|
• Step 4: Implementation |
|
|
| |
|
• Step 5: Auditing and Enforcement |
|
|
