The HIPAA Breach Notification Rule requires all HIPAA covered entities and business associates to follow a number of steps to be in compliance in the event of a breach of the privacy and security of protected health information. If there is a breach of PHI that risks causing financial, reputational, or other harm to an individual, the breach must be reported to the individual, and all such breaches must be reported to the Secretary of the US Department of Health and Human Services at least annually. There are additional steps to take if the breach affects more than 500 individuals, including media notices and immediate notification of HHS.
Join Jim Sheldon-Dean for this 1 hour power packed event and get educated on the background of the Breach Notification Rule and what it calls for in the regulations, where to find the information and forms for filing breach notifications with HHS, what goes into an effective breach notification policy, how to prevent breaches as much as reasonably possible, What steps to take when a security incident or breach has occurred, how to consider the risk of harm to the individual, and the risks of reporting and not reporting an incident, how to best document your incidents and breaches to withstand enforcement audits, what are the most frequent reasons for breaches and how can they be prevented, how to adopt policies, train on them, and conduct drills in breach response.
Entities must adopt a breach notification policy and procedures to ensure accurate reporting and documentation of breaches, and must take steps to protect information from breaches by using encryption and proper disposal methods meeting Federal standards. Entities must follow the standards and specifications of the HIPAA Security Rule to protect information from breaches and must negotiate new Business Associate Agreements to include liability for breach notification and requirements for timely reporting to the entity.
Some of the greater issues today include the loss or theft of devices containing unencrypted PHI, from hard drives and memory sticks, to laptops, workstations, and servers. Data at rest increasingly must be encrypted to reduce the risks of breaches and their significant costs and impacts of notification. But there are more issues than lost or stolen devices, such as transmitting information to the wrong individuals, wrong addresses, or wrong fax numbers. It is essential to regularly verify all destinations for PHI, by mail, fax, or e-mail. In the future, as health information becomes more recognized for its value to identity thieves, we can expect that attacks on PHI by hackers will increase, and that all systems holding any PHI will need to be re-evaluated and revised to deter the increased threats.
Register now and see below what you'll learn:
Who should attend? Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer.
- Duane C. Abbey, Ph.D.
- Rob J. Thurston ,
- Duane C. Abbey, Ph.D.
- Gail Madison-Brown,
- Thomas J. Force, Esq.
- Barbara J. Zabawa, JD, MPH
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more...
More Events By The Speaker