ComplianceOnline

HIPAA Breach Evaluation and Reporting - What Qualifies as a Reportable Breach and How to Report It

Instructor: Jim Sheldon-Dean
Product ID: 705214
  • 14
  • December 2017
    Thursday
  • 10:00 AM PST | 01:00 PM EST
    Duration: 90 Min

Live Online Training
December 14, Thursday 10:00 AM PST | 01:00 PM EST | Duration: 90 Min

$199.00
One Dial-in One Attendee
$499.00
Group-Max. 10 Attendees/Location
(For Multiple Locations Contact Customer Care)
Get CD free on purchase of Group ticket

recorded version

$249.00
1x Person - Unlimited viewing for 6 Months
(For multiple locations contact Customer Care)
Recorded Link and Ref. material will be available in My CO Section 48 hrs after completion of Live training

Training CD

$349.00
One CD is for usage in one location only.
(For multiple locations contact Customer Care)
CD and Ref. material will be shipped within 15 business days after completion of Live training

Combo Offers

Live + Recorded Version

$349.00

Live + Training CD

$399.00

Customer Care

Fax: +1-650-565-8542

Email: customercare@complianceonline.com

Read Frequently Asked Questions

This training program will discuss the origin of the HIPAA Breach Notification Rule, how it works, including interactions with other HIPAA rules and penalties for violations. It will also explain how to create the right breach notification policy for your organization and best practices to follow through when an incident occurs.

Why Should You Attend:

The HIPAA Breach Notification Rule has been in effect since 2010 and has been significantly modified in 2013. Whenever there may be a privacy issue involving Protected Health Information, there may be a reportable breach under the HIPAA regulations. Not all privacy violations are reportable breaches, though, so it is essential to have a good process for evaluating incidents to see if they have resulted in a reportable breach. The training program will examine how to determine if a privacy violation is potentially a breach according to the definition, and then describe the subsequent steps in the evaluation, if it is determined that the definition has been met. It will discuss the exceptions to the breach definition for inadvertent internal uses, or when it can be determined that the information could not be retained in any way by the receiving party. Entities can avoid notification if information has been encrypted according to Federal standards. The instructor will cover the guidance from the US Department of Health and Human Services that shows how to encrypt so as to prevent the need for notification in the event of lost data. Failing that, a risk analysis can be conducted to determine the probability of compromise of the information, considering four factors: what the data is and how well identified it is, to whom was it released and do they have obligations to protect the information, whether or not the information actually exposed, and whether or not the incident has been mitigated properly. However, it must be noted that any compromise of the information by Ransomware that denies access or control of your information should be treated as a reportable breach.

The webinar will also discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs. In addition, a policy framework to help establish good security practices is presented.

It will help you understand what isn’t a breach and under what circumstances you don’t have to consider breach notification. Attendees will find out how to report the smaller breaches (less than 500 individuals), and will know why they want to avoid a breach involving more than 500 individuals – media notices, Web site notices, and immediate notification of HHS, including posting on the HHS breach notification “wall of shame” on the Web.

We will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI.

Areas Covered in the Webinar:

  • The definition of a Breach under HIPAA
  • Evaluating the Privacy violation
  • Reviewing the exceptions to the definition of a breach
  • What is good enough encryption according to the rules
  • Performing the risk analysis to determine the necessity to report
  • Ransomware and breaches – When to report
  • Avoiding Breaches
  • The most common causes of breaches
  • Reporting breaches to HHS and the individuals
  • Reporting breaches to the press and other agencies
  • Documenting your analysis and decisions

Who Will Benefit:

This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc). Employees who will benefit include:

  • Compliance director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/Lawyer
  • Office Manager
  • Contracts Manager
Instructor Profile:
Jim Sheldon-Dean

Jim Sheldon-Dean
Principal and Director of Compliance Services, Lewis Creek Systems, LLC

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than 16 years of experience specializing in HIPAA compliance, more than 34 years of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician.

Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Topic Background:

Breaches of Protected Health Information are becoming more and more common, and can be a result of a variety of circumstances, from words spoken too loudly in a public setting, to a lost thumb drive full of medical records, to files being held for ransom by hackers.

Any violation of the HIPAA Privacy Rule may be a reportable breach under the HIPAA Breach Notification rules, requiring notification of individuals and HHS when information security is breached. Any incident involving a HIPAA issue must be evaluated to see if it is reportable, and any decisions or actions must be fully documented.

There are number of steps that must be taken to determine if an incident is a breach, and whether or not that breach is reportable. Determining whether to report or not is not necessarily straightforward, but there are guidelines to follow to help at every step of the way. Even Ransomware attacks by hackers may be reportable, if you lose control of your data and don’t know exactly what happened. If the evaluation of necessity to report is not done correctly, you may not make the right decisions about reporting and be subject to penalties for non-compliance upon an investigation of a breach by HHS. Breach investigations, even for small breaches, are a new priority at HHS, and the HHS regional offices are taking on the job of looking into small breaches (affecting under 500 individuals), especially when there have been multiple breaches or repeated similar breaches.

Penalties for non-compliance can be up to $50,000 per day in cases of willful negligence, so it is essential to evaluate incidents to see if they are reportable breaches, and act properly on the evaluation.

Follow us :
Project Management in Human Resources - 80334SEM
Computer System Validation - Reduce Costs and Avoid 483s

Refund Policy

Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. ComplianceOnline would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange.

Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time.

If you have any concern about the content of the webinar and not satisfied please contact us at below email or by call mentioning your feedback for resolution of the matter.

We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email customercare@complianceonline.com call +1-888-717-2436 (Toll Free).

Product Reviews

This product hasn't received any reviews yet. Be the first to review this product! Write review

Best Sellers
You Recently Viewed
    Loading