HIPAA & HITECH Part 2: Complaints & Breaches
What you'll learn
- How to handle HIPAA and HITECH complaints and breaches
Requirements
- Student should have taken Part 1: Policies and Procedures
Description
Despite best efforts - errors, workforce non-compliance, complaints and breaches do occur. HIPAA and HITECH impose the duty to monitor and resolve these issues in a mandated timeframe. The complaint and breach report process addressed in Part 2 outlines the elements of this key administrative safeguard and incorporates the HITECH risk assessment and notification requirements of the HIPAA Omnibus Rule.
Section 1: Health Information Management – It is the responsibility of the Covered Entity to document, investigate, and resolve all complaints and breaches that come to its attention in a timely manner as well as the responsibility of privacy and security officers to implement this safeguard. Business Associates are an element of and accountable to the Covered Entity in its Health Information Management process.
Section 2: Complaint Management Process – This section provides an outline of the elements of the administrative safeguard requiring the investigation of HIPAA complaints in a timely manner. It provides a template to guide development of a complaint report and investigation process and a template for a Privacy and Security Complaint Policy with sample complaint forms. Documentation developed form this section can be produced in an OCR audit to demonstrate the Covered Entity's/Business Associate's compliance efforts.
Section 3: Breach Management and Reporting – The HIPAA Omnibus Rule requires the documentation and investigation of all breaches and security incidents ("breaches") in a timely manner, and has outlined specific exceptions which fall outside of the breach notification requirement. This section provides a template to guide the development of a breach report and investigation process, as well as how to identify exceptions to the notification requirement; guidance about the required elements for a breach notification letter with a sample breach notification letter, and a template for a Privacy and Security Complaint Policy with sample complaint forms. Documents developed from this section can be produced in an OCR audit to demonstrate the Covered Entity's/Business Associate's compliance efforts.
Section 4: Sanctions, Workforce Training, and Case Studies - This section focuses on the liability of the Covered Entity, Business Associate and/or individual employees for non-compliance and violations.Case studies taken from actual HHS investigations demonstrate the regulatory oversight required and sanctions into the hundreds of thousands of dollars assessed for non-compliance to date.Accountability is an essential aspect of a Compliance Plan and meaningful workforce training programs.
Who this course is for:
- Anyone responsible for implementing a HIPAA and HITECH Compliance Plan in their organization
Instructor
Merit Career Development has helped thousands of people around the world increase their knowledge, improve their skills, and enrich their lives through tailored training.
Why we do what we do
With our depth and breadth of education and experience, we believe that we can change your world for the better through training. We are a team of professionals who have learned from decades of experience that knowledge is power. We believe it is the power to change the world. We are dedicated to a mission of sharing knowledge through high quality training offered where and when it can make the greatest impact. Our goal is to fill the broadly recognized skills gap in the workplace. This is why we do what we do.