Transcription
HIPAA Compliance Overviewfor Mental Health ProvidersHIPAA is a federal law regulating the US healthcare system. It’s primarily purpose is toprotect the privacy and security of our health/medical information (PHI: Protected HealthInformation) as well as give us certain inherent rights on that information.
HIPAA Compliance Overview for Mental Health ProvidersHIPAA (Health Insurance Portability and AccountabilityAct) is a federal law regulating the US healthcaresystem. It’s primarily purpose is to protect the privacyand security of our health/medical information (PHI:Protected Health Information) as well as give individualscertain inherent rights on that information.The HIPAA regulations consist of two separate anddistinct regulations:HIPAA Privacy which involves protections from a peoplestandpoint (employee training, policies and procedures,contracts, etc) andHIPAA Security which involves protections for electronicdata (federal information technology standards forhealthcare)Any organization or person who works in or withthe healthcare industry or who has access to PHI(Protected Health Information) is going to fall underthe HIPAA umbrella. This includes physicians, medicalstaff, hospitals, medical practices, medical students,pharmacies, durable medical equipment suppliers,answering services, collection agencies, marketingservices, printers, IT and managed services, software2 Copyright 2001-2019, HIPAA Training, All Rights Reservedcompanies, employers who sponsor a health/medicalplan for their employees, etc.In order to be “HIPAA Compliant”, an organization mustput in place safeguards and controls for both HIPAAPrivacy and Security to protect PHI that the organizationhas or will be given access to. This includes employeetraining on HIPAA, implementing formal policies andprocedures and documents required by HIPAA, andvalidating your IT infrastructure against the HIPAAsecurity information technology standards.While the requirements for HIPAA Privacy complianceare going to vary by organization type (healthcareprovider, business associate, employer group health plan,etc), the requirements for HIPAA Security complianceare going to be the same for everyone given everyonehas the same information technology protectionrequirements.Audience:Any organization involved in direct medical treatment ofpatients involving mental health.Examples:Psychologists, Psychiatrists, Clinical Social Workers,Behavioral Services, Mental Health Programs, etc.
HIPAA Privacy Compliance Safeguards for people related issuesHIPAA Privacy OfficerEmployee TrainingDocuments and ControlsAn individual must be designatedto take responsibility for andoversee HIPAA Privacy complianceat the organizationAll employees who have accessto Protected Health Informationmust be given a HIPAA AwarenessTrainingFormal documents, controls andpolicies and procedures to protectProtected Health Information inthe organizationaround electronic data andHIPAA Security Compliance Safeguardsinformation technology standardsHIPAA Security OfficerEmployee TrainingHIPAA Security RiskAssessmentDocuments and ControlsAn individual mustbe designated to takeresponsibility for andoversee HIPAA Securitycompliance at theorganizationThose employees whowill be implementingHIPAA Security (such asthe compliance officerand IT staff) will haveto take an additionaldetailed course on HIPAASecurityCompare yourorganization’s informationtechnology standardsagainst the federal ITstandards in HIPAASecurity. Identify and fixany deficiencies.Formal documents,controls and policies andprocedures to protectelectronic ProtectedHealth Information inthe organization and todocument the standardsfollowed in yourorganization.www.hipaatraining.com 3
What is involved in becoming HIPAA compliant?There are 3 parts to HIPAA compliance for an organization:1. Providing a HIPAA AwarenessTraining to all employees of theorganization that have access toPHIPart 1 is handled through ourorganizational training which allowsyou to roll out training to youremployees as a self-paced onlinetraining that they can each take at theirown schedule. Our system trains, tests,and generates a 2 year certificate forcompliance record keeping.2. Implementing formal documentsand controls for the organizationto protect and safeguard PHI3. Training of a compliance officer(someone in the organization whois going to take responsibility forHIPAA at your organization)Parts 2 and 3 are handled by our compliance documentation kits. While your designatedcompliance officer is implementing the required documents, they are also being trainedthrough a “hands-on learn by doing” approach. The theory behind our method is if yourcompliance officer built it, they will be able to maintain it going forward.If you already have components of the 3 parts in place for HIPAA compliance, you can just purchase the components you need.How much will it cost to become HIPAA compliant?A typical ten person organization can become fully compliant at a cost of only 1,270. 999.98 for the 2 documentation kitsto implement all the documents andcontrols and to train a complianceofficer 249.90 for 10 HIPAA AwarenessTrainings @ 24.99/person at 10 seatdiscount (further discounts availableat higher tiers) 20.00 for 1 HIPAA Security Trainingfor the compliance officer (more maybe necessary if IT staff) ( 20/person)Note that the majority of organizations will have to comply with both the Privacy and Security regulations because everyone dealswith computers these days. Some organizations will only have to comply with Privacy if they don’t have electronic PHI. Contact usand we’ll be happy to discuss your particular requirements.How long does it take to become HIPAA compliant?On average, you are looking at about 2 to 2.5 weeks for the compliance officer (1 week per documentation kit). Thecompliance officer will first roll out the 1.5 hour Awareness training to the employees and then work on the documentationkits in parallel.Do I have to hire a compliance officer or officers forHIPAA?What if I have questions?No we train an individual or individuals from your existingstaff to take on that additional role. It will take themabout 1 week per documentation kit to implement andshould only take them a few hours per month after thatto maintain. We recommend the Privacy officer be anoperational person and the Security person be from IT. Ifyou don’t have an internal IT department, you can have oneperson be the overall compliance officer.To help the compliance officer get started quickly, we’veprovided a pre-recorded jumpstart video session where wewalk the compliance officer through the entire process sothere is no guess work. They can hit the ground running.In addition, we are also available for questions through thewhole process at no additional charge.4 Copyright 2001-2019, HIPAA Training, All Rights Reserved
Where do I start?FirststepThe first step is toidentify who willbe responsible forHIPAA at yourorganization.HIPAA requires that an organization designate an individual or individuals tobe responsible for HIPAA (Privacy and Security). We recommend the Privacycompliance officer be an operational person and the Security complianceperson be from IT. If you don’t have an internal IT department, you can haveone person be the overall compliance officer. This does not have to be a fulltime position and can be an additional duty for someone.The main responsibility of the HIPAA compliance officer(s) will be to get theorganization initially HIPAA compliant and then to maintain those standardsgoing forward and to be a point person for questions or complaints.Training of a new HIPAA compliance officer is automatically handled as partof our documentation kits where we train a compliance officer through aunique “Hands-On Learn by Doing Approach”.We recommend you identify the HIPAA compliance officer from the start and then have them:1.2.3.4.Roll out the Awarenesstraining to all employeesincluding themselvesImplement the PrivacyDocumentation Kit. Thereis a 1 hour pre-recordedjumpstart session videoincluded with the kit to getyou started quicklyRoll out the Security trainingto the team who will beinvolved in implementingHIPAA Security (typicallycompliance officer and ITstaff)Implement the SecurityDocumentation Kit. Thereis a 1 hour pre-recordedjumpstart session videoincluded with the kit to getyou started quicklyRegular Employees/Staff HIPAA Awareness Training (2 Year Certification)HIPAA Privacy Officer HIPAA Awareness Training HIPAA Privacy Documentation Kit HIPAA Security TrainingHIPAA Security Officer HIPAA Awareness Training HIPAA Security Training (also for any other compliance staff including IT staff) HIPAA Security Documentation Kitwww.hipaatraining.com 5
Online HIPAA CoursesHIPAA Awareness forMental HealthHIPAA SecurityFormat: Online, Self PacedDuration: 1.5 HoursPrerequisite: NoneFormat: Online, Self PacedDuration: 1.5 HoursPrerequisite: HIPAA Awareness CourseHIPAA Awareness is meant to satisfy the legal trainingrequirement under HIPAA and must be taken byanyone in the organization that has access to protectedhealth information. It covers primarily HIPAA Privacybut also an overview of the other parts of HIPAAincluding HIPAA Security. This is the only courseneeded by the regular staff.HIPAA Security is a follow on course to HIPAA Awarenessthat is a specialized course on just HIPAA Security. It builds onthe information in the Awareness course but provides an extralevel of depth on the HIPAA Security information technologystandards. This course should be taken by the HIPAA compliance officer(s), any IT or other staff they pull in to help withimplementation, or anyone requiring a detailed knowledge ofHIPAA Security.This course contains the following lessons:This course contains the following lessons:Introduction to HIPAAIntroduction to HIPAA SecurityUsing and Disclosing PHIAdministrative SafeguardsHIPAA PrivacyPhysical SafeguardsHIPAA SecurityTechnical SafeguardsHIPAA and State LawsBecoming HIPAA Security CompliantBecoming HIPAA CompliantFinal ExamFinal Exam6 Copyright 2001-2019, HIPAA Training, All Rights Reserved
Online HIPAA Training.cognirainPAATHIasyst Ece FaplianComIPAAng HMakimnless PaiThe online training is meant to handle the educationalcomponent and training mpliance-formental-healthRollout Our Smart Training to Your Workforce in 5 Minutes or LessHow? Our training system is smart - very smart - and doesalmost everything for you. All you have to do is to emailgeneric instructions to your staff. It is the same instructionsfor everyone and we’ve already pre-typed the instructionsfor you.Have staff that doesn’t have email? No problem, print offthe instructions and give it to them as a piece of paper.Once you provide the generic instructions to your staff youare done. The smart training system then takes over fromthere and trains, tests, generates certificates, emails you acopy of those certificates, and maintains a training log.It can’t get any easier.Our smart system utilizes a single shared multi-userlogin that eliminates the hassle of having to setup andmanage multiple usernames and passwords.Everyone from your organization can log in fromhome or work (24x7) using the same shared login (nolimit on simultaneous users).On passing the final exam, each individual is promptedto enter their name. The system then generates a PDFcertificate for the individual and emails a copy of thecertificate to the administrator for record keeping.The smart system maintains a detailed training logautomatically for you.www.hipaatraining.com 7
Each course is 1.5 hours long, self paced, andgenerates a 2 year certification upon completion.There are no contracts or minimums. Ourtraining works like a phone card so you can justpurchase as you need. We provide a cumulativediscount over the life of the account so it alwaysgets cheaper over time.The majority of employees will just take theAwareness course. Compliance officer and ITstaff will take both. The Security course getsdiscounted to 20 with the bundled discountand can be purchased anytime.Each employee receives their own HIPAAcertificate and wallet card immediately onlineupon successful comletion of training.Pricing Per CourseQty of Training SeatsPricing Per Seat1-9 29.9910-24 24.9925-49 23.9950-99 22.99100-199 19.99200-299 14.99300 CALLCourse FeaturesGroup discounts available2 Year nationally recognized certificateNo contracts, pay as you go, cumulativediscountsAutomatically creates and maintains detailedlog in MS ExcelZero administration: no need to create &administer username and passwordIncludes HITECH, Omnibus, Texas HB 300,and California CMIAShared multi-user login for employeesEnglish and Spanish versions includedCertificates and transcript scores automaticallyemailed to account administratorNo expiration date on any seats purchasedFree retakes. Each employee is guaranteed acertificate30 day money back guarantee8 Copyright 2001-2019, HIPAA Training, All Rights Reserved
Documentation and ComplianceOfficer TrainingHIPAA requires that formal documents and controls such as forms, contracts, policies andprocedures, etc be in place for the organization to properly protect patient health information.Documents such as business associate contracts, policies and procedures, patient rightsdocuments, breach notification, and others that you learn about in the Awareness training.Our Documentation Kits are meant to be utilized by your compliance officer to put in placethe documents, contracts, forms, and policies and procedures required by the HIPAA Privacyand HIPAA Security regulations. At the same time they are putting that in place, we aretraining them as a new HIPAA compliance officer through a unique “Hands-On Learn by DoingApproach”.Our kits are very easy to use, come with a step by step to do list that walks you throughthe entire process, and provide ready to use templates in Microsoft Word format for easydownload. Once you download the templates, they become your master copies on your localnetwork/pcs and they are yours even beyond the 1 year online access. Finally, we fully supportyou through the process, so if you have any questions, you can contact us ance-for-mental-healthPricing is 499.99 perdocumentationkit.HIPAA Privacy Documentation Kit - 499.99CONTRACTS AND FORMS INCLUDEDAcknowledgement of Receipt of Notice ofPrivacy PracticesAcknowledgement of Receipt of Notice ofPrivacy Practices (Spanish)Approval for Amendment of PHIAuthorizationBusiness Associate ContractBusiness Associate ListConfidentiality AgreementDenial for Access to PHIDenial for Amendment of PHIFax Cover SheetHHS 500 Plus Breach NotificationHHS Annual Breach NotificationIndividual Breach NotificationLog of HIPAA TrainingLog of PHI Amendment RequestsLog of PHI DisclosuresNotice of Amendment of PHINotice of Privacy PracticesNotice of Privacy Practices (Spanish)Patient Privacy Complaint FormRequest for Access to EHRRequest for Access to PHIRequest for Accounting of Disclosures of PHIRequest for Amendment of PHIRequest for Restriction of PHIRequested Breach Notification Delay Due toLaw EnforcementRisk Assessment for Breach of Unsecured PHIPOLICIES AND PROCEDURESINCLUDEDPolicies and Procedures for Breaches ofUnsecured PHIPolicies and Procedures for Business AssociatesPolicies and Procedures for Computer SystemsPolicies and Procedures for Facsimile MachinesPolicies and Procedures for Patient RightsPolicies and Procedures for PHI Use andDisclosuresPolicies and Procedures for WorkforceTerminationsPolicies and Procedures for Workforce TrainingPolicies and Procedures for Employee SanctionsHIPAA Security Documentation Kit - 499.99ADMINISTRATIVE SAFEGUARDSPHYSICAL SAFEGUARDSTECHNICAL SAFEGUARDSContingency Planning TestingScheduleHIPAA Security Risk AssessmentLog of HIPAA Security TrainingPolicies and Procedures forContingency PlanningPolicies and Procedures forEvaluationPolicies and Procedures forInformation Access ManagementFacility Repair DocumentationFormHardware and Electronic MediaTracking FormPolicies and Procedures forDevice and Media ControlsPolicies and Procedures forFacility Access ControlsPolicies and Procedures forWorkstation SecurityPolicies and Procedures forWorkstation UseWorkstation ReassignmentTracking FormPolicies and Procedures for AccessControlsPolicies and Procedures for AuditControlsPolicies and Procedures for DataIntegrityPolicies and Procedures for Personand Entity AuthenticationPolicies and Procedures forTransmission SecurityPolicies and Procedures forSecurity Incident Response andReportingPolicies and Procedures forWorkforce SecurityPolicies and Procedures forSecurity and Awareness TrainingSecurity Incident InvestigationFormSecurity Incident Reportwww.hipaatraining.com 9
Why Choose Us?We are experts in HIPAA and our mission is to make HIPAA training and compliance fast,easy, and painless. We’ve done all the hard work so you don’t have to. We hope you’ll give usa try and in return we promise exceptional training and compliance products at an affordableprice and to treat each of our customers with the utmost care and raving support.Experts in HIPAA with more than 18 years’ experienceFull range of compliance products andnot just training only2 Year certificate valid in all statesSpecialized versions versus onegeneric version of complianceIndividual and organizational trainingavailableRaving support. We offer phone supportand not just emailEnglish and Spanish versions includedIncludes HITECH, Omnibus, Texas HB 300,and California CMIAUnique zero administration systemOur Training is user friendly andeasy to understandReasonably priced and groupdiscounts availableThousands of satisfied customers in all industriesEaster SealsFour SeasonsRoss Medical UniversityZapposCertified LanguagesLaurus StrategiesBioReference LaboratoriesYoungstown State UniversityNational Financial PartnersPiper JordanMedical Educators of NYNew York Institute of TechnologyMedical University of the AmericasAmerican Translation PartnersJob CorpsVision WebAmerican Sign Language Inc.Granite Peaks GICity of JacksonvilleCapital SurgeonsHoward Brown Health CenterGoodwillFoster Wheeler CorporationDevryHarbor Freight ToolsCatapult HealthMesirow FinancialsHIDKimberly ClarkArthur J. Gallagher & Co.Sapoznik InsuranceAnswer UnitedRSA MedicalIvy Tech Community CollegeJob CorpsReliable RunnersWild Well, Scribe SolutionsTouchstone ImagingPension FundGrand RoundsKeystone Insurance GroupTele Tracking10 Copyright 2001-2019, HIPAA Training, All Rights ReservedCarlsons (owner of TGI Fridays)Hofstra Medical UniversityRedHatKinross Gold2nd MDUnion HospitalCarbideLululemonTriNetAltepElite Dental AcademyHotusPhiladelphia UniversityBay Bridge AdministratorsNutriciaIthaca UniversityMBA HealthAmerican JanitorialHealthcare HighwaysMed Comp SciencesHecla Miningand more.
5114 Balcones Woods Dr. Suite 307, #331Austin, TX 78759512-402-5963info@hipaatraining.comA Digital Compliance Companywww.digitalcompliance.comOther compliance training ning.comwww.hrtraining.comwww.hipaatraining.com Copyright 2001-2019, HIPAA Training, All Rights Reserved
organization initially HIPAA compliant and then to maintain those standards going forward and to be a point person for questions or complaints. Training of a new HIPAA compliance officer is automatically handled as part of our documentation kits where we train a compliance officer through a unique "Hands-On Learn by Doing Approach".
