Training Course Outline: Understanding HIPAA Security Compliance

Description

The Health Information Portability and Accountability Act (HIPAA) defined rules that must be observed in the curation of health care information. It defines required requirements for organizations that store, process, or transmit health care information or related sensitive data. This course explains the HIPAA Security Rule in the context of the larger framework of IT Security, and will help organizations understand the motivation for each requirement. Strategies for the successful implementation of each requirement will be examined.

Audience

Managers and staff of entities that must be HIPAA Security compliant.

Duration

1 Day

Objectives

  • Be familiar with basic IT Security concepts and terms
  • Understand the purpose and motivation for the HIPAA Security Rule
  • Clearly understand who must comply with HIPAA Security Rule
  • Be familiar with HIPAA terms and vocabulary
  • Be familiar with all HIPAA Security Requirements
  • Understand how to interpret HIPAA Requirements in the broader context of IT Security

Setup

  • None

Text

  • Course Workbook

Prerequisites

  • None

Outline

Topic 1:     Introduction

  • Welcome
  • Motivation
  • Objectives
  • Terms and Concepts
  • HIPAA Applicability
  • HIPAA Compliance
  • Course Overview
  • HIPAA Requirements Overview
  • Required vs. Addressable Specifications

Topic 2:     IT Security Concepts and Terms

  • Malware
  • Vulnerabilities, Threats, and Attacks
  • Vulnerabilities and Threats
  • Countermeasures
  • Policies and Procedures
  • Risks and Risk Management
  • Risk Analysis and Mitigation
  • Defense in Depth
  • Security Domains
  • Security vs. Convenience
  • Security Goals
  • Security Resources
  • Quiz

Topic 3:     Understanding IT Security Risk

  • Risk and Risk Management
  • Threats and Attacker Motivation
  • Internal Threats
  • Examples of IT Security Risk
  • Risk Valuation
  • Risk Analysis and Mitigation
  • HIPAA: Risk Analysis and Management
  • Quiz

Topic 4:     HIPAA Security: General Rules

  • Confidentiality, Integrity, and Availability
  • Threat Management
  • Governance
  • Flexibility of Approach
  • Quiz

Topic 5:     HIPAA Security: Administrative Safeguards

  • Standard: Security Management Process
  • Implementation Specifications
  • Risk Analysis
  • Risk Management
  • Sanction Policy
  • Information System Activity Review
  • Standard: Assigned Security Responsibility
  • Standard: Workforce Security
  • Implementation Specifications
  • Addressable Specifications
  • Standard: Information Access Management
  • Implementation Specifications
  • Isolating Healthcare Clearinghouse Functions
  • Addressable Specifications
  • Standard: Security Awareness and Training
  • Implementation Specifications
  • Addressable Specifications
  • Standard: Security Incident Procedures
  • Implementation Specifications
  • Incident Response and Reporting
  • Standard: Contingency Planning
  • Implementation Specifications
  • Data Backup
  • Disaster Recovery
  • Emergency Mode Operation
  • Addressable Specifications
  • Standard: Evaluation
  • Standard: Business Associate Contracts and Other Arrangements
  • Implementation Specifications
  • Written Contract or Other Arrangements
  • Quiz

Topic 6:     HIPAA Security: Physical Safeguards

  • Standard: Facilities Access Controls
  • Implementation Specifications
  • Addressable Specifications
  • Standard: Workstation Use
  • Standard: Workstation Security
  • Standard: Device and Media Controls
  • Implementation Specifications
  • (Electronic Media) Disposal
  • (Electronic Media) Reuse
  • Addressable Specifications
  • Quiz

Topic 7:     HIPAA Security: Technical Safeguards

  • Standard: Access Control
  • Implementation Specifications
  • Unique User Id
  • Emergency Access Procedure
  • Addressable Specifications
  • Standard: Audit Controls
  • Standard: Integrity
  • Implementation Specifications
  • Addressable Specifications
  • Standard: Person or Entity Authentication
  • Standard: Transmission Security
  • Implementation Specifications
  • Addressable Specifications
  • Quiz

Topic 8:     HIPAA Security: Organizational Requirements

  • Standard: Business Associate Contracts or Other Arrangements
  • Quiz

Topic 9:     HIPAA Security: Policies and Procedures

  • Standard: Policies and Procedures
  • Standard: Documentation
  • Implementation Specifications
  • Time Limit
  • Availability
  • Updates
  • Quiz

Appendix     Quiz Answers

Appendix     Additional Resources