As the healthcare industry rapidly migrates to a paperless future in which individual health information is recorded, maintained, and transmitted electronically, the need to secure that information grows. Because unauthorized access to private health information could have dangerous ramifications for individuals, healthcare professionals, and many businesses, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) in 1996 with the goal of protecting such information.
One of HIPAA’s main provisions, the Security Rule, outlines the standards for protecting electronic protected health information that health plans, healthcare clearinghouses, and many healthcare providers are required to follow. As of 2006, all entities that fall under the law’s purview must be in compliance with these standards and their accompanying implementation specifications.
HIPAA is designed to protect a covered entity’s Electronic Protected Health Information from unauthorized access and use. Severe consequences await those organizations found guilty of frustrating these objectives. The only way Insurance and Risk Management Professionals can adequately assist an organization in controlling, mitigating and insuring against these consequences, is to understand what HIPAA’s Security Rule requires, permits, and prohibits.
TARGET AUDIENCE
Managers, Supervisors & HR Professionals
TIME TO COMPLETE
240-280 minutes
PURPOSE
To provide an overview of HIPAA’s Security Rule, including the standards and implementation specifications included therein, to ensure the security of a covered entity’s Electronic Protected Health Information and to avoid the liability resulting from HIPAA violations.
LEARNING OBJECTIVES
After completing this course, the learner will be able to:
- explain the history of HIPAA and the reasons for its adoption;
- outline the structure of HIPAA and relate its provisions to other federal regulations;
- define and identify who is considered a covered entity under HIPAA and therefore subject to its regulations;
- define Electronic Protected Health Information (EPHI) and distinguish between what is and what is not EPHI;
- outline the structure of the HIPAA Security Rule;
- define the standards that serve as the goals of the Security Rule;
- distinguish between standards and implementation specifications, as contained in HIPAA;
- define the terms "required" and "addressable" as they apply to HIPAA's implementation specifications;
- define and apply HIPAA's Administrative Safeguards in the management of EPHI;
- apply the principles of risk analysis and risk management in observing HIPAA's Security Rule;
- define and apply HIPAA's Physical Safeguards in the management of EPHI;
- define and apply HIPAA's Technical Safeguards in the management of EPHI;
- define and apply HIPAA's Organizational Requirements in the management of EPHI;
- define and apply HIPAA's Policies and Procedures and Documentation Requirements in the management of EPHI;
- identify the range of penalties for HIPAA violations; and
- identify an organization’s exposure to HIPAA-related liability in order to develop and implement appropriate insurance and risk management strategies.
TOPICS COVERED
- The History of HIPAA’s Enactment and Subsequent Interpretation
- Who Are Covered Entities under HIPAA?
- What Constitutes Electronic Protected Health Information
- The Structure of the Security Rule
- The Distinctions between Standards and Implementation Specifications
- “Required” v. “Addressable” Implementation Specifications
- Defining and Applying HIPAA’s Administrative, Physical, and Technical Safeguards
- Defining and Applying HIPAA’s Organizational Requirements
- Defining and Applying HIPAA’s Policies and Procedures and Documentation Requirements
- Identifying the Penalties for HIPAA Non-Compliance
FORMS INCLUDED
- Covered Entity Chart
- Interview and Document Request for HIPAA Security Onsite Investigations and Compliance Reviews
- Security Standards: Matrix
HR CERTIFICATION INSTITUTE
This Activity has been approved for 4.0 HR (General) recertification credit hours toward aPHR™, aPHRi™, PHR®, PHRca®, SPHR®, GPHR®, PHRi™ and SPHRi™ recertification through HR Certification Institute® (HRCI®). The use of this official seal confirms that this Activity has met HR Certification Institute's® (HRCI®) criteria for recertification credit pre-approval.
SOCIETY FOR HUMAN RESOURCE MANAGEMENT
This Activity has been approved for 4.0 PDCs toward SHRM-CP® or SHRM-SCP® recertification. The Human Equation is recognized by SHRM to offer Professional Development Credits (PDCs) for SHRM-CP® or SHRM-SCP® recertification activities.