Digital Confidentiality According to Professional Ethics and HIPAA: A Heart-Centered Approach Level II

Course Materials

An Exercise Whose Point is Unclear
1. Clients, Professionals, & Behavior in Security
Secure Behaviors
2. Legally and Ethically Secure by the Numbers: The "Before" Part
Decision Psychology in Security and Privacy
How To Comply With the HIPAA Security Rule: A Step-by-Step Guide
Step 1. Security Risk Analysis
Step 1 (cont.) Security Risk Analysis: The Process
Step 2. Risk Management Planning
Step 3. Policies and Procedures Manual
3. Legally and Ethically Secure by the Numbers: The After Part
Breach Notification
Risk Analysis Parties!
Rescuing (or Sacrificing) Your Lost or Stolen Mobile
Security Incidents
Safe Harbor from the HIPAA Breach Notification Rule
How Encryption Makes Safe Harbor: or “Why Encrypting Before is Great For After”
4. Electronic Records, and “the Cloud”
Data Backups: Your Best Friend For “After”
Electronic Health Records
“The Cloud”
The Cloud and Availability & Integrity
Disclosure of Electronic Record-Keeping
Passwords vs. Passphrases, and Password Management Programs
The Cloud, Mobiles, and Breach Assessment
Protecting Your Cloud Services
Cloud Services and the HIPAA Business Associate Rule
Special Aside: Business Associates and Financial Institutions
Epilogue

Course Syllabus

Prologue: An Exercise Whose Point Is Unclear. We start with a little exercise whose purpose and utility will become clear later in the course!

  1. Clients, Professionals, & Behavior in Security
    • How a few theories from cognitive psychology can help us understand our own approaches to security risks — and our clients’ approaches, as well.
    • The importance of secure behaviors and how to cultivate them.
  2. Legally and Ethically Secure by the Numbers: The “Before” Part
    • Three steps for complying with HIPAA’s Security Rule and other associated rules and laws.
    • A brief explanation of what a risk analysis is
    • A simplified explanation of how the process of risk analysis works
    • A short exploration of how one goes about making a risk management plan
    • Exploration of HIPAA Security’s requirement for policies and procedures in health care practice, with resources for creating them
  3. Legally and Ethically Secure by the Numbers: The After Part
    • A brief call to do risk analysis parties in order to make HIPAA Security compliance easier, more collegial, and more social.
    • What is a security incident and what must you do when you encounter one?
    • What is a security breach and what must you do when you have one?
    • The safe harbor in HIPAA’s Breach Notification Final Rule.
    • Using encryption in your devices to meet the safe harbor requirements.
    • Using remote tracking and remote wipe to mitigate security incidents involving smartphones, tablets, and other mobile devices.
  4. Electronic Records, and “the Cloud”
    • The legal-ethical importance, value, and process of keeping backups
    • Understanding the jargon term, “Electronic Health Record,” as opposed to “Electronic Medical Record.”
    • Ethical discussion of disclosing one’s use of electronic records to clients.
    • What is the cloud and why does it matter to your legal-ethical needs?
    • How the cloud helps with certain aspects of your security needs under HIPAA and ethics.
    • How the cloud helps you protect smartphones, tablets, and other mobile devices.
    • How you protect your cloud service accounts.
    • Doing passwords well.
    • Cloud services and the HIPAA Business Associate Rule.
    • Financial services and the HIPAA Business Associate Rule.

You are not logged in

Go Log In→

v1.23.05

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss