Professional Learning Center

Technology Institute

Under the Professional Learning Center, The Coalition's Technology Institute identifies flexible and affordable database software for the behavioral services sector.

Our Director of Special Projects maintains a technology and HIPAA listserv, staffs a technology committee, assists with resource development by locating free or discounted computer software and hardware, locates low cost consulting and provides help with other technology issues.

Training

There are no upcoming trainings scheduled at this time.

HIPAA Omnibus Rule
On January 17, 2013, the Office for Civil Rights of the US Department of Health and Human Services issued the long awaited "Omnibus Rule".  A lot of the rule was anticipated, but there were some significant changes the proposed bill.

Ruling:  http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf

Here are links to various interpretations:

The Bureau of National Affairs:

HIPAA Omnibus Rule Reshapes Landscape for Health Care Privacy, Security Compliance   (Robert Belfort co-author)

Loss of HIPAA Breach Notice Threshold, New Business Associate Rules Pose Challenges

Time to Get Ready for Larger Penalties for HIPAA Violations

Lewis Creek Systems:

Policy Changes and the New HIPAA Breach Evaluation Process

New Final HIPAA Rule Released -- a few surprises!

Nuances of the New HIPAA Rules, New BAA Template

Christiansen IT Law:

Do the HITECH Rules Really Make All Healthcare ASPS and Cloud Services Providers Business Associates?

Healthcare Info Security Website: 

HHS Official Explains HIPAA Omnibus, OCR’s Susan McAndrew on Breach Reporting, Other Details

HIPAA Omnibus: Impact on Breach Notices, Experts Assess What the Final Rule Means

HIPAA Security Resources

The Computer Security Resource Center (CSRC) of the National Institute of Standards and Technology (NIST) has a series of documents of general interest to the computer security community.  Many of the documents are guidelines on various forms of electronic security like cell phones, PDAs, Bluetooth, servers, and external devices for telework and remote access. 

Other NIST resources include:

Information Security Handbook: A Guide for Managers (SP800-100)

Recommended Security Controls for Federal Information Systems and Organizations (SP800-530rev3)

Risk Management Guide for Information Technology Systems (SP800-30)

An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (SP800-66)

Building an Information Technology Security Awareness and Training Program (SP800-50 go to their website for a zipped version)

Complete listing of all NIST documents

The Centers for Medicare and Medicaid Services(CMS) also has some security and risk assessment documents which may be of assistance.

CMS Information Security Levels

CMS Risk Assessment Methodology

CMS Risk Assessment Template

CMS Risk Safegaurds

CMS Threat ID Resource

Other HIPAA Security resources are available in our PLC Store.