Scope of Laws as an Important Compliance Concept - HIPAA | Coursera

Alle Bereiche erkunden

Für Unternehmen

Blättern
Beliebte Kurse
Anmelden
Kostenlose Teilnahme

Scope of Laws as an Important Compliance Concept

Loading...

Privacy Law and Data Protection

University of Pennsylvania

4.8 (279 Bewertungen) | 5.6K Teilnehmer angemeldet

Kurs 3 von 4 in Regulatory Compliance Spezialisierung

Kostenlos anmelden

What does it take to comply with privacy laws? In this course, we’ll look at the practical aspects of navigating the complex landscape of privacy requirements. Better understanding privacy laws and data protection will enable you to protect your organization and the constituents that depend on your organization to safeguard their personal information. First, we will examine the historical context that drove the creation of laws, best practices, and other standards for protecting personal information. We will also consider where in the U.S. privacy laws exist and which sectors remain unregulated. Next, we will focus on the federal health privacy law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) – and what it takes to comply with it. How do you know the scope of the requirements? And once you know HIPAA applies, how do you actually put measures in place to ensure compliance? We’ll explore the notion that one cannot have privacy without strong security and examine various models that promote the security of personal information. We’ll look closely at breach notification laws – one of the most significant drivers of change in organizations – and discuss strategies for the improvement of data protection overall. Lastly, we will look at international law, state law, the unique and important role of the Federal Trade Commission in protecting privacy. Most importantly, we get practical – we will discuss real-world, practical approaches to how compliance professionals can navigate the complex landscape of privacy requirements to best protect their organizations.

Lehrplan anzeigen

Kompetenzen, die Sie erwerben

Information Privacy, Risk Management, Data Management, Privacy Compliance

Bewertungen

4.8 (279 Bewertungen)

5 stars
85%
4 stars
11%
3 stars
3%
2 stars
0%
1 star
0%

JC

Jan 20, 2020

A great review of the law, history and current standing for privacy & also (some) related national security law concepts. Highly enjoyable!

PG

Apr 14, 2020

Excellent introductory course to the US privacy law and data protection framework. I highly recommend it!

Aus der Unterrichtseinheit

HIPAA

How does a privacy law actually operate? This module looks at privacy and data protection in action, specifically using HIPAA as the framework.

Scope of Laws as an Important Compliance Concept4:34

Unterrichtet von

Lauren Steinfeld
Lecturer in Law

Testen Sie den Kurs für Kostenlos

Skript

In this module, we start to talk about where the rubber hits the road. You understand the concept of compliance, why it's important, the principles involved, the trade offs, and more. Now we practice together putting this into action. HIPAA, as we've discussed is the federal law aimed at protecting the privacy of health information. However, not all health information is protected under HIPAA. Only health information held by certain kinds of organizations is. One of the first questions any compliance professionals should ask is, "Does this law apply to us?" HIPAA regulates as described in the statute covered entities, and covered entities include healthcare providers. But only those healthcare providers who are billing electronically or more technically correct transmitting cover transactions electronically. These cover transactions largely have to do with billing. Well, if this is what a HIPAA covered provider is, what kinds if providers are excluded? Generally, healthcare providers offering free services such as free clinics will not be HIPAA regulated. Also, healthcare providers that continue to bill using paper records, faxing, and mailing and there are also not HIPAA covered. How can that be? Why would the patients of those organizations deserve any less privacy than those in practices and hospitals that bill electronically? Well, it's not that there's a policy reason to treat these two populations differently. However, the statutory authority that congress provided was built on the premise that increased electronic data sharing facilitated by the new HIPAA administrative simplification provisions should come with additional privacy protections. In other words, sometimes the peculiarities and technicalities of a statute can dramatically affect whether an organization is subject to a compliance regime or not. In this case, whether patients have their privacy federally protected or not. Second, HIPAA also regulates health plans quite simply, and with almost no qualifications at all. Again, here one must read the statute or at least the guidance from the agency to determine if any plans are exempt from the definition. Lastly, HIPAA regulates healthcare clearinghouses, a very narrow industry sector that actively engages in facilitating the standard transactions, the electronic billing that HIPAA was originally, predominantly working to enhance. What about information sharing from a HIPAA covered entity to someone else? Let's say a patient authorizes a hospital to share their health records with their employer, is their employer then debt? Is their employer then bound by HIPAA? No, HIPAA again only covers the activities of the covered entities. In fact, HIPAA requires that a compliant patient consent form actually state, that the recipient of the information may not be bound by the privacy laws at the sender. What about information shared by a covered entity with a business partner of theirs such as a records released company or medical records software company? Well, there, most of HIPAA's requirements do apply. The law makes clear that a vendor accessing a covered entities patient information to perform a function on their behalf is covered. The details of the business arrangement matter in this analysis, and the regulations need to be read carefully. Let's look a little closer at what's in Scope of HIPAA and therefore, what's not. Because of the very specific language that defines what types of organizations are bound to comply with HIPAA, we also can learn more about what organizations are not bound. For example, the multitude of health-related apps and devices, including wearable technology are overwhelmingly not covered by HIPAA, because the companies that operate them or not providers, payers, or healthcare clearinghouses unless they are in the role of business associates of covered entities. Because privacy in the US is essentially a patchwork of laws affecting certain sectors, it's especially crucial for any privacy professional or compliance professional handling privacy to determine what laws apply to what organization, and sometimes only to certain activities of an organization. The impact of this careful read of scope is tremendous. Knowing whether the weight and consequence of a rather massive Federal Regulation applies to your organization, will translate into and what activities may be compliant or not, lawful or not.

Durchsuchen Sie unseren Katalog

Melden Sie sich kostenlos an und erhalten Sie individuelle Empfehlungen, Aktualisierungen und Angebote.

Beliebte Online-Kurse

KI für alle
Vorstellung von TensorFlow
Neuronale Netzwerke und Deep Learning
Algorithmen, Teil 1
Algorithmen, Teil 2
Maschinelles Lernen
Maschinelles Lernen mit Python
Maschinelles Lernen mittels Sas Viya
R-Programmierung
Einführung in die Programmierung mit Matlab
Datenanalyse mit Python
AWS-Grundlagen: Mit der Cloud vertraut werden
Grundlagen der Google Cloud-Plattform
Engineering für Site-Funktionssicherheit
Englisch im Berufsleben
Die Wissenschaft des Wohlbefindens
Lernen lernen
Finanzmärkte
Hypothesenüberprüfung im öffentlichen Gesundheitswesen
Grundlagen für Führungsstärke im Alltag

Beliebte Online-Spezialisierungen

Deep Learning
Python für alle
Data Science
Angewandte Datenwissenschaft mit Python
Geschäftsgründungen
Architektur mit der Google Cloud-Plattform
Datenengineering in der Google Cloud-Plattform
Von Excel bis MySQL
Erweiterte maschinelles Lernen
Mathematik für maschinelles Lernen
Selbstfahrende Autos
Blockchain-Revolution für das Unternehmen
Unternehmensanalytik
Excel-Kenntnisse für Beruf
Digitales Marketing
Statistische Analyse mit R im öffentlichen Gesundheitswesen
Grundlagen der Immunologie
Anatomie
Innovationsmanagement und Design Thinking
Grundlagen positiver Psychologie

Online-Zertifikate

Google IT-Support
IBM Customer Engagement-Spezialist
IBM Datenverarbeitung
Angewandte Projektmanagement
Zertifikat von IBM über berufliche Qualifikation für Angewandte KI
Maschinelles Lernen für Analyse
Räumliche Datenanalyse und Visualisierung
Bauwesen und -management
Instruktionsdesign

Online-Abschlussprogramme

Master-Abschluss in Data Science
Bachelor-Abschluss in Informatik
Abschlüsse in Informatik und Ingenieurwesen
Master-Abschluss in Maschinellem Lernen
MBA- und Business-Abschlüsse
Master-Abschluss in Elektrotechnik
Master-Abschluss in Public Health
Master-Abschluss in Informationstechnologie

Coursera

About
Leadership
Careers
Catalog
Certificates
MasterTrack™ Certificates
Degrees
For Enterprise
For Government
For Campus
Coronavirus Response

Community

Learners
Partners
Developers
Beta Testers
Translators
Blog
Tech Blog

Mehr

Terms
Privacy
Help
Accessibility
Press
Contact
Directory
Affiliates

Erhältlich bei Google Play

© 2020 Coursera Inc. Alle Rechte vorbehalten.