HIPAA Workshop Outline

HIPAA EXPRESS^® Workshop

Pre HIPAA Workshop Tasks

Prior to attending the HIPAA workshop, to make the workshop as valuable as possible, a number of tasks need to be completed. These include:

1. Completing the roles document which identifies your organization’s personnel who will participate in your HIPAA program.
2. Confirm your access to the HIPAA Suite^® software.

DELIVERABLE:

To configure HIPAA Suite^® for use in the HIPAA Express^® workshop, Carosh needs to confirm the setup and configuration of your company. To this end, Carosh will deliver a “Roles Document” and schedule a time to explain and review the roles document, gather other information to set up your company and test your ability to access the system.

HIPAA Suite^®

Carosh’s exclusive cloud-based software is designed to help practices easily manage their HIPAA security and privacy program. HIPAA Suite^® is developed to assist your organizations to easily manage, maintain, and preserve their HIPAA Security and Privacy information, as required by the regulations.

HIPAA Suite^® for HIPAA Express^® functions include:

• Security & Privacy Risk Assessments with simple to follow questions
• Remediation Plan generation- with Regulation and Policy Number Tracking
• Maintenance of the on-demand training program

Additional functions include modules to:

• Audit of your security and privacy program
• Security Reminder Logs
• Disclosure Logs
• Breach Logs

DELIVERABLE:

During the HIPAA Workshop, Carosh personnel will provide access and overview training to utilize the software. 

Risk Assessments

Regulations require that a formal Security Risk Analysis is conducted on a periodic basis. The Carosh Risk Analysis will give you the peace of mind of having a complete and required component of HIPAA compliance.

Our Security Risk provides an in-depth analysis of the 78 vulnerabilities identified in the regulations, broken into three key areas, Administrative, Physical and Technical safeguards. The determination of risk for a particular threat or vulnerability is a function of:

• The likelihood of a given threat source’s attempt to exercise a given vulnerability
• The magnitude of the impact should a threat-source successfully exercise the vulnerability, and
• The adequacy of planned or existing security controls for reducing or eliminating risk.

The Privacy Assessment focuses on the 25 vulnerabilities contained in the Privacy Rule.

The Privacy Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the use and disclosure of the information without patient authorization.

DELIVERABLE:

During the HIPAA Workshop, the Security and Privacy Assessments will guide you through a series of stages to identify the security and privacy risks and suggests methods of mitigating or eliminating them. The focus of the Security Risk Assessment is on the Technology infrastructure, while the Privacy Risk Assessment addresses patient information itself and how your current privacy policies and procedures secure and protect this information.

Remediation Plan

Once deficiencies have been identified through the Risk Assessment(s), the focus turns to implementing the requirement for a management process to correct security and privacy deficiencies, and to track progress towards that goal. For each risk identified, risk mitigation strategies are provided, and controls are presented.

DELIVERABLE:

HIPAA Express^® provides remediation plans, which includes the risk, the proposed remediation, and the responsible party assigned for mitigating each risk. A completion date is also assigned. The plans codify these items and tasks are distributed to responsible parties. An explanation of the remediation plan will be provided during the workshop.

Remediation Implementation

Implementing the remediation plan includes the development of appropriate policies and procedures to provide the overall direction for the controls. Procedures spell out the details of how specific controls will be implemented.

DELIVERABLE:

During the HIPAA Workshop, Carosh will provide you with templates of all required policies and procedures to address vulnerabilities identified in the remediation plan. Virtual group meetings led by a Carosh consultant will review each policy and procedure, and be available to answer questions.

Documentation Management

HIPAA requires all documents related to your HIPAA compliance program be retained for six years. Documentation is critical in proving that the analysis was performed, to manage the ongoing Risk Management process and ensure required training is being conducted.

DELIVERABLE:

Documentation is always available as a packaged report, and online. Results are stored for the required 6-year period.

Training

All staff, whether salaried or non-salaried, and volunteers are required to complete HIPAA privacy and information security training periodically. Contrary to generally accepted practice, training is required to include materials related to your organization’s specific policies and procedures. Though not specified in the Regulations, best practices have you conducting this training regularly throughout the year, or when a change to the Regulation occurs.

DELIVERABLE:

As part of the HIPAA Workshop, HIPAA Express^® includes training of up to 10 individuals. Carosh provides you with several levels of virtual training depending upon employees’ level of access to patients and patient information including basic (staff) and advanced (management).