|
The HealthcareEdu -
Health Plan Curriculum has six different TRACKS/ LEVELS to meet different training needs. Health
Plans can purchase any combination of these levels and will have their own "classroom" to customize
the training for their different categories of employees. They even will be able to tailor the
Policy Level courses in Privacy and Security to their own Policies and link their actual documents
to the student lessons. The curriculum is broken down into these 6 tracks so health plans have the
flexibility to train staff only on the LEVELS needed, thus eliminating training redundancies and
having to purchase curriculum on which staff has already been trained. For instance, if your staff
has already completed HIPAA Awareness training, the 200 and 300 LEVELS would be courses to be
assigned. Whereas, LEVEL 100 could be the cornerstone for your New Employee Orientation. This
customized training can be purchased for as few as 100 employees. For more information and pricing
contact us.
> LEVEL 100 - Awareness Training
> LEVEL 200 - Advanced Training
> LEVEL 300 - Customized Training to Company Policies and Procedures
> LEVEL 500 - Basic Security
> LEVEL 600 - Security Policies Training
> LEVEL 700 - Transactions and Code Set Standards
LEVEL 100 - Basic Training for Health Plans
The HealthcareEDU Basic Series is designed to introduce general privacy and security principles to
health plan staff affected by HIPAA requirements. The series includes lessons specific to health
plan settings, scenarios discussing important HIPAA concepts, and creative health plan tailored
interactive graphics.
HIPAA Privacy Basics-
HIPAA Privacy Basics for Health Plans familiarizes staff with the legal structure of HIPAA and its
corresponding Privacy, Security, and Transaction and Code Set Regulations. The introductory
principles of the Privacy Rule explain the types of organizations and professionals affected by
HIPAA, what information is protected, consequences of noncompliance, and the impact of the new
regulations on acute care facilities not related to health plan issues. Some of the lessons are:
| |
 |
|
HIPAA Background |
| |
|
|
Federal and State Laws |
| |
|
|
Persons or Entities Affected by HIPAA |
| |
|
|
HIPAA Privacy Rule |
| |
|
|
The HIPAA Security Rule |
| |
|
|
Major Elements of HIPAA Privacy |
| |
|
|
Why is the Privacy Rule Important |
| |
|
|
What the Privacy Rule Protects |
| |
|
|
What Happens If You Fail to Meet HIPAA Requirements |
| |
|
|
Impact of HIPAA on Health Plans |
| |
|
|
Protected Health Information (PHI) in Health Plans |
| |
|
|
Use of PHI in Health Plans |
| |
|
|
HIPAA Basics |
Top of Page
LEVEL 200 - Advanced Training for Health Plans
Health Plan Use and Disclosure of Protected Health Information-
Focuses on concepts related to the use and disclosure of protected health information. Students
learn when information can be shared with other health professionals and other organizations.
See lessons listed below:
| |
|
|
How to Use and Disclose Protected Health Information |
| |
|
|
What are Uses and Disclosures |
| |
|
|
Written Authorization and Verbal Consents for the Use and Disclosure of PHI |
| |
|
|
Authorization Core Elements and Requirements |
| |
|
|
When Authorizations Are Required |
| |
|
|
Ways PHI Can Be Disclosed |
| |
|
|
Requests for PHI |
| |
|
|
Reasonable Reliance |
| |
|
|
Restriction Agreements and Terminations |
| |
|
|
De-identification of Protected Health Information |
| |
|
|
Release of PHI Relating to Deceased Individuals |
| |
|
|
Personal Representatives |
| |
|
|
Disclosure of PHI to Consumer Reporting Agencies |
| |
|
|
Uses and Disclosures Where an Authorization is Required or Opportunity to Agree Object Is Not Required |
| |
|
|
Uses and Disclosures Required By Law |
| |
|
|
Five Categories of Public Health Authorities |
Protecting Patients' Rights in Health Plans-
Focuses on new rights patients are entitled to according to the Privacy Rule. Students learn that
patients have rights to access, change, and influence how their protected health information is
used and disclosed by health plans and other organizations. Lessons include:
| |
|
|
Patient Rights |
| |
|
|
Right of Access to PHI |
| |
|
|
Patient Requested Restrictions |
| |
|
|
Patient Requested Restrictions and Terminations |
| |
|
|
Confidential Communications and Disclosures |
| |
|
|
The Right to Amend PHI |
| |
|
|
Accepting an Amendment |
| |
|
|
Forwarding an Amendment |
| |
|
|
Soliciting Information from an Individual for the Identification of Others Who Need To |
| |
|
|
Be Informed of an Amendment |
| |
|
|
Amending an Individuals PHI |
| |
|
|
Identifying Information Relevant to an Amendment Request |
| |
|
|
Written Requests for Changes to PHI |
| |
|
|
Denying an Amendment Request |
| |
|
|
Activities That Must Take Place Once a Denial Has Taken Place |
| |
|
|
Accounting for Disclosures of PHI |
| |
|
|
Requirements for Accounting Statements |
| |
|
|
Processing Accountings Without Information About Disclosures To Health Oversight |
| |
|
|
Agencies or Law Enforcement Officials |
| |
|
|
Fees for Accounting |
| |
|
|
Exceptions to Accounting Statements |
| |
|
|
Patient's Rights to Make Complaints |
| |
|
|
Patient's Rights Summarized |
Health Plan Privacy Notices-
Describes the use of the notice of privacy practices, when patients should receive a notice of privacy, what
needs to be included within a notice, how to demonstrate that all patients are given a notice and
what to do when a patient refuses to acknowledge receipt of a notice. Lessons include:
| |
|
|
Individual Rights as They Apply to Privacy Notices |
| |
|
|
Patient's Rights to a Privacy Notice |
| |
|
|
Content of a Privacy Notice |
| |
|
|
Using Plain Language in a Privacy Notice |
| |
|
|
Using a Privacy Notice to Tell Patient's How Their PHI Will Be Used and Disclosed |
| |
|
|
Description of Provider and Health Plan Responsibilities As Part of a Privacy Notice |
| |
|
|
Contact Information and Effective Date as Part of a Privacy Notice |
| |
|
|
Optional Elements as Part of a Privacy Notice |
| |
|
|
Health Plan Responsibilities As Applicable To Provision of Privacy Notices |
| |
|
|
Multiple Health Plan Privacy Notices |
| |
|
|
Notice of Privacy Practices for PHI |
| |
|
|
Gaining a Privacy Notice Acknowledgement |
| |
|
|
Deal With Privacy Notice Acknowledgements During an Emergency |
| |
|
|
Electronic Distribution of Privacy Notices |
| |
|
|
Joint Privacy Notices by Separate Organizations |
| |
|
|
Privacy Notice Requirement Summary |
Conducting Health Plan Payment And Billing Activities-
Teaches students how the Privacy Rule affects payment and billing activities. Lessons focus on
topics such as handling of PHI for payment purposes, payment definition under the Privacy Rule and
the use of debt collection agencies. Lessons include:
| |
|
|
Payment Definition According to the Privacy Rule |
| |
|
|
Handling PHI for Payment Purposes |
| |
|
|
Disclosing Payment Information to Individuals Providing Assistance to a Patient |
| |
|
|
Use of Debt Collection Agencies |
| |
|
|
Collection of Payment from Parties Other Than the Patient |
Top of Page
LEVEL 300 - HIPAA Privacy Policies
Designed for the healthcare provider environment, the HealthcareEDU: Organizational Privacy Policies
Suite includes the following courses and lessons for focused training on the details of the
organization's policies for privacy.
General Policies for Use and Disclosure of PHI-
| |
|
|
HIPAA Privacy Practices: General Privacy / Confidentiality Policy |
| |
|
|
Authorization to Use or Disclose PHI |
| |
|
|
Requirements for a Valid Authorization Form |
| |
|
|
Verification of the Identity and Authorization of a Person Requesting Disclosure of PHI |
Minimum Necessary Rule for Use and Disclosure of PHI-
| |
|
|
Minimum Necessary Access to and Use of PHI |
| |
|
|
Process for Reviewing Routine and Non-Routine Uses and Disclosures of PHI |
| |
|
|
Requirements and Uses for De-Identification of PHI |
| |
|
|
Use of Limited Data Sets for Research, Public Health, and Health Care Operations |
Patient Rights Regarding their Own PHI-
| |
|
|
Notice of Privacy Practices and Acknowledging Receipt of the Notice |
| |
|
|
Requests for Disclosure of Individual's Own PHI |
| |
|
|
Requests to Amend Individual's Own PHI |
| |
|
|
Requests for Restriction of Disclosures of an Individual's PHI |
| |
|
|
Alternate Method of Contact - Right to Request Confidential Communications |
| |
|
|
Accounting of Disclosures of an Individual's PHI |
| |
|
|
Complaints About Privacy Practices |
Use and Disclosure Not Requiring Patient Authorization-
| |
|
|
Disclosures of PHI and Optional Participation in Patient Directories |
| |
|
|
Providing Medical Information to Family, Friends, or Others Directly Involved in a Patient's Care |
| |
|
|
Providing PHI to Personal Representatives |
| |
|
|
Disclosures of PHI as Required by Law, for Law Enforcement, Judicial and Administrative Proceedings, Public Health, Health Oversight, and Cooperating with a Federal Complaint Investigation |
| |
|
|
Disclosures of PHI About Victims of Child Abuse, Other Abuse, Neglect, or Domestic Violence |
| |
|
|
Allowable Disclosures to Avert a Serious Threat Requests for Uses and Disclosures of PHI During Emergencies |
| |
|
|
Requests for Uses and Disclosures of PHI During Emergencies |
| |
|
|
Disclosures of PHI Pertaining to Patients Who are Inmates |
| |
|
|
Uses and Disclosures Related to Deceased Individual |
Special Cases for Restriction of Use and Disclosure of PHI-
| |
|
|
Restrictions of Use and Disclosure of Separately Maintained Psychotherapy Notes |
| |
|
|
Uses and Disclosures of PHI in Research |
| |
|
|
Using PHI for Marketing and Fundraising Outreaches |
Organizational Issues and Safeguards-
| |
|
|
Non-Retaliation for Exercise of Privacy Rights (Including "Whistleblowers") |
| |
|
|
Designated Record Sets Used for Patient Access |
| |
|
|
Safeguards for Privacy Protection and Access to Protected Information |
| |
|
|
Document Retention Period - Documents Relating to Privacy or Security of PHI |
| |
|
|
Structure of Organizational Affiliation for Purposes of HIPAA Privacy Regulations |
| |
|
|
Use and Disclosure of Health Information Acquired Prior to Compliance Date for HIPAA > Privacy Regulations |
| |
|
|
Role of Privacy Officer |
| |
|
|
Training Requirements for Federal HIPAA Privacy Practices |
| |
|
|
Employee Sanctions for Compromising HIPAA Privacy or Security Regulations |
| |
|
|
Employer Policies Affected by HIPAA Privacy Regulations (OSHA and Worker's Compensation) |
| |
|
|
Employee Health Benefits Plans: HIPAA Privacy Requirements |
| |
|
|
Business Associates and Required Elements for a Business Associate Contract |
| |
|
|
Trading Partner Agreements |
The training suite is designed to coordinate with Phoenix Health Systems' HIPAAction: Privacy
Policies Templates Suite, a comprehensive planning tool for developing organizational privacy
policies; however, organizations will find that the HealthcareEDU: Organizational Privacy Policies
Suite can be used on its own as an effective eLearning solution to the HIPAA mandate for privacy
training.
LEVEL 500 - Basic Security for Health Plans
This course teaches staff working in healthcare environments the basic concepts of the Security
Rule and its application within the healthcare environment. The lessons teach how healthcare
organizations must ensure that practices are in place to protect the security of electronic
protected health information (ePHI). Students are helped to understand how simple security
precautions have considerable impact on ensuring that ePHI is being used and maintained in a
secure manner within an organization.
| |
|
|
The Security Of Electronic Protected Health Information |
| |
|
|
Examples Of EPHI |
| |
|
|
Security Practices |
| |
|
|
Security Safeguards |
| |
|
|
Reporting Security Risks To Security Officers |
| |
|
|
Your Organization’s Security Program |
| |
|
|
What Are Physical Safeguards? |
| |
|
|
Secure Work Environments |
| |
|
|
Security Of The EPHI You Handle |
| |
|
|
Accessing Organizational EPHI |
| |
|
|
Technology Risks |
| |
|
|
Organizational Security Maintenance |
| |
|
|
Password Maintenance |
| |
|
|
Computer Audits |
| |
|
|
Working Through Computer Challenges |
| |
|
|
Disposing EPHI (Electronic Protected Health Information) |
| |
|
|
My Responsibilities for Securing Protected Health Information (Summary of User Security Practices) |
LEVEL 600 - Security Policies for Health Plans
The courses in the advanced security policies suite provide in-depth lessons that relate to each of
the standards and implementation specifications contained in the HIPAA Security rule. Individual
courses address each of the main categories of safeguards for ePHI (Administrative, Physical and
Technical) and offer guidance on the intent of required safeguards and their practical applications
in the work environment. Three (3) courses in the suite are designed as workforce training for the
individual organizational policy related to the lesson topic. The suite also contains an
introductory course designed to be taken prior to the courses on safeguards and helps the student
understand the purpose of the training and organization of the HIPAA security regulations.
(See descriptions below for the Advanced Security Courses 1-4).
Introduction to HIPAA Security Policies for Workforce Members-
| |
|
|
Overview of HIPAA Security Rule Standards |
| |
|
|
The Purpose of Organizational Policies and Procedures for Security |
| |
|
|
General Requirements for Security |
| |
|
|
Why Do I Need to Take this Course? |
| |
|
|
My Individual Responsibility for Security of our Organization's ePHI |
Organizational Security Policies: Administrative Safeguards-
| |
|
|
Security Management Process |
| |
|
|
Risk Analysis |
| |
|
|
Risk Management |
| |
|
|
Employee Sanction Policy |
| |
|
|
Information System Activity Review |
| |
|
|
Assigned Security Responsibility |
| |
|
|
Workforce Security |
| |
|
|
Authorization and/or Supervision |
| |
|
|
Workforce Clearance Procedure |
| |
|
|
Termination Procedures |
| |
|
|
Information Access Management |
| |
|
|
Access Authorization |
| |
|
|
Access Establishment and Modification |
| |
|
|
Security Awareness & Training |
| |
|
|
Security Reminders |
| |
|
|
Protection from Malicious Software |
| |
|
|
Log-in Monitoring |
| |
|
|
Password Management |
| |
|
|
Security Incident Procedures |
| |
|
|
Response and Reporting |
| |
|
|
Contingency Plan |
| |
|
|
Data Backup Plan |
| |
|
|
Disaster Recovery Plan |
| |
|
|
Emergency Mode Operation Plan |
| |
|
|
Testing and Revision Procedure |
| |
|
|
Applications and Data Criticality Analysis |
| |
|
|
Evaluation |
| |
|
|
Business Associate Contracts & Other Arrangements/Written Contract |
Organizational Security Policies: Physical Safeguards-
| |
|
|
Facility Access Controls |
| |
|
|
Contingency Operations |
| |
|
|
Facility Security Plan |
| |
|
|
Access Control and Validation Procedures |
| |
|
|
Maintenance records |
| |
|
|
Workstation Use |
| |
|
|
Workstation Security |
| |
|
|
Device and Media Controls |
| |
|
|
Disposal |
| |
|
|
Media Re-use |
| |
|
|
Accountability |
| |
|
|
Data Backup and Storage |
Organizational Security Policies: Technical Safeguards-
| |
|
|
Access Control |
| |
|
|
Unique User Identification |
| |
|
|
Emergency Access Procedure |
| |
|
|
Automatic Logoff |
| |
|
|
Encryption and Decryption |
| |
|
|
Audit Controls |
| |
|
|
Integrity |
| |
|
|
Mechanism to Authenticate Electronic Protected Health Information |
| |
|
|
Person or Entity Authentication |
| |
|
|
Transmission Security |
| |
|
|
Integrity Controls |
| |
|
|
Encryption |
LEVEL 700 - Transactions and Code Sets Standards for Health Plans
The HIPAA legislation maintained the "adopting national standard EDI formats for health care
transactions would greatly decrease the burden on health care providers and their billing services,
as would standardized data content." Understanding The HIPAA Transactions and Code Sets Regulations
discusses the purpose of the HIPAA transaction and code set regulation. Students will learn how the
business of providing health care will change to comply with the TCS regulations, gain a general
understanding of the application of the new Transactions and Code Sets Standards, know where to obtain
important implementation information, and review the benefits of TCS for providers.
| |
|
|
Why Am I Taking This Course? |
| |
|
|
Review Of The HIPAA Legislation |
| |
|
|
Understanding Administrative Simplification |
| |
|
|
The HIPAA Promise |
| |
|
|
The HIPAA Transactions And Code Sets Mandate |
| |
|
|
Purpose Of TCS Regulation |
| |
|
|
Requirements Of The TCS Standards |
| |
|
|
Implementation Of The TCS Regulations |
| |
|
|
What Are The HIPAA Standard Transactions? |
| |
|
|
Enrollment And Disenrollment In A Health Plan Transaction (834) |
| |
|
|
Health Plan Premium Payment Transaction (820) |
| |
|
|
Eligibility For A Health Plan Transaction (270/271) |
| |
|
|
Referral Certification And Authorization Transaction (278) |
| |
|
|
Health Care Claims Or Equivalent Encounter Information Transaction (837) |
| |
|
|
Claims Status Request And Response Transactions (276/277) |
| |
|
|
Health Care Payment And Remittance Advice Transaction (835) |
| |
|
|
Coordination Of Benefits Transaction (837) |
| |
|
|
Understanding the Relationships Among the Standard HIPAA Transaction |
| |
|
|
What Does “Standard Code Set” Mean? |
| |
|
|
HIPAA Approved Medical Code Sets |
| |
|
|
What About Local Codes? |
| |
|
|
HIPAA Approved Non-Medical Code Sets |
| |
|
|
Additions To Standard Code Sets |
| |
|
|
National Correct Coding Initiative |
| |
|
|
What Are The HIPAA Required Unique Identifiers? |
| |
|
|
HIPAA Approved Unique Identifiers |
| |
|
|
Pending Unique Identifiers |
| |
|
|
Unique Identifiers Being Reconsidered |
| |
|
|
What Does Adopting The TCS Standards Do For Providers? |
| |
|
|
Opportunities For Providers Resulting From TCS Implementation |
| |
|
|
Where Can I Turn For Information About Being Compliant With The HIPAA TCS Requirements? |
Top of Page
|
