Compliance with HIPAA Security and Breach Rules - What Every Medical Office Must Know
Explore Effective Security And Breach Policies With Jim Sheldon-Dean
HIPAA Breach Notification Rule has new standards for determining what qualifies as a reportable breach. The updated and final regulations for Security and Breach Notification now enforceable must be considered by all HIPAA-related entities, and all HIPAA entities need to change their policies and procedures to meet the new standards. HIPAA Breach Notification rules require notification of individuals and HHS when information security is breached. If there is a breach of protected health information that does not qualify for one of the reporting exceptions, the breach must be reported, unless a risk assessment shows that there is a “low probability of compromise.” All reportable breaches must be reported to the Secretary of the US Department of Health and Human Services at least annually. There are additional steps to take if the breach affects more than 500 individuals, including media notices and immediate notification of HHS.
In this session expert Jim Sheldon Dean will help you understand what isn’t a breach and under what circumstances you don’t have to consider breach notification. You’ll find out how to report the smaller breaches (less than 500 individuals), as required, within 60 days of the end of each year and you’ll know why you want to avoid a breach involving more than 500 individuals – media notices, Web site notices, and immediate notification of HHS, including posting on the HHS breach notification “wall of shame” on the Web. Jim will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI.
Highlights of the session:
- The HIPAA Breach Notification Rule has been in effect since September 23rd and most organizations are not prepared to respond to a breach of PHI and report and document it properly
- We’ll cover the essentials of information security methods you can use to keep breaches from happening. We'll also discuss the new penalties for non-compliance, including mandatory penalties for “willful neglect” that begin at $10,000
- Discuss the origins of the rule and how it works, including interactions with other HIPAA rules and penalties for violations, and recent significant changes to the rules
- Every HIPAA-covered organization will need have a process ready to perform the risk analysis and come to defensible conclusions in order to avoid violations and potential fines
- HIPAA Covered Entities and Business Associates need to know where and what information they have, so they can figure out how serious a breach may be and whom to notify if there is a good chance of harm. We’ll discuss how to know what you have and how to decide if you need to notify
- Entities can avoid notification if information has been encrypted according to Federal standards. We’ll talk about what information needs to be encrypted the most and how entities are doing it
- We’ll discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs
- We’ll help you understand what isn’t a breach and under what circumstances you don’t have to consider breach notification
- You’ll find out how to report the smaller breaches (less than 500 individuals), as required, within 60 days of the end of each year
- You’ll know why you want to avoid a breach involving more than 500 individuals – media notices, Web site notices, and immediate notification of HHS, including posting on the HHS breach notification “wall of shame” on the Web
- We will describe the most frequent kinds of HIPAA breaches and how they can be prevented
- We will show the importance of preparation and drills when it comes to breaches
- HIPAA privacy & security rules
- HIPAA breach notification rule
- New HIPAA Audit Rules
- The long path of HITECH
- Security requirement within privacy rule- 164.530(c)
- HIPAA security rule 164.306(c)
- Security rule standards(164.308, 164.310, 164.312), specifications and flexibilities
- Information security management process
- Calculating/evaluating risk
- Risk analysis guidance
- Six step to compliance
- Understanding and the steps to report a breach
- Statistics on large HIPAA breaches
- Security policy framework
- Information security management process policies
- Information system access management policies
- Backup, Disposal, and Contingency Planning Policies
- Previous years HIPAA Audit Program Results Highlights
- Change in Focus for the New Audit Program
- New Enforcement Definitions
- Tiered Penalty Structure
Get answers to your questions in a Q&A session by the speaker to help you with the doubts and queries you may have.
Who should attend: This session is appropriate for compliance manager, HIPAA officer, chief information officer, health information manager, medical office manager, medical practice lawyer, CFO, CEO, COO, privacy officer and information security officer.
Order Below or Call 1-866-458-2965 Today
- Barbara J. Cobuzzi, MBA, CPC-OTO, CPC-H, CPC-P, CPC-I, CHCC
- Debra Phairas, MBA
- Duane Abbey, Ph.D.
- John E. Steiner, Jr., Esq., CHC
- Wayne J. Miller, Esq.
- Duane Abbey, Ph.D.
About Our Speaker
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates.
Sheldon-Dean serves on the HIMSS Information Systems Security... More Info
More Events By The Speaker
- Save money on travel.
- Meet your specific training needs.
- Keep learning after the event.
- Save time training your whole staff.