HIPAA Breach Notification - New rules significantly change how you determine what to report

Why Should You Attend:

HIPAA Breach Notification rules require notification of individuals and HHS when information security is breached, and the rules for determining what to report have changed. But, many organizations are not prepared to respond to a breach of PHI and report and document it properly.

During this session, we will discuss the origins of the rule and how it works, including interactions with other HIPAA rules and penalties for violations. You will learn to figure out how serious a breach may be and whom to notify if there is a chance of compromise.

The presenter will talk about what information needs to be encrypted the most and how entities are doing it. We will cover the guidance from the US Department of Health and Human Services that shows how to encrypt so as to prevent the need for notification in the event of lost data. We will discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs.

This course will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI. We will discuss the kinds of threats that exist for PHI and how they're changing as the hackers gain experience and abilities, and why you need to prepare for next-generation attacks now.

Areas Covered in the Seminar:

1. Breach Notification Laws
1. State Breach Notification Laws
2. Changes to HIPAA
3. Federal Breach Notification Law and Regulation
4. The Who, What, and How of Breach Notification
2. Preventing and Preparing for Breaches
1. Using an Information Security Management Process
2. Using Risk Analysis and Risk Assessment
3. Most Common Types of Breaches
4. Information Security, Incident, and Breach Notification Policies
5. The Importance of Documentation
3. Enforcement and Audits
1. New HIPAA Violation Categories and Penalties
2. Preparing for HIPAA Audits
3. Case Studies
4. Future Trends and New Threats to Prepare For
1. History vs. the Future
2. Why Attack Trends Are Changing
3. Implications of New Directions in Attacks and Targets

Free Handout:

A policy framework to help establish good security practices will be presented during the webinar.

Who will Benefit:

This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc). The following personnel will benefit:

• Compliance director
• CEO
• CFO
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager

Instructor Profile:

Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, currently serves on the WEDI Breach Notification sub-workgroup, and is a recipient of the 2011 WEDI Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before regional HFMA chapter meetings and state hospital associations.

Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Follow us :