ComplianceOnline

Register

Toll Free: +1-888-717-2436


customer care
Fax: +1-650-963-2556
Email: editor@complianceonline.com
Read Frequently Asked Questions

HIPAA Breach Notification: Avoiding the fines and costs of healthcare information breaches and what to do when you have a breach

Buy Now Section

This 90-minute webinar on HIPAA Breach Notification will show how to create an effective breach notification policy for your organization and how to follow through when a breach occurs. You will learn about the kinds of threats that exist for PHI, information security methods you can use to keep breaches from happening, and be in compliance with the HIPAA Security Rule as well.

Speaker
Instructor: Jim Sheldon-Dean
Product ID: 702310

Why Should You Attend:

The HIPAA Breach Notification Rule has been in effect since September 23, 2009 and most organizations are not prepared to respond to a breach of PHI and report and document it properly. We will discuss the origins of the rule and how it works, including interactions with other HIPAA rules and penalties for violations.

The presentation will cover what goes into an effective breach notification policy, how to prevent breaches as much as reasonably possible and what steps to take when a security incident or breach has occurred. We will cover the essentials of information security methods you can use to keep breaches from happening, and be in compliance with the HIPAA Security Rule as well. We'll also discuss the new penalties for non compliance, including mandatory penalties for "willful neglect" that begin at $10,000.

The presenter will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI. We will discuss the kinds of threats that exist for PHI and how they're changing as the hackers gain experience and abilities, and why you need to prepare for next-generation attacks now.

Learning Objectives:

Areas Covered in the Seminar:

Who Will Benefit:

Medical offices, practice groups, hospitals, academic medical centers, insurers and business associates (shredding, data storage, systems vendors, billing services, etc.) will also benefit.

Instructor Profile:

Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before regional HFMA chapter meetings and state hospital associations.

Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Topic Background:

HIPAA Breach Notification rules require notification of individuals and HHS when information security is breached, and the history and trends of breaches indicate that the threats are changing.

The new HIPAA Breach Notification Rule required by the HITECH Act within the American Recovery and Reinvestment Act of 2009 went into effect September 23, 2009, requiring all HIPAA covered entities and business associates to follow a number of steps to be in compliance. If there is a breach of protected health information that risks causing financial, reputational, or other harm to an individual, the breach must be reported to the individual, and all such breaches must be reported to the Secretary of the US Department of Health and Human Services at least annually.

There are additional steps to take if the breach affects more than 500 individuals, including media notices and immediate notification of HHS. For every potential breach of PHI, the entity will have to determine if the information breached presents a reasonable risk of harm to the individuals, and take action to notify them if there is a risk of harm. Entities should also be aware that the harm standard may be modified upon release of a final rule, and entities should be ready to adjust to changes in the rules.

Entities must adopt a breach notification policy and procedures to ensure accurate reporting and documentation of breaches, and must take steps to protect information from breaches by using encryption and proper disposal methods meeting Federal standards. Entities must follow the standards and specifications of the HIPAA Security Rule to protect information from breaches and must negotiate new Business Associate Agreements to include liability for breach notification and requirements for timely reporting to the entity.

On top of all this, the landscape of information security threats and breaches is changing dramatically, requiring new kinds of security efforts and consistent application of old safeguards to protect patient information. What used to be "good enough" is no longer sufficient to properly protect PHI.

Bookmark and Share
Refund Policy
"Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance.
ComplianceOnline would process/provide refund only if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange. Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs."
For substitution, please email editor@complianceonline.com or call +1-650-620-3937.

Analytical Instrument Qualification and System Validation - 80113SEM
GMP Compliance for Quality Control and Contract Laboratories - 80112SEM
Testimonials:
Time offered-over lunch- was a great idea. Length was good and excellent resources presented for more in depth research.
- Anonymous

Review this training

Training Options Training Duration = 90 Min
$299.00 Access Recorded Version Only
One Person - Unlimited viewing for 6 Months
(For multiple licenses contact Customer Care)
Recorded Link and Ref. material will be available in My CO Section
$449.00 Get Training CD Only
One CD is for usage in one location only.
(For multiple locations contact Customer Care)
CD and Ref. material will be shipped within 15 business days