Certified HIPAA Security Expert (CHSE)

Course Learning Objectives: 
Chapter 1 - HIPAA Basics

• Understand the purpose for HIPAA legislation
• Review the HIPAA Administrative Simplification title
• Review non-compliance penalties (civil and criminal)
• Review key organizations associated with administering HIPAA Administrative Simplification provisions
• Review HIPAA-related terminology and definitions

 Chapter 2 - Transactions & Code Sets Overview

• Understand motivation and drivers behind requiring HIPAA standard transactions and code sets

 Chapter 3 - Transactions – ANSI X12 and NCPDP

• Examine the ANSI ASC X12 & NCPDP transactions

 Chapter 4 - Code Sets & National Identifiers

• Understand the code sets approved for use with HIPAA-covered transactions
• Understand national identifiers that have been adopted or may be adopted to identify entities or individuals under HIPAA-covered transactions

 Chapter 5 - HIPAA and Health Data – Security & Privacy Requirements

• Describe how HIPAA relates to health information exchange
• Identify the steps for compliance with the HIPAA Privacy Rule
• Identify the steps for compliance with the HIPAA Security Rule
• Review compliance framework

 Chapter 6 - HIPAA Privacy Rule

• Understand the core requirements, key terms, and concepts of the Privacy Rule

Chapter 7 - HIPAA Security Rule - Overview

• Describe the scope of the HIPAA Security Rule.
• Understand threats and attacks health care that cause enterprise to be vulnerable.
• Define key security terminology, concepts, and categories
• Describe administrative safeguard implementation specifications.
• Describe physical safeguard implementation specifications.
• Explain technical safeguard implementation specifications.
• Describe organizational requirements.
• Describe the policies and procedural standards, as well as the documentation standards.

Chapter 8 - HIPAA Security Rule – Threats and Technology Options

• Identify technical/electronic threats to the health care enterprise
• Explain security technology and electronic protection options that may meet Security Rule and Privacy Rule security provisions compliance requirements

Chapter 9 - Advanced Administrative Safeguards

• Describe the requirements for the Security Awareness and Training standard.
• Explain the requirements for the Security Incident Procedures standard.
• Describe the requirements for the Contingency Plan standard.
• Describe the requirements for the Evaluation standard.
• Describe the Business Associate Contract and Other Written Arrangements standard.

Chapter 10 - Physical Safeguards Overview

• Explain key steps for a physical safeguard assessment based on the HIPAA Privacy Rule

Chapter 11 - Advanced Physical Safeguards

• Describe physical safeguard requirements
• Review facility access control
• Describe workstation use and security standards
• Describe required and example policies, procedures and practices to reasonably ensure appropriate physical safeguards have been implemented

Chapter 12 - Physical Safeguards – Data & Media Management

• Describe requirements for device and media controls

Chapter 13 - Security Technical Safeguards Overview

• Describe the Security Rule defined Technical Safeguards
• Describe the Access Control standard
• Examine the Audit Control standard
• Describe the Integrity standard
• Identify key elements of the Person or Entity Authentication standard
• Review the Transmission Security standard

Chapter 14 - Security Advanced Technical Safeguards

• Describe the Transmission Security standard
• Examine the Transmission Control Protocol/Internet Protocol (TCP/IP) architecture and its key protocols
• Analyze firewall systems and their role
• Examine Virtual Private Networks (VPNs)
• Describe wireless security requirements
• Identify types of encryption that may be supported by health care entities
• Describe core elements of Windows security.

Chapter 15 - Digital Signatures and Certs

• Explain the requirements of the proposed Security Rule’s electronic signature requirements (not included in the final rule)
• Describe a digital signature
• Describe a digital certificate and its relationship to a digital signature
• Examine the role of a Public Key Infrastructure (PKI) in supporting requirements for digital signatures

Chapter 16 - Security Policy and Standards

• Explain how identifying threats and vulnerabilities impact risk management strategies and the development of appropriate security policies
• Describe ISO/IEC 27002 and ISO/IEC 27001 standards
• Identify factors that impact the development of an enterprise security policy
• Describe security policy documents that address areas, such as acceptable use policies

Chapter 17 - American Recovery & Reinvestment Act

• American Recovery & Reinvestment Act (ARRA), Title XIII, Subpart D Overview (HITECH)
• Business Associates New Requirements
• Breach Notification Requirements
• New Privacy & Security Requirements
• Increased Enforcement & Penalties
• Federal Reporting & Resource Requirements
• Compliance Tips

Chapter 18 - The Omnibus Rule

• Omnibus Rule Background
• Breach Notification Rule
• New Limits on Uses and Disclosures of PHI
• Business Associates
• Increased Patient Rights
• Notice of Privacy Practices
• Increased Enforcement
• Update Action Considerations