Staying HIPAA compliant entails ensuring you have the right policies, procedures, and documentation, and have performed the appropriate risk analysis of confidentiality, integrity, and availability of the electronic protected health information (PHI). This course will discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs. In addition, a policy framework to help establish good security practices will be presented.
Compliance with the HIPAA Security Rule has always required that the risks to PHI be assessed and any issues be addressed by mitigation as necessary. But new changes to the HIPAA Breach Notification Rule add a new role for risk assessment, in determining whether or not a breach has a “low probability of compromise.” In addition, recent audits and enforcement actions have highlighted the requirement for performing a proper risk analysis as part of the management of security risks, and to satisfy documentation requirements.
This webinar will illustrate why good security controls and protection from breaches go hand-in-hand and are topics of current interest. You need to have good controls in place to help prevent issues that may lead to breaches, and to understand what has happened when a breach may have taken place. This session will explore the relationship of security to breach notification and shows how considering HIPAA requirements together can lead to the most secure, most compliant systems and organizations.
Using risk analysis can help you make defensible, documented decisions about your compliance in a variety of circumstances, for a variety of regulations. Risk analysis is the key to making your health information privacy and security regulatory compliance work more sensibly as well as defensibly.
The HIPAA Breach Notification Rule has been in effect since September 23, 2009 and had recently been significantly modified. The course will discuss the origins of the rule and how it works, including interactions with other HIPAA rules and penalties for violations.
HIPAA covered entities and business associates need to know where and what information they have, so they can know if there has been a breach, and then decide if they need to notify or not. The course will cover how the rules have been changed to eliminate the 'harm standard' and replace it with a risk assessment.
Entities can avoid notification if information has been encrypted according to federal standards. The webinar will cover the guidance from the US Department of Health and Human Services that shows how to encrypt so as to prevent the need for notification in the event of lost data.
It will discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs. In addition, a policy framework to help establish good security practices will be presented.
It will cover the essentials of information security methods you can use to keep breaches from happening, and stay compliant with the HIPAA Security Rule as well. The course will also discuss new penalties for non-compliance, including mandatory penalties for 'willful neglect' that begin at $10,000.
The course will help you understand what isn’t a breach and under what circumstances you don’t have to consider breach notification. Attendees will find out how to report the smaller breaches (less than 500 individuals), and learn why you want to avoid a breach involving more than 500 individuals - media notices, website notices, and immediate notification of HHS, including posting on the HHS breach notification “wall of shame” on the web.
The webinar instructor will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI.
Why Should You Attend:
Having a solid information security management process is key to ensuring you can protect your data and avoid breaches, as well as prepare you for breaches that do occur despite your best efforts.Compliance with the HIPAA Security Rule has always required that the risks to PHI be assessed and any issues be addressed by mitigation as necessary. But new changes to the HIPAA Breach Notification Rule add a new role for risk assessment, in determining whether or not a breach has a “low probability of compromise.” In addition, recent audits and enforcement actions have highlighted the requirement for performing a proper risk analysis as part of the management of security risks, and to satisfy documentation requirements.
This webinar will illustrate why good security controls and protection from breaches go hand-in-hand and are topics of current interest. You need to have good controls in place to help prevent issues that may lead to breaches, and to understand what has happened when a breach may have taken place. This session will explore the relationship of security to breach notification and shows how considering HIPAA requirements together can lead to the most secure, most compliant systems and organizations.
Areas Covered in the Webinar:
Being in compliance with HIPAA involves not only ensuring you provide the appropriate patient rights and controls on your uses and disclosures, but also that you ensure you have the right policies, procedures, and documentation, and have performed the appropriate analysis of the risks to the confidentiality, integrity, and availability of electronic protected health information.Using risk analysis can help you make defensible, documented decisions about your compliance in a variety of circumstances, for a variety of regulations. Risk analysis is the key to making your health information privacy and security regulatory compliance work more sensibly as well as defensibly.
The HIPAA Breach Notification Rule has been in effect since September 23, 2009 and had recently been significantly modified. The course will discuss the origins of the rule and how it works, including interactions with other HIPAA rules and penalties for violations.
HIPAA covered entities and business associates need to know where and what information they have, so they can know if there has been a breach, and then decide if they need to notify or not. The course will cover how the rules have been changed to eliminate the 'harm standard' and replace it with a risk assessment.
Entities can avoid notification if information has been encrypted according to federal standards. The webinar will cover the guidance from the US Department of Health and Human Services that shows how to encrypt so as to prevent the need for notification in the event of lost data.
It will discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs. In addition, a policy framework to help establish good security practices will be presented.
It will cover the essentials of information security methods you can use to keep breaches from happening, and stay compliant with the HIPAA Security Rule as well. The course will also discuss new penalties for non-compliance, including mandatory penalties for 'willful neglect' that begin at $10,000.
The course will help you understand what isn’t a breach and under what circumstances you don’t have to consider breach notification. Attendees will find out how to report the smaller breaches (less than 500 individuals), and learn why you want to avoid a breach involving more than 500 individuals - media notices, website notices, and immediate notification of HHS, including posting on the HHS breach notification “wall of shame” on the web.
The webinar instructor will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI.
Who Will Benefit:
This webinar will provide valuable assistance to all personnel in medical offices, practice groups, hospitals, academic medical centers, insurers, business associates (shredding, data storage, systems vendors, billing services, etc.). The titles are:- Compliance Director
- CEO
- CFO
- Privacy Officer
- Security Officer
- Information Systems Manager
- HIPAA Officer
- Chief Information Officer
- Health Information Manager
- Healthcare Counsel/Lawyer
- Office Manager
- Contracts Manager
Course Provider
Jim Sheldon-Dean,