|  Home   |  Contact Us   |  Site Map   |  Search  |      

 Customer Entrance
Core Administration
Consumer-Directed
Care Management
Medicare
Medicaid
Web Solutions
Network Management
HIPAA
COURSE: 302 HIPAA Security Workshop

A 2-Day, instructor-led, interactive session with a focus on the fundamentals of developing HIPAA-Compliant Security Policies and Procedures, Technical Designs and Implementation Methodology. Topics covered include Security Review and Design and Implementation Framework Discussion, and specific hands-on experience creating HIPAA-compliant Policies & Procedures and Technical Application and Network solutions.

Session provides a hands-on, structured approach to developing enterprise-wide organizational and technical security solutions that meet the general HIPAA Privacy requirement to protect the confidentiality of Protected Health Information, and the specific requirements of the proposed HIPAA Security Rule. Use of industry best practices for mitigating security breaches, and rolling out workforce training and managing ongoing compliance are discussed.

Samples of all major HIPAA-compliance Security P&P provided. The highly interactive session provides a good cross section of other HIPAA Stakeholders from across the country. Recommended for HIPAA Stakeholders and Decision Makers, Managers, Legal, Technical and Compliance Officers.

DAY ONE

HIPAA Security Review
A detailed review of the key impacts of the HIPAA Security Rule on Covered Entities and their Business Associates. Differences between the HIPAA Security Rule and the recent NPRM update are analyzed for their impacts of the April 14, 2002 Security compliance deadline Strategies for compliance (2 hours).

Framework for Developing Security Compliance
Analysis and Business Goals approach to determining the scope of your organization’s Security compliance needs; Differences between simple and complex organizations; overview of the top-down, bottom-up and hybrid approaches; the workgroup approach, methodology, process, deliverables and work plan (1 hour, 30 minutes).

Administrative Procedures Compliance
Topic covered include analysis of security standards and implementation specifications for administrative procedures including security management process for risk analysis and management, formal mechanisms for processing records, information access authorization, establishment and modification, security incident procedures including report and response procedures, termination procedures, awareness training and internal audit for in-house review of active system logs as part of an overall enterprise security plan. Specific policies and procedures are examined for compliance and practical implementation (1 hour, 30 minutes).

Physical Safeguards Compliance
Topics covered include analysis of security standards and implementation specification for physical safeguards including assigned security responsibility, physical access controls including equipment controls, facility security plan, procedures for verifying access authorization, need-to-know procedures, media controls including access control, accountability, data backup and storage, access controls including context- role- or user-based access, and physical access controls including testing and revision and maintenance records. Specific policies and procedures are examined for compliance and practical implementation (1 hour, 30 minutes).

DAY TWO

Technical Security Services Compliance
Topics covered include analysis of security standards and implementation specifications for applications including application-level authorization control for role- or user-based access, entity authentication including automatic logoff, unique user identification, and use of passwords and token strategies, application-level audit controls, data authentication, and procedures for emergency access as part of an overall enterprise security plan. Application security infrastructures are examined as an integrated strategy for protecting PHI access by role or user job function (1 hour, 15 minutes).

Technical Security Mechanisms Compliance
Topics covered include analysis of security standards and implementation specifications for communication and network protocols including network-level access controls, encryption, entity authentication, integrity controls, audit trails, event reporting, alarms, and message authentication as part of an overall enterprise security plan. Network security infrastructure is examined from principally from a PHI protection strategy of perimeter security, including defense in depth for firewalls, DMZ, proxy servers, and IAC implementation, and infrastructure strategies for creating layers of segmented protection for server/application access (1 hour, 15 minutes).

HIPAA Expert Panel
Dial-in Q&A panel with nationally recognized HIPAA experts. Product Q&A included on request (1 hour).

Framework for Implementing Security Compliance
A comprehensive approach for implementing an enterprise security solution incorporating all aspects of security design and management for applications and networks is analyzed. An integrated approach for implementing a balanced plan is reviewed as part of a comprehensive and ongoing compliance framework (1 hour, 15 minutes).

HIPAA Roundtable
Open discussion and general Q&A.

COURSE MATERIALS

  • Binder and Compact Disc


Information
For more detailed information, please call 1-800-569-1222 or click on the link below.
Request more information     Contact a sales rep


Back to Course List

About TriZetto   Healthcare Solutions   Healthcare Services   Privacy Policy   Terms and Conditions   Trademarks  
© 2000-2008 The TriZetto Group, Inc. All rights reserved.