Library Guide: HIPAA
Page 2
Table of Contents Overview...2 Course Descriptions: Privacy and Security Library: Business Practices to Protect Personal Health Information (HIPAA05)... 3 HIPAA: General Awareness (HIPAA01)...................................................... 3 HIPAA Privacy: Role Based Training I Incidental PHI Contact (HIPAA06)... 3 HIPAA Privacy: Role Based Training II Internal Uses of PHI (HIPAA07)...4 HIPAA Privacy: Role Based Training III Uses and Disclosures of PHI (HIPAA08)... 4 HIPAA Privacy: Role Based Training IV Managers, Supervisors and Compliance Staff (HIPAA09)... 4 HIPAA: Privacy Standards (HIPAA02)... 5 Information Security (HIPAA10)...5 Page 1
Overview: UL EduNeering and our Subject Matter Experts have considerable experience with the practical application of privacy and security laws and regulations, and we provide training as required by Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws. Our staff includes regulatory compliance experts, instructional design professionals, software engineers, and information technology specialists. We also partner with nationally-recognized experts and work closely with federal government regulators. In 2009, US Department of Health and Human Services (HHS) Secretary Kathleen Sebelius transferred responsibility for HIPAA security oversight to the Office of Civil Rights (OCR). OCR already had responsibility for HIPAA privacy, underscoring the link between privacy and security. The latest HIPAA requirements were embedded into the Health Information Technology for Economic and Clinical Health (HITECH) portion of the American Recovery and Reinvestment Act (ARRA). The HIPAA Privacy and Security Library consists of three primary components: general training, specialized training for persons interested in greater detail, and training on an organization s own policies and procedures. Please Note: As with all UL instructional materials, you can customize the existing courses by incorporating your own company or site-specific information. Page 2
Course Descriptions: Listed Alphabetically Business Practices to Protect Personal Health Information (HIPAA05) This course provides all employees and associates with knowledge of the privacy and security practices for health plans as required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996. This course includes updated requirements that were included in the Health Information Technology for Economic and Clinical Health Act (HITECH). Employees will learn the basic principles of health information privacy and security, how they impact the organization and how they apply to everyday work situations. The course also covers patients rights under HIPAA and the consequences for violating privacy and security practices. After completing this course, you will know the basics of our privacy and security practices. More importantly, you will know your roles and responsibilities related to health information. HIPAA: General Awareness (HIPAA01) This course is fully customizable to reflect company or even site-specific information. Employees will learn about the Privacy and Security Standards as well as the Data Standardization rules. Employees will explore HIPAA s impact on their organization and understand how the legislation affects their everyday work activities. After completing this course, you will be able to identify the goals of HIPAA and its Administrative Simplification provisions. You will also be able to identify entities covered under the law and know how the law is enforced. Most importantly, you will be able to identify the key privacy and security requirements that apply to the use and disclosure of protected health information (PHI). HIPAA Privacy: Role Based Training I Incidental PHI Contact (HIPAA06) This course is designed for employees who do not access Protected Health Information (PHI) as part of their regular duties, but need to know what they should do when they do come into contact with PHI. After completing this course, you will be able to apply HIPAA s privacy requirements to situations you are likely to experience. Prerequisite: Before taking this course, learners should complete one or more of the following: Business Practices to Protect Personal Health Information HIPAA: General Awareness HIPAA: Privacy Standards Page 3
HIPAA Privacy: Role Based Training II Internal Uses of PHI (HIPAA07) This course is designed for employees who are authorized to use PHI as part of their regular duties. After completing this course, you will be able to apply HIPAA s privacy requirements to situations you encounter every day. Prerequisite: Before taking this course, learners should complete one or more of the following: Business Practices to Protect Personal Health Information HIPAA: General Awareness HIPAA: Privacy Standards HIPAA Privacy: Role Based Training III Uses and Disclosures of PHI (HIPAA08) This course is designed for employees who are authorized to request, use and disclose Protected Health Information (PHI) as part of their regular duties. After completing this course, learners will be able to apply HIPAA s privacy requirements to situations they encounter every day. After completing this course, you will be able to apply HIPAA s privacy requirements to situations you encounter every day. Prerequisite: Before taking this course, learners must complete one or more of the following: Business Practices to Protect Personal Health Information HIPAA: General Awareness HIPAA: Privacy Standards HIPAA Privacy: Role Based Training IV Managers, Supervisors and Compliance Staff (HIPAA09) This course is designed for HIPAA privacy officials, supporting HIPAA compliance staff, and managers, including those who have additional compliance responsibilities, such as ownership of Protected Health Information (PHI) sources or information application and system purchases. After completing this course, learners will be able to apply HIPAA s privacy requirements to situations they encounter every day. Prerequisite: Before taking this course, learners should complete one or more of the following: Business Practices to Protect Personal Health Information HIPAA: General Awareness HIPAA: Privacy Standards After completing this course, you will be able to apply HIPAA s privacy requirements to situations in which your experience and knowledge are required to ensure compliance. Page 4
HIPAA: Privacy Standards (HIPAA02) This course gives an in-depth look at the Privacy Standards included in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and discusses what these regulations mean for health plans doing business in the United States. This course includes updated requirements that are included in the Health Information Technology for Economic and Clinical Health Act (HITECH). It provides a closer look at the use and disclosure of protected health information and also educates users on identifying when an individual s permission is required and what type of permission is necessary. The course also explains the concept of minimum necessary and how it affects use and disclosure of Protected Health Information (PHI). A discussion of the individual rights that provide members and patients greater control over their health information is also covered. After completing this course, you will be familiar with the rules governing the use and disclosure of protected health information (PHI). You will be able to identify when an individual s permission is required and what type of permission is necessary. You will also be able to define the minimum necessary provision and recognize how it affects our use and disclosure of PHI. Finally, you will be able to identify individual rights specified in the Privacy Standards that allow health plan members greater control over their health information. Information Security (HIPAA10) This course discusses each requirement under the HIPAA Security Standard as well as requirements under other regulations and security guidelines. Information security is critical for any business, and it is the law for Health Care organizations. Through engaging scenarios and interactions, this course trains all employees and associates on the basics required before they begin work, including protection from viruses and other malicious software, password management and use, workstation security and location, and security reminders. More advanced topics are also covered, such as incident reporting and response, emergency measures, e-mail security, media controls, and how to select a new password. After completing this course, you will be familiar with the security policies, procedures, and controls that are a part of our daily business routine. You will also be able to identify and respond to suspected security breaches. This course addresses security training for all management and staff, and presents Health Care industry current practices as outlined by the HIPAA regulations, implemented by the Centers for Medicare and Medicaid Services (CMS) CSR rules, supported by the National Institutes for Standards and Technology (NIST) guidelines, and developed by a leading industry/government workgroup and other industry standards groups. Page 5
About UL EduNeering UL EduNeering is a business line within UL Life & Health s Business Unit. UL is a global independent safety science company offering expertise across five key strategic businesses: Life & Health, Product Safety, Environment, Verification Services and Enterprise Services. UL EduNeering develops technology-driven solutions to help organizations mitigate risks, improve business performance and establish qualification and training programs through a proprietary, cloud-based platform, ComplianceWire. For more than 30 years, UL has served corporate and government customers in the Life Science, Health Care, Energy and Industrial sectors. Our global quality and compliance management approach integrates ComplianceWire, training content and advisory services, enabling clients to align learning strategies with their quality and compliance objectives. Since 1999, under a unique partnership with the FDA s Office of Regulatory Affairs (ORA), UL has provided the online training, documentation tracking and 21 CFR Part 11-validated platform for ORA-U, the FDA s virtual university. Additionally, UL maintains exclusive partnerships with leading regulatory and industry trade organizations, including AdvaMed, the Drug Information Association, the Personal Care Products Council and the Duke Clinical Research Institute. 202 Carnegie Center Suite 301 Princeton, NJ 08540 609.627.5300 UL and the UL logo are trademarks of UL LLC 2014. uleduneering.com LG/122713/HC