WKU News

Keith Lancaster, WKUHS Manager, Healthcare Information Systems, recently completed HIPAA Academy™ (http://www.hipaaacademy.net/ ) training and passed certification tests in the Certified HIPAA Professional (CHP) and Certified Security Compliance Specialist (CSCS) programs.

The goal of the CHP program is to examine the changes required by HIPAA and their effects on policies, procedures and processes with the organization’s handling of patient records. Participants learn how to measure and monitor their organization’s compliance with HIPAA and the qualifications required of the HIPPA Privacy and Security Officers. They also learn that HIPAA compliance is as much a business issue as an IT issue and how to review specific requirements and implementation features within each HIPAA security category.

In the CSCS boot camp, participants examine the steps required to achieve compliance is several different current standards such as: Sarbanes-Oxley (SOX), Federal Information Security Management Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA) Security Rule, ISO 27000, ISO27001, ISO27002, CobiT security baseline, and PCI-DSS as well as working through case studies in comprehensive risk analysis/vulnerability assessments and Business Continuity Planning (BCP).

The HIPAA Academy™ was established in 1999 and delivers IT training and services to the health care and financial industries.  HIPAA Academy clients include hospitals, long term care providers, insurance firms, BCBS affiliates, several State governments, including the State of Oregon, Iowa and Illinois, as well as many county governments. It has formed strategic partnerships with RSA, IBM, ISS, Sun, CompTIA, and Computer Associates (CA) and delivers solutions in the areas of security risk analysis, vulnerability assessment, wireless security, contingency planning, professional services, advisory services, InfoSec policy development, audit and evaluation and HIPAA training and certification. It was founded on the concept that “Timely information that can be accessed securely is increasingly becoming as valuable as the stethoscope in the health care industry. Physicians, nurses, patients, and all end clients need immediate access to vital information. IT is not a luxury but a critical necessity in the health care industry.”