Laptops, Portables, and HIPAA Breaches
Avoid Sounding the Alarm by Adopting These Top Portable Device Security Strategies
The adoption of new, portable information technologies is revolutionizing the provision and documentation of health care in America. Every day, both patients and staff discover new ways to use laptops, smart phones, and tablets in health care. Healthcare IT departments are struggling to keep up with the security needs of these devices.
One of the unfortunate results of such widespread adoption of portable technologies is that without the adoption of good security practices, they can become the source of HIPAA privacy and security breaches. In fact, the largest percentage of breach issues today includes the loss or theft of portable devices containing unencrypted PHI, from hard drives and memory sticks, to laptops, and even workstations and servers. Data at rest increasingly must be encrypted to reduce the risks of breaches and their significant costs and impacts of notification. Portable devices are especially vulnerable.
The HIPAA Breach Notification Rule has been in effect since September 23, 2009, requiring all HIPAA covered entities and business associates to follow a number of steps to be in compliance in the event of a breach of the privacy and security of protected health information.
If there is a breach of PHI that risks causing financial, reputational, or other harm to an individual, the breach must be reported to the individual, and all such breaches must be reported to the Secretary of the US Department of Health and Human Services at least annually.
There are additional steps to take if the breach affects more than 500 individuals, including media notices and immediate notification of HHS. For every potential breach of PHI, the entity will have to determine if the information breached presents a reasonable risk of harm to the individuals, and take action to notify them if there is a risk of harm. Entities must adopt a breach notification policy and procedures to ensure accurate reporting and documentation of breaches, and must take steps to protect information from breaches by using encryption and proper disposal methods meeting federal standards. Entities must follow the standards and specifications of the HIPAA Security Rule to protect information from breaches.
This session will help you:
- Underline how laptops and portable devices are used in health care and what their security risks are.
- Watch out for these top privacy and security issues found by HHS investigators during HIPAA compliance audits.
- Uncover the most frequent kinds of HIPAA breaches -- involving portable devices and laptops -- and how you can prevent them.
- The necessary policies and procedures to govern the use of laptops and portable devices will be discussed.
- Emphasize the importance of preparation and drills.
- Avoid notification if information has been encrypted according to Federal standards. We’ll talk about what information needs to be encrypted the most and how other entities are doing it.
- Understand what isn’t a breach and under what circumstances you don’t have to consider breach notification.
- Demystify issues in responding to a breach involving more than 500 individuals – media notices, Web site notices, and immediate notification of HHS, including posting on the HHS breach notification “wall of shame” on the Web.
- Develop strategies to mitigate the risks of portable technology.
- Pinpoint your biggest risk issue: your staff.
- Create the right breach notification policy for your organization and follow through with it when an incident occurs.
- Discuss the use of training and documentation to mitigate risks
- Learn why incident management must be planned and executed to minimize the damage of breaches and satisfy Federal regulations.
- Check out penalties for non-compliance and recent enforcement action results.
Who should attend?
Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer
Order Below or Call 1-866-458-2965 Today
- Duane Abbey, Ph.D.
- Duane Abbey, Ph.D.
- Wayne J. Miller, Esq.
- John E. Steiner, Jr., Esq., CHC
- Barbara J. Cobuzzi, MBA, CPC-OTO, CPC-H, CPC-P, CPC-I, CHCC
- Charlene Ross, MSN, MBA, RN
About Our Speaker
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates.
Sheldon-Dean serves on the HIMSS Information Systems Security... More Info
More Events By The Speaker
- Save money on travel.
- Meet your specific training needs.
- Keep learning after the event.
- Save time training your whole staff.