Day 1
|
Lesson 1: HIPAA Fundamentals |
|
|
| |
• HIPAA Basics |
|
|
| |
• HIPAA’s Administrative Simplification
Title |
|
|
| |
• HIPAA Penalties |
|
|
| |
• HIPAA-Related Organizations |
|
|
| |
• HIPAA Terminology and Definitions
Covered Entity |
|
|
| |
|
• Covered Entity |
|
|
| |
|
• Health Plan |
|
|
| |
|
• Clearinghouse |
|
|
| |
|
• Health Care Provider |
|
|
| |
|
• Business Associates |
|
|
| |
|
• Trading Partner Agreement |
|
|
| |
|
• Workforce |
|
|
| |
|
• Organized Health Care Arrangement |
|
|
| |
|
• UMO |
|
|
| |
|
|
|
|
Day 2
|
Lesson 2: HIPAA Transactions, Code Sets
and Identifiers |
|
|
| |
• Transactions |
|
|
| |
|
• Impacted Health Care Transactions |
|
|
| |
|
• Target Entities |
|
|
| |
|
• Scope |
|
|
| |
|
• Penalties |
|
|
| |
|
• ASCA |
|
|
| |
• ANSI ASC X12 Standard |
|
|
| |
|
• Transaction Type 270 |
|
|
| |
|
• Transaction Type 271 |
|
|
| |
|
• Transaction Type 276 |
|
|
| |
|
• Transaction Type 277 |
|
|
| |
|
• Transaction Type 278 Request and Response |
|
|
| |
|
• Transaction Type 820 |
|
|
| |
|
• Transaction Type 834 |
|
|
| |
|
• Transaction Type 835 |
|
|
| |
|
• Transaction Type 837 - Professional |
|
|
| |
|
• Transaction Type 837 - Institute |
|
|
| |
|
• Transaction Type 837 - Dental |
|
|
| |
• HIPAA Code Sets |
|
|
| |
|
• ICD-9-CM Volumes 1 and 2 |
|
|
| |
|
• CPT-4 |
|
|
| |
|
• CDT |
|
|
| |
|
• ICD-9-CM Volume 3 |
|
|
| |
|
• NDC |
|
|
| |
|
• HCPC |
|
|
| |
• HIPAA National Health Care Identifiers |
|
|
| |
|
• Provider Identifier |
|
|
| |
|
• Employer Identifier |
|
|
| |
|
• Health Plan Identifier |
|
|
| |
|
• Individual Identifier |
|
|
| |
|
|
|
|
Day 3
|
Lesson 3: HIPAA Privacy Rule |
|
|
| |
• Introduction |
|
|
| |
|
• Who is Impacted? |
|
|
| |
|
• Scope |
|
|
| |
|
• Exceptions |
|
|
| |
|
• Timeline |
|
|
| |
• Key Definitions |
|
|
| |
|
• IIHI |
|
|
| |
|
• PHI |
|
|
| |
|
• Deidentified Information |
|
|
| |
|
• Use |
|
|
| |
|
• Disclosure |
|
|
| |
|
• Treatment |
|
|
| |
|
• Payment |
|
|
| |
|
• Health Care Operations |
|
|
| |
• Notice Requirement |
|
|
| |
|
• Core Elements |
|
|
| |
|
• Changes to a Notice |
|
|
| |
|
• First Interaction |
|
|
| |
|
|
|
Day 4
|
Lesson 3: HIPAA Privacy Rule (Contd.) |
|
|
| |
• Authorization Requirement |
|
|
| |
|
• Core Data Elements and Required Statements |
|
|
| |
|
• Defective Authorizations |
|
|
| |
|
• Revocations |
|
|
| |
• Key Parties Impacted |
|
|
| |
• Minimum Necessary |
|
|
| |
• Oral Communications |
|
|
| |
• Health-Related Communications and
Marketing |
|
|
| |
• Research |
|
|
| |
|
|
|
|
Day 5
|
Lesson 4: HIPAA Security Rule |
|
|
| |
• Threats |
|
|
| |
• Definition and Terminology |
|
|
| |
|
• Security |
|
|
| |
|
• Security Services |
|
|
| |
|
• Security Mechanisms |
|
|
| |
• Security Rules |
|
|
| |
|
• Categories of Safeguards |
|
|
| |
|
• Implementation Specifications |
|
|
| |
|
• Approach and Philosophy |
|
|
| |
|
• Security Principles |
|
|
| |
• Administrative Safeguards |
|
|
| |
• Physical Safeguards |
|
|
| |
• Technical Safeguards |
|
|
| |
• Organizational Requirements |
|
|
| |
• Policies and Procedures, and Documentation
Standards |
|
|
| |
• Electronic Signatures (proposed
rule) |
|
|
| |
|
|
|
|
Day 6
|
Lesson 5: Crafting a Plan (Getting Started) |
|
|
| |
• HIPAA and e-Business |
|
|
| |
|
• Developing a Compliance Strategy |
|
|
| |
• Planning for Privacy Compliance |
|
|
| |
|
• Key Privacy Policy Documents |
|
|
| |
|
• PHI Data Exchange Scenarios |
|
|
| |
|
• Privacy Officer Responsibilities |
|
|
| |
|
• Addressing Business Associates |
|
|
| |
|
• Releasing PHI to Third Parties |
|
|
| |
• Planning for Security Compliance |
|
|
| |
|
• Security Manager Job Description |
|
|
| |
|
• Establishing the Security Compliance Framework |
|
|
| |
• Possible Framework for Compliance |
|
|
| |
|
• Step 1: Training and Awareness |
|
|
| |
|
• Step 2: Security Assessment |
|
|
| |
|
• Step 3: Business Risk Analysis |
|
|
| |
|
• Step 4: Implementation |
|
|
| |
|
• Step 5: Auditing and Enforcement |
|
|
| |
|
|
|
|
Day 7
|
Material: HIPAA Security Specialist
Manual, PowerPoint, Quick Reference cards and Security
Policy templates |
| |
|
|
|
|
Lesson 2: Administrative Safeguards |
|
|
| |
• Administrative Safeguards |
|
|
| |
• Security Management Process |
|
|
| |
• Assigned Security Responsibility |
|
|
| |
• Workforce Security |
|
|
| |
• Information Access Management |
|
|
| |
• Security Awareness and Training |
|
|
| |
• Security Incident Procedures |
|
|
| |
• Contingency Plan |
|
|
| |
• Evaluation |
|
|
| |
• Business Associate Contracts Standard |
|
|
| |
|
|
|
|
Lesson 3: Physical Safeguards |
|
|
| |
• Requirements |
|
|
| |
• Facility Access Controls |
|
|
| |
• Workstation Use |
|
|
| |
• Workstation Security |
|
|
| |
• Device and Media Controls |
|
|
| |
• Physical Safeguards Review |
|
|
| |
|
|
|
Day 8
|
Lesson 4: Technical Safeguards (Part
I) |
|
|
| |
• Requirements |
|
|
| |
• Access Control |
|
|
| |
• Audit Controls |
|
|
| |
• Integrity |
|
|
| |
• Person or Entity Authentication |
|
|
| |
• Security Compliance process: Risk
Analysis, Vulnerability Assessment, Remediation, Contingency
Planning, Audit & Evaluation |
| |
• Transmission Security |
|
|
| |
|
|
|
Lesson 4: Technical Safeguards (Part
II) |
|
|
| |
• TCP/IP Network Infrastructure |
|
|
| |
• Firewall Systems |
|
|
| |
• Virtual Private Networks (VPNs) |
|
|
| |
• Wireless Transmission Security |
|
|
| |
• Encryption |
|
|
| |
• Kerberos Authentication |
|
|
| |
• Overview of Windows XP Security |
|
|
| |
|
|
|
Day 9
|
Lesson 5: Digital Signatures & Certificates |
|
|
| |
• Requirements |
|
|
| |
• Digital Signatures |
|
|
| |
• Digital Certificates |
|
|
| |
• Public Key Infrastructure (PKI) |
|
|
| |
• Solution Alternatives |
|
|
| |
• Identity theft prevention and HIPAA |
|
|
| |
|
|
|
Lesson 6: Security Policy |
|
|
| |
• Threat, Risk Management and Policy |
|
|
| |
• ISO 17799 and BS 7799 Security Standards |
|
|
| |
• Security Policy Considerations |
|
|
| |
|
|
|
Day 10
|
PowerPoint, Practice Test, Security
Policy Templates
|
Additional topics to be covered outside
the manual |
|
|
| |
• Cross over of HIPAA with NIST, SOX
and other compliance regulations |
|
|
| |
• Enforcement Rule info |
|
|
| |
• Sample Security Policies |
|
|
| |
• Practice test questions |
|
|
| |
• Security Compliance steps |
|
|
| |
|
