CERTIFIED HIPAA SECURITY EXPERT (CHSE)

Chapter 1 – HIPAA Basics

• Understand the purpose for HIPAA legislation
• Review the HIPAA Administrative Simplification title
• Review non-compliance penalties (civil and criminal)
• Review key organizations associated with administering HIPAA Administrative Simplification provisions
• Review HIPAA-related terminology and definitions

Chapter 2 – Transactions & Code Sets Overview

• Understand motivation and drivers behind requiring HIPAA standard transactions and code sets

Chapter 3 – Transactions – ANSI X12 and NCPDP

• Examine the ANSI ASC X12 & NCPDP transactions

Chapter 4 – Code Sets & National Identifiers

• Understand the code sets approved for use with HIPAA-covered transactions
• Understand national identifiers that have been adopted or may be adopted to identify entities or individuals under HIPAA-covered transactions

Chapter 5 – HIPAA and Health Data – Security & Privacy Requirements

• Describe how HIPAA relates to health information exchange
• Identify the steps for compliance with the HIPAA Privacy Rule
• Identify the steps for compliance with the HIPAA Security Rule
• Review compliance framework

Chapter 6 – HIPAA Privacy Rule

• Understand the core requirements, key terms, and concepts of the Privacy Rule

Chapter 7 – HIPAA Security Rule – Overview

• Describe the scope of the HIPAA Security Rule.
• Understand threats and attacks health care that cause an enterprise to be vulnerable.
• Define key security terminology, concepts, and categories
• Describe administrative safeguard implementation specifications.
• Describe physical safeguard implementation specifications.
• Explain technical safeguard implementation specifications.
• Describe organizational requirements.
• Describe the policies and procedural standards, as well as the documentation standards.

Chapter 8 – HIPAA Security Rule – Threats and Technology Options

• Identify technical/electronic threats to the health care enterprise
• Explain security technology and electronic protection options that may meet Security Rule and Privacy Rule security provisions compliance requirements

Chapter 9 – Advanced Administrative Safeguards

• Describe the requirements for the Security Awareness and Training standard.
• Explain the requirements for the Security Incident Procedures standard.
• Describe the requirements for the Contingency Plan standard.
• Describe the requirements for the Evaluation standard.
• Describe the Business Associate Contract and Other Written Arrangements standard.

Chapter 10 – Physical Safeguards Overview

• Explain key steps for a physical safeguard assessment based on the HIPAA Privacy Rule

Chapter 11 – Advanced Physical Safeguards

• Describe physical safeguard requirements
• Review facility access control
• Describe workstation use and security standards
• Describe required and example policies, procedures, and practices to reasonably ensure appropriate physical safeguards have been implemented

Chapter 12 – Physical Safeguards – Data & Media Management

• Describe requirements for device and media controls

Chapter 13 – Security Technical Safeguards Overview

• Describe the Security Rule defined Technical Safeguards
• Describe the Access Control standard
• Examine the Audit Control standard
• Describe the Integrity standard
• Identify key elements of the Person or Entity Authentication standard
• Review the Transmission Security standard

Chapter 14 – Security Advanced Technical Safeguards

• Describe the Transmission Security standard
• Examine the Transmission Control Protocol/Internet Protocol (TCP/IP) architecture and its key protocols
• Analyze firewall systems and their role
• Examine Virtual Private Networks (VPNs)
• Describe wireless security requirements
• Identify types of encryption that may be supported by health care entities
• Describe core elements of Windows security.

Chapter 15 – Digital Signatures and Certs

• Explain the requirements of the proposed Security Rule’s electronic signature requirements (not included in the final rule)
• Describe a digital signature
• Describe a digital certificate and its relationship to a digital signature
• Examine the role of a Public Key Infrastructure (PKI) in supporting requirements for digital signatures

Chapter 16 – Security Policy and Standards

• Explain how identifying threats and vulnerabilities impact risk management strategies and the development of appropriate security policies
• Describe ISO/IEC 27002 and ISO/IEC 27001 standards
• Identify factors that impact the development of an enterprise security policy
• Describe security policy documents that address areas, such as acceptable use policies

Chapter 17 – American Recovery & Reinvestment Act

• American Recovery & Reinvestment Act (ARRA), Title XIII, Subpart D Overview (HITECH)
• Business Associates New Requirements
• Breach Notification Requirements
• New Privacy & Security Requirements
• Increased Enforcement & Penalties
• Federal Reporting & Resource Requirements
• Compliance Tips

Chapter 18 – The Omnibus Rule

• Omnibus Rule Background
• Breach Notification Rule
• New Limits on Uses and Disclosures of PHI
• Business Associates
• Increased Patient Rights
• Notice of Privacy Practices
• Increased Enforcement
• Update Action Considerations

Chapter 19 – 2018 Annual HIPAA Certification CE Credits

• The Year in Review – Breaches and Events
• Updates for 2018:  Special Topics
• A Request for Information from OCR
• Recommended Actions