HIPAA Security Basics

Duration: 60 Minutes
Instructor: Brian Freedman
Webinar Id: 801310


One Attendee
Unlimited Attendees ?

In this webinar speaker will provide a brief overview of Information Security, and Importance of security and recent breaches and the outcomes, also learn about the HIPAA Security Rule and learn the basics of what you need to do to become compliant, the major goal of the Hipaa Security Rule is to protect the privacy of individual's health information.


The webinar will a primer for the HIPAA Security Rule going over the basics of what is necessary to achieve compliance. The first section will discuss what the Security Rule is and where it came from, who must comply, and what information has to be protected. Having this information should set the stage to validate how critical ePHI is and who is responsible for maintaining its security.

The second section will provide a brief overview of Information Security. A focus will be made on what confidentiality, integrity, and availability and the idea of the CIA Triad. A quick look at the importance of security and recent breaches and the outcomes.

The third section will dive into the Security Rule administrative, physical, and technical safeguards with a look at each of the implementation specifications as follows with examples of what is necessary to be considered compliant in that area.

The forth section will discuss the importance of understanding the Omnibus and Breach Notification Rules. Then lastly a look at some additional resources are out on the Internet that can help with your Security Rule compliance efforts.

Why should you Attend: Do you need to know more about the HIPAA Security Rule? Is your organization even compliant? Do you have the correct policies and procedures in place? When did you have a risk assessment last and was it actually a true assessment? What would you do if you had a disaster and when was the last time you tested your contingency plan? These are just some of the questions you should already understand and have answers.

The HIPAA Security Rule created national standards and safeguards to protect individuals' personal health information that is created, used, maintained, or used for treatment, payments, and healthcare operations. These safeguards must be implemented to protect the confidentiality, integrity, and availability of ePHI that is created, received, maintained, or transmitted. Unlike other regulations, the Security Rule does not specify how the safeguards are implemented but what is required to protect ePHI.

Come learn about the HIPAA Security Rule and learn the basics of what you need to do to become compliant. The webinar will break down the Security Rule in an easy way to understand what should already be in place or needs remediation within your organization. A review will be performed on of the details of the administrative, physical, and technical safeguards needed to protect your organization. In addition, the Omnibus Rule and the Breach Notification rule will be discussed. With the amount of information out on the Internet we will look at additional resources that are available to help you with your HIPAA Security Rule compliance efforts.

Areas Covered in the Session:

  • What is the HIPAA Security Rule?
  • Who must comply?
  • What information has to be protected?
  • Enforcement and Penalties for Noncompliance
  • Overview of Security - Confidentiality, Integrity, Availability
  • Importance of Security
  • Rules of the Security Rule
  • HIPAA Security Rule Safeguards
  • Administrative Safeguards
    • Security Management Process
    • Assigned Security Responsibility
    • Workforce Security
    • Information Access Management
    • Security Awareness and Training
    • Security Incident Procedures
    • Contingency Plan
    • Evaluation
    • Business Associate Contracts and Other Arrangements
  • Physical Safeguards
    • Facility Access and Control
    • Workstation Use
    • Workstation Security
    • Device and Media Controls
  • Technical Safeguards
    • Access Controls
    • Audit Controls
    • Integrity Controls
    • Person or Entity Authentication
    • Transmissions Security
    • Organizational Requirements
    • Business Associate Contracts & Other Arrangements
    • Requirements for Group Health Plans
  • Policies, Procedures and Documentation Requirements
  • Omnibus Rule
  • Breach Notification Rule
  • Additional Resources

Who Will Benefit:
  • Providers
  • Health Care Professionals
  • Future Compliance Officers
  • Business Associates that Work with Providers and/or Hospitals

Speaker Profile
Brian Freedman , MS, CISSP, PMP, CHCO has earned his Masters of Science in Information Systems and has over 20 years working in IT and Information Assurance. Mr. Freedman leverages deep project management and technical experience in order to lead key elements to several Health-Information Technology (IT), Privacy and Security initiatives.

Mr. Freedman has hands-on experience with both the public and private sector healthcare networks and systems: He has worked at one of South Carolina's largest independent physicians practice, as its CIO and Information Technology Director. In his role as CIO, he was responsible for the oversight of all operational and technology functions for 33 Primary Care Physician offices and Specialist clinics. He served as the HIPAA Compliance Officer and managed a team of IT specialists in support of electronic medical records and practice management systems. He drafted and/or rewrote all related policies and procedures for the HIPAA final rule, and designed and delivered a HIPAA training program to more than 650 employees. Mr. Freedman also created and implemented an annual risk management / analysis program to focus on both HIPAA and Meaningful Use compliance. The risk management program developed by Mr. Freedman has provided the practice with a continuous risk management program.

He has co-authored a book on PCI Compliance and is the Technical Editor of a handbook on IT Regulatory and Standards Compliance. In addition, Mr. Freedman is an Adjunct Instructor for the Department of Network Systems Management at a local Technical College where he teaches classes in Information Systems, Networking, Information Assurance, and Regulatory Compliance (HIPAA and PCI). He holds some of the leading industry certifications from Microsoft and Cisco. He is also a CISSP, PMP, and is a Certified HIPAA Compliance Officer (CHCO).

You Recently Viewed