As defined by the Health Information Portability and Accountability Act (HIPAA), a Business Associate can be any organization or person working in association with or providing services to a Covered Entity who handles or discloses Protected Health Information (PHI) or Personal Health Records (PHR). With certain exceptions, a person or entity that creates, receives, maintains, or transmits PHI for a function or activity regulated by the HIPAA Privacy Rule for a Covered Entity is a Business Associate.
The HITECH Act, a recent update made to overall HIPAA regulations, requires Business Associates to comply with HIPAA mandates regarding the handling and use of health information. As a Business Associate, you must comply with a wide-range of regulatory obligations, including certain privacy obligations, security standards, and breach notification requirements.
If your business needs to understand what it means to be a Business Associate and know what required safeguards, policies and procedures must be in place or make sure your current compliance program is adequate and can withstand government scrutiny, please join us for this informative and interactive session.
Why you should attend:
There is a lot of confusion about the role and requirements of being a Business Associate. Organizations must be prepared prior to entering into these contracts for services as a vendor and subcontractor.
Attendees will leave the course clearly understanding all of the requirements that must be in place for the Business Associate - Covered Entity arrangement. After completing this course, a Business Associate will have a clear understanding as to what needs to be in place when it comes to all of the HIPAA regulations.
Areas Covered in the Session:
Why was HIPAA created?
Who Must Comply with HIPAA Requirements?
What are the HIPAA Security and Privacy Rules?
What are the Consequences of being a Business Associate
What is a HIPAA Compliance Program for a Business Associate?
What is a HIPAA Risk Management Plan?
What is a HIPAA Risk Assessment?
What is the Role of the HIPAA Security Official?
What are HIPAA training requirements?
What is a HIPAA data breach and what happens if it occurs?
What are the penalties and fines for non-compliance and how to avoid them
Case Examples of HIPAA Data Breaches
Creating a Culture of Compliance
- Compliance Officer
- HIPAA Privacy Officer
- HIPAA Security Officer
- IT Staff
- Office Managers
- Health Application Managers
- Companies providing healthcare data analytics
- Information Systems Manager
- Chief Information Officer
- General Counsel/lawyer
- Practice Management Consultants
- Any Business Associates that accesses protected health information
- IT Companies that support Medical/Dental practices or other healthcare organizations
Day 1 Schedule
What are HIPAA, HITECH & the Omnibus Rule?
HIPAA Privacy Rule Requirements for Business Associates
Marketing in a HIPAA compliant world
Onboarding as a Business Associate
Handling Vendor Questionnaires
HIPAA Security Rule Requirements
Administrative, Technical, and Physical Safeguards
How to Conduct a HIPAA Risk Assessment
Risk Assessment Practical Exercise
Day 2 Schedule
Review of Risk Assessment Practical Exercise
Remediation and Required Follow Up
What Policies and Procedures Must be Covered
HIPAA Risk Management Plans
Developing, Reviewing and Amending Policy and Procedure
Policy and Procedure - Practical Exercise
Review Policy and Procedure Practical Exercise
HIPAA Enforcement Trends
HIPAA & Social Media
Summary & Closing Remarks
• Compliance Officer
• HIPAA Privacy Officer
• HIPAA Security Officer
• IT Staff
• Office Managers
• Health Application Managers
• Companies providing healthcare data analytics
• Information Systems Manager
• Chief Information Officer
• General Counsel/lawyer
• Practice Management Consultants
• Any Business Associates that accesses protected health information
• IT Companies that support Medical/Dental practices or other healthcare organizations