HIPAA Requirements, Implementation and Security

By Bruce H. Nearon

Is your company or client a healthcare provider, clearinghouse, insurance company or administrator? Or does it provide services to one of these businesses? Does your client or employer use electronic forms to maintain or transmit individual health information? If you answered yes to any of these questions, do you understand the requirements, implementation and security issues surrounding HIPAA? Learn how to understand, identify and implement cost-effective strategies to comply with HIPAA by attending the Aug. 21 continuing professional education (CPE) presentation organized by the New York State Society of CPAs (NYSSCPA) Emerging Technologies (ET) Committee.

HIPAA, the Health Insurance Portability and Accountability Act of 1996, was enacted as part of a broad Congressional attempt to achieve incremental healthcare reform. HIPAA requires the United States Department of Health and Human Services to develop standards for maintenance and transmission of health information that identifies individual patients.

HIPAA standards are designed to improve the efficiency and effectiveness of the healthcare system by standardizing the interchange of electronic data for specified administrative and financial transactions, and are intended to protect the security and confidentiality of electronic health information. This is achieved through a proper management control structure with supporting policies in place to enable processes that provide assurance over the protection of information.

HIPAA is an enterprise-wide issue-not an information technology (IT) issue. There are legal, regulatory, process, security and technology aspects to each proposed rule. HIPAA is rapidly becoming a major issue in healthcare. Healthcare providers and their accountants, attorneys and business partners need timely information about HIPAA because it involves sweeping changes for which there is no historical precedence.

The seminar will cover the following topics:

• Background, requirements and implications of HIPAA
  
• Information systems security, physical security, audit trail and digital signature/data encryption
  
• Transitioning to a HIPAA-compliant environment-best and worst practices observed to achieve compliance focusing on cost impact
  
• The auditor's role in ensuring HIPAA compliance-lessons learned from other privacy-regulated industries such as banking
  
• Understanding the accounting firm's obligations to become HIPAA compliant
  
• Helping the entity align its HIPAA implementation to its overall e-business strategy
  
• Security risk assessment methodology to identify challenges and prioritize required actions.

  Date: Wednesday, Aug. 21, 2002
  Time: 5:30 p.m. to 6:00 p.m.: registration, networking, free refreshments
  6:00 p.m. to 8:30 p.m.: CPE session
  Presenters: Joel Lanz, CPA, CISA, CISSP,
  jlanz@itriskmgt.com

  Glenn C. Davis, CPA, director of healthcare services,
  J.H. Cohn LLP,
  gdavis@jhcohn.com

  Location: NYSSCPA
  headquarters, 530 Fifth
  Ave., fifth floor, New York City

About the Presenters

Mr. Lanz is a former Big Five technology risk consulting partner and vice president of a large financial services organization's auditing department. He heads a CPA practice that focuses on providing technology risk management services. Mr. Lanz is a member of the Emerging Technologies Committee and is an adjunct faculty member of the School of Computer Science and Information Systems at Pace University.

Mr. Davis joined J.H. Cohn LLP in March 2002, as the firm's new leader of its healthcare audit and consulting practice. Prior to joining J.H. Cohn LLP, Mr. Davis was a senior audit and consulting partner in Coopers & Lybrand's New York and national offices as well as chairman, president and CEO of one of the New York region's largest diversified alternate site healthcare providers. He is a 1970 graduate of the Baruch School of Business of the City University of New York, with a BBA in accounting. A CPA since 1977, Mr. Davis is a member of the American Institute of Certified Public Accountants and the NYSSCPA.

Additional Information

This NYSSCPA/Foundation for Accounting Education (FAE) CPE evening presentation is $45 for NYSSCPA members and $50 for nonmembers to qualify for three hours of CPE credit. A $25 additional walk-in fee will be charged to those who pay at the door. At the session you will get the chance to network with the profession's and the industry's IT leaders.

Advance registration is recommended because seating is limited.

For additional information, contact Gary Carpenter at (315) 487-4567 or gcarpenter-cit@worldnet.att.net or Bruce H. Nearon at (973) 403-6955 or bnearon@jhcohn.com.

To register: contact FAE at (212) 719-8383 or (800) 537-3635 or visit the Society's website at www.nysscpa.org. Select the Continuing Education tab at the top of the screen, scroll down to Evening Technical Sessions, then scroll down to Aug. 21, 2002, HIPAA Security Issues.

For more information on the ET Committee, visit www.nysscpa.org, click on the committees tab on the left-hand side of the page and then scroll down to the ET Committee link.

Acknowledgments

J.H. Cohn LLP helped provide the funding and resources for the sandwiches and soft drinks, marketing and publicity, and administration of this event.

Gary Carpenter, of Carpenter Information Technologies, helped administer this event.