Day 1
|
Lesson 1: HIPAA Fundamentals |
| |
• HIPAA Basics |
| |
• HIPAA’s Administrative Simplification
Title |
| |
• HIPAA Penalties |
| |
• HIPAA-Related Organizations |
| |
|
• Covered Entity |
| |
|
• Health Plan |
| |
|
• Clearinghouse |
| |
|
• Health Care Provider |
| |
|
• Business Associates |
| |
|
• Trading Partner Agreement |
| |
|
• Workforce |
| |
|
• Organized Health Care Arrangement |
| |
|
• UMO |
| |
|
|
Lesson 2: HIPAA Transactions, Code Sets
and Identifiers |
| |
• Transactions |
| |
|
• Impacted Health Care Transactions |
| |
|
• Target Entities |
| |
|
• Scope |
| |
|
• Penalties |
| |
|
• ASCA |
| |
• ANSI ASC X12 Standard |
| |
|
• Transaction Type 270 |
| |
|
• Transaction Type 271 |
| |
|
• Transaction Type 276 |
| |
|
• Transaction Type 277 |
| |
|
• Transaction Type 278 Request and Response |
| |
|
• Transaction Type 820 |
| |
|
• Transaction Type 834 |
| |
|
• Transaction Type 835 |
| |
|
• Transaction Type 837 - Professional |
| |
|
• Transaction Type 837 - Institute |
| |
|
• Transaction Type 837 - Dental |
| |
• HIPAA Code Sets |
| |
|
• ICD-9-CM Volumes 1 and 2 |
| |
|
• CPT-4 |
| |
|
• CDT |
| |
|
• ICD-9-CM Volume 3 |
| |
|
• NDC |
| |
|
• HCPC |
| |
• HIPAA National Health Care Identifiers |
| |
|
• Provider Identifier |
| |
|
• Employer Identifier |
| |
|
• Health Plan Identifier |
| |
|
• Individual Identifier |
| |
|
|
Day 2
|
Lesson 3: HIPAA Privacy Rule |
| |
• Introduction |
| |
|
• Who is Impacted? |
| |
|
• Scope |
| |
|
• Exceptions |
| |
|
• Timeline |
| |
• Key Definitions |
| |
|
• IIHI |
| |
|
• PHI |
| |
|
• Deidentified Information |
| |
|
• Use |
| |
|
• Disclosure |
| |
|
• Treatment |
| |
|
• Payment |
| |
|
• Health Care Operations |
| |
• Notice Requirement |
| |
|
• Core Elements |
| |
|
• Changes to a Notice |
| |
|
• First Interaction |
| |
• Authorization Requirement |
| |
|
• Core Data Elements and Required Statements |
| |
|
• Defective Authorizations |
| |
|
• Revocations |
| |
• Key Parties Impacted |
| |
• Minimum Necessary |
| |
• Oral Communications |
| |
• Health-Related Communications and
Marketing |
| |
• Research |
| |
|
|
Day 3
|
Lesson 4: HIPAA Security Rule |
| |
• Threats |
| |
• Definition and Terminology |
| |
|
• Security |
| |
|
• Security Services |
| |
|
• Security Mechanisms |
| |
• Security Rules |
| |
|
• Categories of Safeguards |
| |
|
• Implementation Specifications |
| |
|
• Approach and Philosophy |
| |
|
• Security Principles |
| |
• Administrative Safeguards |
| |
• Physical Safeguards |
| |
• Technical Safeguards |
| |
• Organizational Requirements |
| |
• Policies and Procedures, and Documentation
Standards |
| |
• Electronic Signatures (proposed
rule) |
| |
|
|
Lesson 5: Crafting a Plan (Getting Started) |
| |
• HIPAA and e-Business |
| |
|
• Developing a Compliance Strategy |
| |
• Planning for Privacy Compliance |
| |
|
• Key Privacy Policy Documents |
| |
|
• PHI Data Exchange Scenarios |
| |
|
• Privacy Officer Responsibilities |
| |
|
• Addressing Business Associates |
| |
|
• Releasing PHI to Third Parties |
| |
• Planning for Security Compliance |
| |
|
• Security Manager Job Description |
| |
|
• Establishing the Security Compliance Framework |
| |
• Possible Framework for Compliance |
| |
|
• Step 1: Training and Awareness |
| |
|
• Step 2: Security Assessment |
| |
|
• Step 3: Business Risk Analysis |
| |
|
• Step 4: Implementation |
| |
|
• Step 5: Auditing and Enforcement |
