As a HIPAA covered entity, your medical establishment is required to investigate any security and privacy incident to find out whether an impermissible use or disclosure of protected health information (PHI) is a breach. Determining whether to report or not is not easy, and if the evaluation is not done correctly, you may have to pay penalties – even for small breaches – because the HHS’ regional offices are actively looking for them.
In this audio session, industry expert Jim Sheldon-Dean will show you how to create the right breach notification policy, and how to follow through when an incident occurs. Sheldon-Dean will use examples to demonstrate whether or not to report an incident as a breach, and instruct you on what steps to take when evaluating a breach.
Catch up on the US Department of Health and Human Services’ guidance on how to encrypt and prevent the need for notification in the event of lost data. Find out the four key factors to consider during risk analysis: what the data is and how well identified it is; to whom was it released and do they have obligations to protect the information; whether or not the information actually exposed; and whether or not the incident has been mitigated properly.
Understand what isn’t a breach, and under what circumstances you don’t have to consider breach notification. Learn how to report the smaller breaches (less than 500 individuals), and get clear about the consequences of a breach involving more than 500 individuals – such as media notices, Web site notices, and immediate notification by HHS, including posting on the HHS breach notification “wall of shame” on the Web. Explore the historical analysis of reported breaches and information security trends, find out how to protect information from the most common threats, and understand what kinds of efforts you should make in the future to protect the security of PHI.
After attending this information-packed session, you will be able to create the right HIPAA breach notification policy, and know how to follow through when an incident occurs. Plus, you’ll be confident in your ability to avoid noncompliance penalties.
Here’s a taste of what this session will cover:
Who Should Attend
Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...
More Events By The Speaker