Clearwater HIPAA Compliance BootCamp™

Course Syllabus

The course covers nine educational modules. The Virtual events include two discussion sessions, which give attendees time to process their new knowledge and apply it to their own organizations. The following information is the Syllabus from the December 2013 HIPAA Compliance BootCamp™  held in Austin, TX.

 Welcome, Introduction and Overview

  • Explain the purpose, scope and objectives of the HIPAA Compliance BootCamp™ to Colleagues

Instructional Module 1: How to Set Up Your Privacy and Security Risk Management & Governance Program

  • Describe the importance of HIPAA-HITECH Compliance Alignment and Governance
  • Use the Clearwater Strategic HIPAA-HITECH Compliance AlignmentCheck™ to assess your alignment
  • Use Word template provided to Charter your HIPAA Compliance Committee
  • Learn several “tips & tricks” to establishing a HIPAA Compliance Council
  • Use Word template provided to create a charter and standing agenda for your HIPAA Compliance Council
  • Describe the process for building a business case for enhanced security for PHI
  • Use Excel model provided to calculate the cost of a breach for your organization

Instructional Module 2: How to Assess Your Increased Liability Risk Under the Omnibus Final Rule

  • Explain new sources of risk and liability
  • Learn things you must know and do in the now
  • Describe expanded enforcement powers of the Office for Civil Rights

Instructional Module 3: How to Develop & Implement Comprehensive HIPAA Privacy and Security and Breach Notification Policies & Procedures (PnPs)

  • Cite and explain the explicit HIPAA requirements for PnPs and Documentation
  • Explain the different between policy statements and procedures
  • Describe the structure and elements of complete PnPs
  • Use Word PnP templates and outlines to develop their own PnPs
  • Use PnP Program Tracker to Manage Development and Implementation of PnPs

Instructional Module 4: How to Prepare for and Manage an OCR Investigation

  • Defend the position that the only real way to prepare for an OCR Investigation is to become and remain compliant with the HIPAA Privacy, Security and HITECH Breach Notification Rules
  • Describe the OCR investigation process and how to participate efficiently and effectively
  • Present DOs and DONTs to your organization on working with the OCR
Register For  BootCamp™ Contact Us BootCamp™ Flyer

Instructional Module 5: How to Train all Members of Your Workforce

  • Cite and explain the explicit HIPAA requirements for Training
  • Explain the difference between training on the regulations and training on your own PnPs
  • Describe why it is necessary for training to be job/role specific
  • Describe a framework for an ongoing Privacy and Security Reminder program
  • Find resources to help enhance their current HIPAA Privacy and Security training program

Instructional Module 6: Panel Discussion – How to Implement a Strong, Proactive Business Associate Management Program

  • Cite and explain the Privacy and Security Rule regulatory requirements for Business Associate Management
  • Explain the expansion of the ‘Chain of Trust’
  • Describe the important consideration of a true subcontractor versus an agent
  • Defend the argument of “maintainer of PHI” versus “conduit of PHI”
  • Discuss with colleagues specific responsibilities of BAs

Instructional Module 7: How to Complete All HIPAA Security Rule Assessment Requirements

  • Understand the explicit HIPAA Security Rule requirements for Ongoing Assessments
  • Explain the difference between compliance and security
  • Cite the specific HIPAA regulatory requirements and HHS/OCR Guidance for “technical evaluation”, “non-technical evaluation” and risk analysis
  • Define fundamental risk terminology
  • Explain why risk analysis is a core foundational step
  • Describe the fundamentals of a Risk Analysis

Instructional Module 8: Presentation and Panel Discussion: How to Create a “Culture of Compliance”

  • Describe real breach experiences that motivate organizations
  • Articulate the Breach Notification process and how to operate efficiently and effectively
  • Develop a plan to take advantage of Breach as an opportunity to engage senior management
  • Learn and understand that privacy, security and compliance are, ultimately, people issues
  • Recognize that culture drives practice – – not tools and rules
  • Know that you can lead from anywhere and that only sustainable change actually transforms people and processes

Instructional Module 9: How to Assess and Monitor Your Compliance with the HIPAA Privacy Rule and HITECH Breach Notification Rule

  • Describe major requirements of the Privacy Rule and Breach Notification Rules
  • Highlight changes driven by Omnibus Final Rule
  • Describe the Process for Conducting a Privacy Assessment
  • Describe Weaknesses in Privacy Compliance Programs
  • Identify Practical Solutions to Close Common Privacy Rule Compliance Gaps
  • Describe additional factors to consider in Breach Determination

Instructional Module 10: Q&A, Final Remarks

  • Discuss with faculty and other attendees most key action plan concerns/ open issues from the day


Register For  BootCamp™ Contact Us BootCamp™ Flyer

Need to Tailor Training to Your Team or to a Group?

You can bring the equivalent of our Clearwater HIPAA Compliance BootCamp™, the Clearwater HIPAA Compliance WorkShop™ to your organization or association. If you have a group in need of training on the HIPAA and HITECH Regulations, holding a customized WorkShop at your organization is easy and cost-effective. You will eliminate travel time and costs while ensuring your entire team or group is up to date on the latest regulations and audit protocols. PLUS, in addition to providing relevant education tailored to your organization, and conducted by leading HIPAA experts, you can select from WorkShops targeted to HIPAA Privacy and Breach Notification Compliance Evaluation, Security Rule Compliance Evaluation, or Security Risk Assessment according to your organization’s needs. Via these onsite WorkShops, you can also benefit from:

  • Facilitated completion of a thorough assessment of your compliance programs, led by an independent, third party expert and involving your entire Privacy/Security Compliance Team.
  • Thorough, independent, “by the book” 3rd party assessments that:

– actually meet the Security Evaluation (45 CFR 184.308(a)(8)) requirements of the Final Security Rule
– form a baseline status measurement of your compliance programs, and identify any areas of non-compliance

  • Facilitated creation of your Information Asset Inventory, indentifying where PHI is created, received, managed, or transmitted.
  • Automatic generation of detailed, preliminary, actionable remediation plan you can use to prioritize and guide your remediation activities for your programs, saving valuable time and getting the expertise to jump start or enhance your compliance program.
  • A one-year subscription to the Clearwater HIPAA Security Assessment™, Clearwater HIPAA Risk Analysis™ and/or Clearwater HIPAA Privacy and Breach Notification Assessment™ SaaS tools used to perform the evaluations and assessments, and where all related compliance program artifacts can be stored and progress tracked and compared over time.
  • Access to Policy and Procedure ToolKits to speed along your documentation requirements.

Highly acclaimed Findings, Observations and Recommendations reports setting out targeted, practical, prioritized recommendations for remediating deficiencies and identify a prioritized list of recommended next steps so as to strengthen your programs.

For more information…

…about the Clearwater HIPAA Compliance BootCamp™, click on the links below; email; or contact Customer Service at 800-704-3394.