VEChannel Event Profile

Implementing the New HIPAA Security Standards

The final HIPAA Security Rules affecting the transmission of Electronic Protected Health Information (EPHI) were released on February 20, 2003 by a division of the Department of Health and Human Services. The rules apply to all health plans, including medical, dental, and Health FSAs, and they go into effect on April 20, 2005 (2006 for plans with annual receipts less than or equal to $5 million). Whereas the Privacy Rules apply to PHI in any form, the Security Standards cover EPHI that is in storage or is being transmitted. With respect to one or more of your health plans, including Health FSAs, do you transmit, or even store, PHI electronically (e.g., on a server, PC or laptop, the Internet, an Intranet, or electronic media storage device such as disks or tapes)? If you answered "yes" to any of these questions, you will have to comply with the security standards rules, beginning with a mandatory risk analysis followed by the development of compliant "administrative, technical, and physical safeguards" that will protect the "confidentiality, integrity, and availability" of EPHI. And, unlike the HIPAA Privacy Rules, there are no exceptions for fully insured plans or small, selfadministered plans. This 90minute webcast will present the practical steps that a health plan sponsor needs to take to comply with the rules. The rules provide detailed implementation specifications that are to be used by the covered entity to comply with the standards. The specifications are considered to be either "required" or "addressable" (the term "addressable" does not mean that the plan sponsor can ignore the standard). Compliance will require that plan sponsors appoint a security officer and complete and document a risk analysis that addresses the following questions: >ul> Do you have any systems that house EPHI or are used to transmit EPHI, including email systems? Are there any known or possible threats to the information including natural (floods, fires, water pipe breaks) and human (hackers, disgruntled employees) threats? How vulnerable is each system to the identified threats? What impact would the loss of information or unauthorized use/disclosure have on your organization? Do you have work station security rules and procedures for employees who use PHI? Are your employees aware of the importance of following your security procedures? Has your staff training taken place and been documented? Have you planned for ongoing training, as required? Have you documented your risk analysis using the 18 security standards (these will be detailed in the webcast)? Have you discussed the amendments required in the Business Associate Agreement with your Business Associate? While the 5 month (or 17 month) timeframe for compliance may seem like plenty of time, this can be a much larger task for many plans than is perceived. And, as with everything related to privacy, there are financial risks associated with the failure to comply. Start your compliance initiatives now by attending this informative webcast. Cant Attend The Live Version? No problem! You can view the exact same presentation as many times as you like up to February 18, 2005! Simply click the "Add To Cart" button below to enroll. You will then be sent a link to view the presentation and an email with a copy of the presentation slides and a guide highlighting the changes. Webcast Materials Every registrant will receive copies of the presentation slides, sample notices and other handout materials, unlimited access to the archived version of the webcast for up to three months from the date of the live presentation, and, following the webcast, a copy of all of the questions submitted during the webcast along with the answers to the questions.

View This Event