|
The Healthcareedu -
Health Care Organization Curriculum has six different TRACKS/ LEVELS to meet different training
needs. Health Care Organizations can purchase any combination of these levels and will have
their own "classroom" to customize the training for their different categories of employees. They
even will be able to tailor the Policy Level courses in Privacy and Security to their own Policies
and link their actual documents to the student lessons. The curriculum is broken down into these 6
tracks so healthcare organizations have the flexibility to train staff only on the LEVELS needed,
thus eliminating training redundancies and having to purchase curriculum staff has already been
trained on. For instance, if your staff has already completed HIPAA Awareness training, the 200
and 300 LEVELS would be appropriate courses to take. Whereas, LEVEL 100 could be the cornerstone
for your New Employee Orientation. This customized training can be purchased for as few as 100
employees. For more information and pricing
contact us.
> LEVEL 100 - Awareness Training
> LEVEL 200 - Advanced Training
> LEVEL 300 - Customized Training to Company Policies and Procedures
> LEVEL 500 - Basic Security
> LEVEL 600 - Security Policies Training
> LEVEL 700 - Transactions and Code Set Standards
LEVEL 100 - Basic Training for Healthcare Organizations
The HealthcareEDU Basic
Series is designed to introduce general privacy and security principles to healthcare organization staff
affected by HIPAA requirements. The series includes lessons for health care organizations,
scenarios discussing important HIPAA concepts, and creative interactive graphics.
HIPAA Privacy Basics-
HIPAA Privacy Basics for Health Care Organizations familiarizes staff with the legal structure of
HIPAA and its corresponding Privacy, Security, and Transaction and Code Set Regulations. The
introductory principles of the Privacy Rule explain the types of organizations and professionals
affected by HIPAA, what information is protected, consequences of noncompliance, and the impact of
the new regulations on acute care facilities. Some of the lessons are:
| |
 |
|
HIPAA Background |
| |
|
|
Federal and State Laws |
| |
|
|
Persons or Entities Affected by HIPAA |
| |
|
|
HIPAA Privacy Rule |
| |
|
|
The HIPAA Security |
| |
|
|
Major Elements of HIPAA Privacy |
| |
|
|
Why the Privacy Rule Is Important |
| |
|
|
What the Privacy Rule Protects |
| |
|
|
What Happens If You Fail to Meet HIPAA Requirements |
| |
|
|
Impact of HIPAA on Health Care Organizations |
| |
|
|
Protected Health Information (PHI) in Health Care Organizations |
| |
|
|
Use of PHI in Health Care Organizations |
| |
|
|
HIPAA Basics |
LEVEL 200 - Advanced Training for Health Care Organizations
Health Care Organizations' Use and Disclosure of Protected Health Information-
Focuses on concepts related to the use and disclosure of protected health information. Students
learn when information can be shared with other health professionals and other
organizations. See lessons listed below:
| |
|
|
How to Use and Disclose Protected Health Information |
| |
|
|
What are Uses and Disclosures |
| |
|
|
Written Authorization and Verbal Consents for the Use and Disclosure of PHI |
| |
|
|
Core Elements and Requirements |
| |
|
|
When Authorizations Are Required |
| |
|
|
Ways PHI Can Be Disclosed |
| |
|
|
Requests for PHI |
| |
|
|
Reasonable Reliance |
| |
|
|
Restriction Agreements and Terminations |
| |
|
|
De-identification of Protected Health Information |
| |
|
|
Release of PHI Relating to Deceased Individuals |
| |
|
|
Personal Representatives |
| |
|
|
Disclosure of PHI to Consumer Reporting Agencies |
| |
|
|
Uses and Disclosures Where an Authorization is Required or Opportunity to Agree Object Is Not Required |
| |
|
|
Uses and Disclosures Required By Law |
| |
|
|
Five Categories of Public Health Authorities |
Patients' Rights in Health Care Organizations
Patients' Rights in Health Care Organizations focuses on new rights patients are entitled to
according to the Privacy Rule. Students learn that patients have rights to access, change, and
influence how their protected health information is used and disclosed by Healthcare Organizations and other
organizations.
| |
|
|
Patient Rights |
| |
|
|
Right of Access to PHI |
| |
|
|
Patient Requested Restrictions |
| |
|
|
Patient Requested Restrictions and Terminations |
| |
|
|
Confidential Communications and Disclosures |
| |
|
|
The Right to Amend PHI |
| |
|
|
Accepting an Amendment |
| |
|
|
Forwarding an Amendment |
| |
|
|
Soliciting Information from an Individual for the Identification of Others Who Need To Be Informed of an Amendment |
| |
|
|
Amending an Individuals PHI |
| |
|
|
Identifying Information Relevant to an Amendment Request |
| |
|
|
Written Requests for Changes to PHI |
| |
|
|
Denying an Amendment Request |
| |
|
|
Activities That Must Take Place Once a Denial Has Taken Place |
| |
|
|
Accounting for Disclosures of PHI |
| |
|
|
Requirements for Accounting Statements |
| |
|
|
Processing Accountings Without Information About Disclosures To Health Oversight Agencies or Law Enforcement Officials |
| |
|
|
Fees for Accounting |
| |
|
|
Exceptions to Accounting Statements |
| |
|
|
Patient's Rights to Make Complaints |
| |
|
|
Patient's Rights Summarized |
Distributing Privacy Notices In Health Care Organizations
Distributing Privacy Notices In Health Plan Organizations teaches Health Plan staff how to use a
notice of privacy practices, when patients should receive a notice of privacy, what needs to be included
within a notice, how to demonstrate that all patients are given a notice and what to do when a
patient refuses to acknowledge receipt of a notice.
| |
|
|
Individual Rights as They Apply to Privacy Notices |
| |
|
|
Patient's Rights to a Privacy Notice |
| |
|
|
Content of a Privacy Notice |
| |
|
|
Using Plain Language in a Privacy Notice |
| |
|
|
Using a Privacy Notice to Tell Patient's How Their PHI Will Be Used and Disclosed |
| |
|
|
Description of Provider and Health Plan Responsibilities As Part of a Privacy Notice |
| |
|
|
Contact Information and Effective Date as Part of a Privacy Notice |
| |
|
|
Optional Elements as Part of a Privacy Notice |
| |
|
|
Notice of Privacy Practices for PHI |
| |
|
|
Gaining a Privacy Notice Acknowledgement |
| |
|
|
Deal With Privacy Notice Acknowledgements During an Emergency |
| |
|
|
Electronic Distribution of Privacy Notices |
| |
|
|
Joint Privacy Notices by Separate Organizations |
| |
|
|
Privacy Notice Requirement Summary |
Health Care Organization Payment And Billing Activities
Health Care Organization Payment And Billing Activities teaches students how the Privacy Rule
affects payment and billing activities. Lessons focus on topics such as handling of PHI for payment
purposes, payment definition under the privacy rule and the use of debt collection agencies.
| |
|
|
Payment Definition According to the Privacy Rule |
| |
|
|
Handling PHI for Payment Purposes |
| |
|
|
Disclosing Payment Information to Individuals Providing Assistance to a Patient |
| |
|
|
Use of Debt Collection Agencies |
| |
|
|
Collection of Payment from Parties Other Than the Patient |
LEVEL 300 - HIPAA Privacy Policies
Designed for the healthcare provider environment, the
HealthcareEDU:
Organizational Privacy Policies Suite includes the following courses and lessons for focused
training on the details of the organization's policies for privacy.
General Policies for Use and Disclosure of PHI
| |
|
|
HIPAA Privacy Practices: General Privacy / Confidentiality Policy |
| |
|
|
Authorization to Use or Disclose PHI |
| |
|
|
Requirements for a Valid Authorization Form |
| |
|
|
Verification of the Identity and Authorization of a Person Requesting Disclosure of PHI |
Minimum Necessary Rule for Use and Disclosure of PHI
| |
|
|
Minimum Necessary Access to and Use of PHI |
| |
|
|
Process for Reviewing Routine and Non-Routine Uses and Disclosures of PHI |
| |
|
|
Requirements and Uses for De-Identification of PHI |
| |
|
|
Use of Limited Data Sets for Research, Public Health, and Health Care Operations |
Patient Rights Regarding their Own PHI
| |
|
|
Notice of Privacy Practices and Acknowledging Receipt of the Notice |
| |
|
|
Requests for Disclosure of Individual's Own PHI |
| |
|
|
Requests to Amend Individual's Own PHI |
| |
|
|
Requests for Restriction of Disclosures of an Individual's PHI |
| |
|
|
Alternate Method of Contact - Right to Request Confidential Communications |
| |
|
|
Accounting of Disclosures of an Individual's PHI |
| |
|
|
Complaints About Privacy Practices |
Use and Disclosure Not Requiring Patient Authorization
| |
|
|
Disclosures of PHI and Optional Participation in Patient Directories |
| |
|
|
Providing Medical Information to Family, Friends, or Others Directly Involved in a Patient's Care |
| |
|
|
Providing PHI to Personal Representatives |
| |
|
|
Disclosures of PHI as Required by Law, for Law Enforcement, Judicial and Administrative Proceedings, Public Health, Health Oversight, and Cooperating with a Federal Complaint Investigation |
| |
|
|
Disclosures of PHI About Victims of Child Abuse, Other Abuse, Neglect, or Domestic Violence |
| |
|
|
Allowable Disclosures to Avert a Serious Threat Requests for Uses and Disclosures of PHI During Emergencies |
| |
|
|
Requests for Uses and Disclosures of PHI During Emergencies |
| |
|
|
Disclosures of PHI Pertaining to Patients Who are Inmates |
| |
|
|
Uses and Disclosures Related to Deceased Individual |
Special Cases for Restriction of Use and Disclosure of PHI
| |
|
|
Restrictions of Use and Disclosure of Separately Maintained Psychotherapy Notes |
| |
|
|
Uses and Disclosures of PHI in Research |
| |
|
|
Using PHI for Marketing and Fundraising Outreaches |
Organizational Issues and Safeguards
| |
|
|
Non-Retaliation for Exercise of Privacy Rights (Including "Whistleblowers") |
| |
|
|
Designated Record Sets Used for Patient Access |
| |
|
|
Safeguards for Privacy Protection and Access to Protected Information |
| |
|
|
Document Retention Period - Documents Relating to Privacy or Security of PHI |
| |
|
|
Structure of Organizational Affiliation for Purposes of HIPAA Privacy Regulations |
| |
|
|
Use and Disclosure of Health Information Acquired Prior to Compliance Date for HIPAA Privacy Regulations |
| |
|
|
Role of Privacy Officer |
| |
|
|
Training Requirements for Federal HIPAA Privacy Practices |
| |
|
|
Employee Sanctions for Compromising HIPAA Privacy or Security Regulations |
| |
|
|
Employer Policies Affected by HIPAA Privacy Regulations (OSHA and Worker's Compensation) |
| |
|
|
Employee Health Benefits Plans: HIPAA Privacy Requirements |
| |
|
|
Business Associates and Required Elements for a Business Associate Contract |
| |
|
|
Trading Partner Agreements |
The training suite is designed to coordinate with Phoenix Health Systems'
HIPAAction: Privacy Policies Templates Suite, a comprehensive planning tool for developing
organizational privacy policies; however, organizations will find that the HealthcareEDU: Organizational
Privacy Policies Suite can be used on its own as an effective eLearning solution to the HIPAA
mandate for privacy training.
LEVEL 500 - Basic Security for Healthcare Organizations
This course teaches staff working in healthcare environments the basic concepts of the Security
Rule and its application within the healthcare environment. The lessons teach how healthcare
organizations must ensure that practices are in place to protect the security of electronic
protected health information (ePHI). Students are helped to understand how simple security
precautions have considerable impact on ensuring that ePHI is being used and maintained in a
secure manner within an organization.
| |
|
|
The Security Of Electronic Protected Health Information |
| |
|
|
Examples Of EPHI |
| |
|
|
Security Practices |
| |
|
|
Security Safeguards |
| |
|
|
Reporting Security Risks To Security Officers |
| |
|
|
Your Organization’s Security Program |
| |
|
|
What Are Physical Safeguards? |
| |
|
|
Secure Work Environments |
| |
|
|
Security Of The EPHI You Handle |
| |
|
|
Accessing Organizational EPHI |
| |
|
|
Technology Risks |
| |
|
|
Organizational Security Maintenance |
| |
|
|
Password Maintenance |
| |
|
|
Computer Audits |
| |
|
|
Working Through Computer Challenges |
| |
|
|
Disposing EPHI (Electronic Protected Health Information) |
| |
|
|
My Responsibilities for Securing Protected Health Information (Summary of User Security Practices) |
LEVEL 600 - Security Policies for Healthcare Organizations
The courses in the advanced security policies suite provide in-depth lessons that relate to each of
the standards and implementation specifications contained in the HIPAA Security rule. Individual
courses address each of the main categories of safeguards for ePHI (Administrative, Physical and
Technical) and offer guidance on the intent of required safeguards and their practical applications
in the work environment. Three (3) courses in the suite are designed as workforce training for the
individual organizational policy related to the lesson topic. The suite also contains an
introductory course designed to be taken prior to the courses on safeguards and helps the student
understand the purpose of the training and organization of the HIPAA security regulations.
(See descriptions below for the Advanced Security Courses 1-4).
Introduction to HIPAA Security Policies for Workforce Members-
| |
|
|
Overview of HIPAA Security Rule Standards |
| |
|
|
The Purpose of Organizational Policies and Procedures for Security |
| |
|
|
General Requirements for Security |
| |
|
|
Why Do I Need to Take this Course? |
| |
|
|
My Individual Responsibility for Security of our Organization's ePHI |
Organizational Security Policies: Administrative Safeguards-
| |
|
|
Security Management Process |
| |
|
|
Risk Analysis |
| |
|
|
Risk Management |
| |
|
|
Employee Sanction Policy |
| |
|
|
Information System Activity Review |
| |
|
|
Assigned Security Responsibility |
| |
|
|
Workforce Security |
| |
|
|
Authorization and/or Supervision |
| |
|
|
Workforce Clearance Procedure |
| |
|
|
Termination Procedures |
| |
|
|
Information Access Management |
| |
|
|
Access Authorization |
| |
|
|
Access Establishment and Modification |
| |
|
|
Security Awareness & Training |
| |
|
|
Security Reminders |
| |
|
|
Protection from Malicious Software |
| |
|
|
Log-in Monitoring |
| |
|
|
Password Management |
| |
|
|
Security Incident Procedures |
| |
|
|
Response and Reporting |
| |
|
|
Contingency Plan |
| |
|
|
Data Backup Plan |
| |
|
|
Disaster Recovery Plan |
| |
|
|
Emergency Mode Operation Plan |
| |
|
|
Testing and Revision Procedure |
| |
|
|
Applications and Data Criticality Analysis |
| |
|
|
Evaluation |
| |
|
|
Business Associate Contracts & Other Arrangements/Written Contract |
Organizational Security Policies: Physical Safeguards-
| |
|
|
Facility Access Controls |
| |
|
|
Contingency Operations |
| |
|
|
Facility Security Plan |
| |
|
|
Access Control and Validation Procedures |
| |
|
|
Maintenance records |
| |
|
|
Workstation Use |
| |
|
|
Workstation Security |
| |
|
|
Device and Media Controls |
| |
|
|
Disposal |
| |
|
|
Media Re-use |
| |
|
|
Accountability |
| |
|
|
Data Backup and Storage |
Organizational Security Policies: Technical Safeguards-
| |
|
|
Access Control |
| |
|
|
Unique User Identification |
| |
|
|
Emergency Access Procedure |
| |
|
|
Automatic Logoff |
| |
|
|
Encryption and Decryption |
| |
|
|
Audit Controls |
| |
|
|
Integrity |
| |
|
|
Mechanism to Authenticate Electronic Protected Health Information |
| |
|
|
Person or Entity Authentication |
| |
|
|
Transmission Security |
| |
|
|
Integrity Controls |
| |
|
|
Encryption |
LEVEL 700 - Transactions and Code Sets Standards for Healthcare Organizations
The HIPAA legislation maintained the "adopting national standard EDI formats for health care
transactions would greatly decrease the burden on health care providers and their billing services,
as would standardized data content." Understanding The HIPAA Transactions and Code Sets Regulations
discusses the purpose of the HIPAA transaction and code set regulation. Students will learn how the
business of providing health care will change to comply with the TCS regulations, gain a general
understanding of the application of the new Transactions and Code Sets Standards know where to obtain
important implementation information, and review the benefits of TCS for providers.
| |
|
|
Why Am I Taking This Course? |
| |
|
|
Review Of The HIPAA Legislation |
| |
|
|
Understanding Administrative Simplification |
| |
|
|
The HIPAA Promise |
| |
|
|
The HIPAA Transactions And Code Sets Mandate |
| |
|
|
Purpose Of TCS Regulation |
| |
|
|
Requirements Of The TCS Standards |
| |
|
|
Implementation Of The TCS Regulations |
| |
|
|
What Are The HIPAA Standard Transactions? |
| |
|
|
Enrollment And Disenrollment In A Health Plan Transaction (834) |
| |
|
|
Health Plan Premium Payment Transaction (820) |
| |
|
|
Eligibility For A Health Plan Transaction (270/271) |
| |
|
|
Referral Certification And Authorization Transaction (278) |
| |
|
|
Health Care Claims Or Equivalent Encounter Information Transaction (837) |
| |
|
|
Claims Status Request And Response Transactions (276/277) |
| |
|
|
Health Care Payment And Remittance Advice Transaction (835) |
| |
|
|
Coordination Of Benefits Transaction (837) |
| |
|
|
Understanding the Relationships Among the Standard HIPAA Transactions |
| |
|
|
What Does “Standard Code Set” Mean? |
| |
|
|
HIPAA Approved Medical Code Sets |
| |
|
|
What About Local Codes? |
| |
|
|
HIPAA Approved Non-Medical Code Sets |
| |
|
|
Additions To Standard Code Sets |
| |
|
|
National Correct Coding Initiative |
| |
|
|
What Are The HIPAA Required Unique Identifiers? |
| |
|
|
HIPAA Approved Unique Identifiers |
| |
|
|
Pending Unique Identifiers |
| |
|
|
Unique Identifiers Being Reconsidered |
| |
|
|
What Does Adopting The TCS Standards Do For Providers? |
| |
|
|
Opportunities For Providers Resulting From TCS Implementation |
| |
|
|
Where Can I Turn For Information About Being Compliant With The HIPAA TCS Requirements? |
Copyright 2004 Health Professor, Inc. and Phoenix Health Systems. All Rights Reserved
|
