The course is based on a recording of one of the presentations of the Acupuncture and Herbal Medicine EHR and Tech Expo which took place May 21-22, 2022. Those who signed up for the live expo are eligible for additional PDA if they did not attend during the live expo. The NCCAOM Certificates for the live expo were sent to attendees of the original expo by email if they were present at the expo. Those who then watched recordings of the presentations between May 22-Jun 22, 2022 are enrolled, but will need to have been verified that they did watch the recorded content, fill out the NCCAOM worksheet and take the final quiz to get a certificate. 

To find out more about the PDA process, visit the summary of the course process. 

Learning Objectives:

1. Review HIPAA Privacy Disclosure Notice
2. Review HIPAA Privacy & Security Plan
3. Review HIPAA Secure Server Compliance
4. Review Digital & Web-based Security – Common Errors
5. Review HIPAA Risk Analysis requirements under Security Rule
6. Identify and Document Potential Data Threats and Vulnerabilities
7. Review Periodic Updates to Risk Assessment

Course Description: 

This course provides solo practitioners and small group Acupuncturists a detailed review of HIPAA compliance requirements, best practices and helps identify digital vulnerabilities to patient and clinic data.  Learn how to evaluate your practice, assess existing data security measures, and determine the likelihood and impact of data breaches.  Learn how to mitigate those risks and complete a Security Risk Analysis (SRA) required of ALL covered entities under the HIPAA Security Rule.    

Course Outline – Time Break Down: 

1. 0-30 min: Clinic Practices – Risk Management
2. HIPAA Compliant Web Server for Solo/Small Providers
3. Common Errors: Website Security – SSL Certificates
4. Technical and Non-Technical Vulnerabilities
5. 31-60 min: HIPAA Vulnerabilities
6. HIPAA Threats 
7. HIPAA Risks
8. Data Encryption
9. Self -Guided – Planned Break
10. 61-90 min Security Risk Assessment (SRA)
11. SRA: 7 Areas of Significance
12. SRA Clinic History
13. SRA Security Policies & Procedures
14. SRA Workforce Training
15. SRA Data Control
16. 90-120 min: SRA Physical Control
17. SRA Business Associate Agreement (BAA)
18. SRA Contingency Planning
19. Is your Practice HIPAA Compliant?
20. Jump-Start your Security Risk Analysis
21. End of Course

Bio:

David Bibbey, L.Ac graduated the Florida College of Integrative Medicine in 2011 with a bachelor’s in professional health studies and a masters in Oriental Medicine.  He has been in private practice at Alternative Primary Care in Crystal River, FL since 2011.  David is a volunteer Board member for the Florida State Oriental Medical Association and having served in various roles for the past 10 years, he is currently the Association’s President.  

In 2020, David co-founded Patient Data Protection, LLC. with Matthew Fiorenza, a digital security expert.  Together, they provide HIPAA and ADA compliance services that support small healthcare practices. 

David enjoys helping and teaching colleagues to implement measures that limit the likelihood of costly and problematic HIPAA violations, while protecting patients’ privacy and securing their valuable data.  

He has a knack for making complicated issues easy to understand and helping each Acupuncturist understand what is needed for their unique practice. David is a regular contributor to Acupuncture Today on HIPAA compliance issues.  He is invited and often speaks on this and other practice related issues.  He has previously taught Ethics, Practice, and Risk Management courses at the Florida College of Integrative Medicine.