Course curriculum

    1. Letters: Breach Notice Letters

    2. Form: Request for Access to PHI

    3. Who is covered by HIPAA?

    4. Has HIPAA changed recently?

    5. What is the HITECH Act?

    6. What is HIPAA?

    7. What is Protected Health Information (PHI)?

    8. What is a HIPAA Breach?

    9. What to Do in the Event of a Breach?

    10. Form: Authorization for Marketing

    11. Contract: Business Associate Agreement

    12. Form: Authorization for Release of Records

    13. Form: Multimedia Release

    14. Form: Opt-Out of Fundraising

    15. Form: Authorization for Marketing - Testimonials

    16. Form: Notice of Privacy Practices (NPP)

    17. Form: Plan Book

    18. How is HIPAA enforced?

    19. What are the penalties for failing to comply with HIPAA?

    20. Can HIPAA breaches lead to criminal prosecution and/or incarceration?

    21. What does a covered entity do if their computers become infected by malicious software?

    22. What does a covered entity do if their PHI is being held by "Ransomware?"

    23. What is a business associate?

    24. What is a business associate agreement?

    25. What are the responsibilities of a business associate (BA) under HIPAA?

    26. Is an insurance company a business associate of a provider under HIPAA?

    27. Is a laboratory a business associate of a provider under HIPAA?

    28. Is a pharmacy a business associate of a provider under HIPAA?

    29. Is a cloud computing provider a business associate?

    30. Is an email service provider a business associate?

    31. Is an internet service provider (ISP) a business associate?

    32. Is an electronic health record software (EHR) vendor a business associate?

    33. What office policies are required under HIPAA?

    34. How does federal-level HIPAA interact with state-level medical information privacy laws?

    35. Does a covered entity's workforce need to be trained in HIPAA?

    36. What is a covered entity's workforce?

    37. How soon and how often should training be conducted?

    38. What does a covered entity's workforce training need to include?

    39. How should workforce training be documented?

    40. How long must HIPAA-related documents be kept?

    41. Are dispensaries covered by HIPAA in states where medical marijuana is legal?

    42. Is a funeral home or crematorium a covered entity under HIPAA?

    43. Are Privacy and Security Officers required by HIPAA?

    44. What is the Privacy Rule?

    45. What is a Notice of Privacy Practices (NPP)?

    46. What must be in an NPP?

    47. When must a covered entity provide an NPP?

    48. Must a patient sign an acknowledgement that they received an NPP?

    49. Can a covered entity provide an NPP electronically through email or other electronic methods?

    50. Must a new written acknowledgment of receipt be obtained if the NPP is changed?

    51. Can an NPP be used to bypass the requirement to obtain patient Authorization before certain non-essential uses of their PHI?

    52. How often must a covered entity provide an NPP to patients? Do they expire?

    53. Must an NPP be provided to minors?

    54. What is de-identified PHI?

    55. What PHI does the patient have the right to see, copy, or send to a third party?

    56. How long do I have to respond to a request by a patient to access their own PHI?

    57. Are patients required to submit requests for their own PHI in writing?

    58. Are patients required to submit a written request to send their own PHI to a third party?

    59. Can patients request their own PHI in a specific format?

    60. Can a fee be charged for providing access or copies of PHI?

    61. Can records be withheld for non-payment for services?

    62. Can patients be denied access to their own PHI for any reason?

    63. Can I send PHI to an insurance company when a patient pays in cash and requests it?

    64. What is a personal representative?

    65. How does a covered entity verify the identity of a personal representative or parent of a minor child?

    66. Must a covered entity give PHI to law enforcement?

    67. Must I give PHI to the parent of a minor child?

    68. If the parents of a minor child are divorced, to whom does a covered entity give the child's PHI?

    69. If I suspect the abuse or neglect of a minor child (or incapacitated adult), does HIPAA prevent me from reporting it?

    70. If I suspect that a patient will harm themselves or others, does HIPAA prevent me from reporting it?

    71. Must I give PHI in response to a subpoena?

    72. Must I give PHI in response to a request from a government agency?

    73. What is an Authorization under HIPAA?

    74. When is a patient Authorization required under HIPAA?

    75. What is electronic PHI (ePHI)?

    76. What is a risk analysis, assessment, and management under HIPAA?

    77. Is encryption required?

    78. Are electronic health records HIPAA compliant?

    79. I'm cash-only. Does HIPAA apply to me?

    80. Is YourHIPAATraining or CEDR Solutions a business associate?

    81. How must devices containing ePHI be disposed of or reused?

    82. What is a Security Officer?

    83. Can mobile devices (smartphone, tablet, laptop) be used to access ePHI?

    84. Can ePHI be sent via email?

    85. Sample Policies and Procedures

    86. Public Good Disclosures Reference Sheet

About this course

  • Free
  • 86 lessons
  • 0 hours of video content