The adoption of new, portable information technologies is revolutionizing the provision and documentation of health care in America. Every day, both patients and staff discover new ways to use laptops, smart phones, and tablets in health care. Healthcare IT departments are struggling to keep up with the security needs of these devices.
One of the unfortunate results of such widespread adoption of portable technologies is that without the adoption of good security practices, they can become the source of HIPAA privacy and security breaches. In fact, the largest percentage of breach issues today includes the loss or theft of portable devices containing unencrypted PHI, from hard drives and memory sticks, to laptops, and even workstations and servers. Data at rest increasingly must be encrypted to reduce the risks of breaches and their significant costs and impacts of notification. Portable devices are especially vulnerable.
The HIPAA Breach Notification Rule has been in effect since September 23, 2009, requiring all HIPAA covered entities and business associates to follow a number of steps to be in compliance in the event of a breach of the privacy and security of protected health information.
If there is a breach of PHI that risks causing financial, reputational, or other harm to an individual, the breach must be reported to the individual, and all such breaches must be reported to the Secretary of the US Department of Health and Human Services at least annually.
There are additional steps to take if the breach affects more than 500 individuals, including media notices and immediate notification of HHS. For every potential breach of PHI, the entity will have to determine if the information breached presents a reasonable risk of harm to the individuals, and take action to notify them if there is a risk of harm. Entities must adopt a breach notification policy and procedures to ensure accurate reporting and documentation of breaches, and must take steps to protect information from breaches by using encryption and proper disposal methods meeting federal standards. Entities must follow the standards and specifications of the HIPAA Security Rule to protect information from breaches.
This session will help you:
Who should attend?
Compliance Manager, HIPAA Officer, Chief Information Officer, Health Information Manager, Medical Office Manager, Medical Practice Lawyer, CFO, CEO, COO. Privacy Officer, Information Security Officer
- Duane C. Abbey, Ph.D.
- Gail Ann Madison Brown,
- Jugna Shah and Valerie A. Rinkle, MPH, MPA
- Stanley Nachimson,
- Thomas J. Force, Esq.
- Joseph Wolfe,
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more...
More Events By The Speaker