HIPAA Breaches: Issues Today And Future Trends
Avoid The HHS Breach Notification "Wall Of Shame"
The HIPAA Breach Notification Rule requires all HIPAA covered entities and business associates to follow a number of steps to be in compliance in the event of a breach of the privacy and security of protected health information. If there is a breach of PHI that risks causing financial, reputational, or other harm to an individual, the breach must be reported to the individual, and all such breaches must be reported to the Secretary of the US Department of Health and Human Services at least annually. There are additional steps to take if the breach affects more than 500 individuals, including media notices and immediate notification of HHS.
Join Jim Sheldon-Dean for this 1 hour power packed event and get educated on the background of the Breach Notification Rule and what it calls for in the regulations, where to find the information and forms for filing breach notifications with HHS, what goes into an effective breach notification policy, how to prevent breaches as much as reasonably possible, What steps to take when a security incident or breach has occurred, how to consider the risk of harm to the individual, and the risks of reporting and not reporting an incident, how to best document your incidents and breaches to withstand enforcement audits, what are the most frequent reasons for breaches and how can they be prevented, how to adopt policies, train on them, and conduct drills in breach response.
Entities must adopt a breach notification policy and procedures to ensure accurate reporting and documentation of breaches, and must take steps to protect information from breaches by using encryption and proper disposal methods meeting Federal standards. Entities must follow the standards and specifications of the HIPAA Security Rule to protect information from breaches and must negotiate new Business Associate Agreements to include liability for breach notification and requirements for timely reporting to the entity.
Some of the greater issues today include the loss or theft of devices containing unencrypted PHI, from hard drives and memory sticks, to laptops, workstations, and servers. Data at rest increasingly must be encrypted to reduce the risks of breaches and their significant costs and impacts of notification. But there are more issues than lost or stolen devices, such as transmitting information to the wrong individuals, wrong addresses, or wrong fax numbers. It is essential to regularly verify all destinations for PHI, by mail, fax, or e-mail. In the future, as health information becomes more recognized for its value to identity thieves, we can expect that attacks on PHI by hackers will increase, and that all systems holding any PHI will need to be re-evaluated and revised to deter the increased threats.
Register now and see below what you'll learn:
- The HIPAA Breach Notification Rule has been in effect since September 23, 2009 and most organizations are not prepared to respond to a breach of PHI and report and document it properly.
- HIPAA Covered Entities and Business Associates need to know where and what information they have, so they can figure out how serious a breach may be and whom to notify if there is a good chance of harm. We’ll discuss how to know what you have and how to decide if you need to notify.
- Entities can avoid notification if information has been encrypted according to Federal standards. We’ll talk about what information needs to be encrypted the most and how entities are doing it.
- We’ll discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs.
- We’ll cover the essentials of information security methods you can use to keep breaches from happening.
- We’ll help you understand what isn’t a breach and under what circumstances you don’t have to consider breach notification.
- You’ll find out how to report the smaller breaches (less than 500 individuals), as required, within 60 days of the end of each year.
- You’ll know why you want to avoid a breach involving more than 500 individuals – media notices, Web site notices, and immediate notification of HHS, including posting on the HHS breach notification “wall of shame” on the Web.• We will describe the most frequent kinds of HIPAA breaches and how they can be prevented
- We will show the importance of preparation and drills when it comes to breaches
Who should attend? Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer.
Order Below or Call 1-866-458-2965 Today
About Our Speaker
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates.
Sheldon-Dean serves on the HIMSS Information Systems Security... More Info
More Events By The Speaker
- Save money on travel.
- Meet your specific training needs.
- Keep learning after the event.
- Save time training your whole staff.