Certified HIPAA Privacy Security Expert (CHPSE)

Course Learning Objectives: 
Chapter 1 - HIPAA Basics

• Understand the purpose for HIPAA legislation
• Review the HIPAA Administrative Simplification title
• Review non-compliance penalties (civil and criminal)
• Review key organizations associated with administering HIPAA Administrative Simplification provisions
• Review HIPAA-related terminology and definitions

 Chapter 2 - Transactions & Code Sets Overview

• Understand motivation and drivers behind requiring HIPAA standard transactions and code sets

 Chapter 3 - Transactions – ANSI X12 and NCPDP

• Examine the ANSI ASC X12 & NCPDP transactions

 Chapter 4 - Code Sets & National Identifiers

• Understand the code sets approved for use with HIPAA-covered transactions
• Understand national identifiers that have been adopted or may be adopted to identify entities or individuals in HIPAA-covered transactions

 Chapter 5 - HIPAA and Health Data – Security & Privacy Requirements

• Describe how HIPAA relates to health information exchange
• Identify the steps for compliance with the HIPAA Privacy Rule
• Identify the steps for compliance with the HIPAA Security Rule
• Review compliance framework

 Chapter 6 - HIPAA Privacy Rule

• Understand the core requirements, key terms, and concepts of the Privacy Rule

Chapter 7 - Privacy Rule – Organizational & Individual Relationships, Rights & Responsibilities

• Understand Organizational Relationships
• Explain Individual Privacy Rights

Chapter 8 - Privacy Rule – Notice of Privacy Practices

• Understand HIPAA Notice of Privacy Practices (Notice) and Authorization requirements and how to draft and distribute paper and electronic Notices of Privacy Practices and appropriately use an Authorization

 Chapter 9 - Privacy Rule – Uses and disclosures of PHI

• Understand the general rules regarding use and disclosure of PHI
• Understand the rules regarding disclosure for treatment, payment, and health care operations
• Understand the rules regarding disclosure for public purposes

 Chapter 10 - Privacy Rule – Safeguards

• Understand the necessary safeguards to comply with the HIPAA Privacy Rule security requirements and appropriate privacy practices

Chapter 11 - HIPAA Security Rule - Overview

• Describe the scope of the HIPAA Security Rule.
• Understand threats and attacks that make health care enterprises vulnerable
• Define key security terminology, concepts, and categories
• Describe administrative safeguard implementation specifications.
• Describe physical safeguard implementation specifications.
• Explain technical safeguard implementation specifications.
• Describe organizational requirements.
• Describe the policies and procedures standards, as well as the documentation standards.

Chapter 12 - HIPAA Security Rule – Threats and Technology Options

• Identify technical/electronic threats to the health care enterprise
• Explain security technology and electronic protections options that may meet Security Rule and Privacy Rule security provisions compliance requirements

Chapter 13 - Advanced Administrative Safeguards

• Describe the requirements for the Security Awareness and Training standard
• Explain the requirements for the Security Incident Procedures standard
• Describe the requirements for the Contingency Plan standard
• Describe the requirements for the Evaluation standard
• Describe the Business Associate Contract and Other Written Arrangements standard

Chapter 14 - Physical Safeguards Overview

• Explain key steps for a physical safeguards assessment based on the HIPAA Privacy Rule

Chapter 15 - Advanced Physical Safeguards

• Describe physical safeguards requirements
• Review facility access control
• Describe workstation use and security standards
• Describe required and example policies, procedures and practices to reasonably ensure appropriate physical safeguards have been implemented

Chapter 16 - Physical Safeguards – Data & Media Management

• Describe requirements for device and media controls

Chapter 17 - Security Technical Safeguards Overview

• Describe the Security Rule defined Technical Safeguards
• Describe the Access Control standard
• Examine the Audit Control standard
• Describe the Integrity standard
• Identify key elements of the Person or Entity Authentication standard
• Review the Transmission Security standard

Chapter 18 - Security Advanced Technical Safeguards

• Describe the Transmission Security standard
• Examine the Transmission Control Protocol/Internet Protocol (TCP/IP) architecture and its key protocols
• Analyze firewall systems and their role
• Examine Virtual Private Networks (VPNs)
• Describe wireless security requirements
• Identify types of encryption that may be supported by health care entities
• Describe core elements of Windows security.

Chapter 19 - Digital Signatures and Certificates

• Explain the requirements of the proposed Security Rule’s electronic signature requirements (not included in the final rule)
• Describe a digital signature
• Describe a digital certificate and its relationship to a digital signature
• Examine the role of a Public Key Infrastructure (PKI) in supporting requirements for digital signatures

Chapter 20 - Security Policy and Standards

• Explain how identifying threats and vulnerabilities impact risk management strategies and the development of appropriate security policies
• Describe ISO/IEC 27002 and ISO/IEC 27001 standards
• Identify factors that impact the development of an enterprise security policy
• Describe security policy documents that address areas, such as acceptable use policies

Chapter 21 - American Recovery & Reinvestment Act

• American Recovery & Reinvestment Act (ARRA), Title XIII, Subpart D Overview (HITECH)
• Business Associates New Requirements
• Breach Notification Requirements
• New Privacy & Security Requirements
• Increased Enforcement & Penalties
• Federal Reporting & Resource Requirements
• Compliance Tips

Chapter 22 - The Omnibus Rule

• Omnibus Rule Background
• Breach Notification Rule
• New Limits on Uses and Disclosures of PHI
• Business Associates
• Increased Patient Rights
• Notice of Privacy Practices
• Increased Enforcement
• Update Action Considerations

Chapter 23 - The Meaningful Use

• ARRA Overview
• Meaningful Use Rule Overview
• Vendor Certification
• Medicare Incentives
• EHR Technical and Meaningful Use Requirements
• Privacy & Security Requirements
• Proposed Meaningful Use Stage 2 Requirements

Chapter 24 -  The Red Flag Rules & Healthcare

• Red Flag Rule Overview
• State Identity Theft Protection Laws & ARRA Breach Notification Requirements
• Definition of "red flags"
• Identity Theft Protection Program Requirements
• Implementation Tips

Chapter 25 - HIPAA Solutions Part 1

• Risk Analysis
• Audit Program - Annual and Periodic

Chapter 26 -  HIPAA Solutions Part 2

• Secure Transmission of PHI
• Policy & Procedure Development
• Training - More Than Just an Annual Workshop
• Disaster Recovery/Emergency Mode Operations Plan