Certified HIPAA Security Program
The Certified HIPAA Security Program is designed to educate Healthcare Professionals and Business Associates understand HIPAA Security (45 CFR Part 160 and Subparts A and C of Part 164) and guide them with their compliance requirements of this law.
Certified HIPAA Security Officer (CHSO)
The Certified HIPAA Security Officer is the first tier of a three-level certification program. The CHSO is the basic level and the same has been designed to ensure that individuals that complete this program have a basic understanding of HIPAA Security and the Standards of the law. The actual course work consists of approximately 24 courses, testing after every course and the opportunity to become a Certified HIPAA Security Officer after taking and passing our level examination test (see below for more information).
Certified HIPAA Security Program Bootcamp
The Certified HIPAA Security Officer (CHSO) Bootcamp consists of an intense day covering the basics of HIPAA Security, the three basic Safeguards (Administrative, Physical and Technical) and the Standards covered under each, plus a brief overview of the key laws that apply to HIPAA Security. In addition to this review of HIPAA Security, this Bootcamp will also prepare attendees to take the Certified HIPAA Security Officer Examination.
The CHSO Bootcamp is taught by CHSOs who, in addition to having passed the test, are experts and have extensive experience in the areas they will cover. The CHSO Bootcamp is approximately eight hours long and includes a working lunch, a basic manual and the ability to ask questions/review after all presentations have been finalized.
CHSO Certification Test
The CHSO certification test consists of approximately 100 questions covering the basics of HIPAA, HIPAA Security Standards and Key laws dealing with HIPAA Security such as the HITECH Act and the Omnibus Rule. The test is timed and candidates have approximately two hours to complete the same.
The CHSO test can only be taken at specified testing centers at specified designated dates. The CHSO test is normally scheduled as part of the EPI Compliance conferences but additional dates and locations may be pre-arranged on a case by case basis.
There are no prerequisites for this level nor are there any other educational qualifications required.
The CHSO test is based on 5 sections. The actual distribution of questions and scores is as follows:
Obtaining the CHSO certification is based on candidates passing every section with a minimum score of 70%.
Note: For the test session taking place on April 12, the grading will be based on a curve. We will continue to enforce the 70% passing but the same may be adjusted based on the overall group performance. Also, in this one instance, the passing score will be based on a general score rather than a section basis.
Exam retake policy
Individuals failing to pass the test may be scheduled for an online re-testing section or they can choose to retest at the next scheduled session.
Post Certification Requirements/Renewal
CHSO certification is valid for a period of three years. CHSO’s must complete at least three EPI courses dealing with legal, cybersecurity and one general course per year.
Security Management Process
Information Systems Activity Review
Assigned Security Responsibility
Authorization and/or Supervision
Workforce Clearance Procedures
Information Access Management
Isolating Health Care Clearinghouse Functions
Access Establishment and Modification
Security Awareness and Training
Protection from Malicious Software
Security Incident Reporting
Data Back-up Plan
Disaster Recovery Plan
Emergency Mode Operating Plan
Testing and Revision Procedure
Applications and Data Criticality Analysis
Business Associate Contract and Other Arrangements
Unique User ID
Emergency Access Procedure
Encryption and Decryption
Person or Entry Authentication
Facility Access Controls
Facility Security Plan
Access Control and Validation Procedures
Device and Media Controls
Data Backup and Storage
HITECH and Omnibus Rule
What are they
Employees vs Subcontractors – basic definition
Omnibus Rule – Chain of Custody