HIPAA Breach Notification 2014 - HIPAA Breach Notification - Preventing and Responding to Health Information Breaches

Overview: The HIPAA Breach Notification Rule has been in effect since September 23, 2009 and had recently been significantly modified. We will discuss the origins of the rule and how it works, including interactions with other HIPAA rules and penalties for violations.
HIPAA Covered Entities and Business Associates need to know where and what information they have, so they can know if there has been a breach, and then decide if they need to notify or not. We'll cover how the rules have been changed to eliminate the "harm standard" and replace it with a risk assessment.
Entities can avoid notification if information has been encrypted according to Federal standards. We will cover the guidance from the US Department of Health and Human Services that shows how to encrypt so as to prevent the need for notification in the event of lost data.
We will discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs. In addition, a policy framework to help establish good security practices is presented.
We will cover the essentials of information security methods you can use to keep breaches from happening, and be in compliance with the HIPAA Security Rule as well. We'll also discuss the new penalties for non-compliance, including mandatory penalties for "willful neglect" that begin at $10,000.
We will help you understand what isn't a breach and under what circumstances you don't have to consider breach notification. You'll find out how to report the smaller breaches (less than 500 individuals), and you'll know why you want to avoid a breach involving more than 500 individuals - media notices, Web site notices, and immediate notification of HHS, including posting on the HHS breach notification "wall of shame" on the Web.
We will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI.
Why should you attend:
Any violation of the HIPAA Privacy Rule may be a reportable breach under the HIPAA Breach Notification rules, requiring notification of individuals and HHS when information security is breached. Any incident involving a HIPAA issue must be evaluated to see if it is reportable, and any decisions or actions must be fully documented.
Having a solid information security management process is key to ensuring you can protect your data and avoid breaches, as well as prepare you for breaches that do occur despite your best efforts.
The New Final HIPAA Breach Notification Rule now in effect requires all HIPAA covered entities and business associates to follow a number of steps to be in compliance. If there is a breach of protected health information that does not qualify for one of the reporting exceptions, the breach must be reported, unless a risk assessment shows that there is a "low probability of compromise." All reportable breaches must be reported to the Secretary of the US Department of Health and Human Services at least annually.
There are additional steps to take if the breach affects more than 500 individuals, including media notices and immediate notification of HHS.
Entities must adopt a breach notification policy and procedures to ensure accurate reporting and documentation of breaches, and must take steps to protect information from breaches by using encryption and proper disposal methods meeting Federal standards. Entities must follow the standards and specifications of the HIPAA Security Rule to protect information from breaches and must negotiate new Business Associate Agreements to include liability for breach notification and requirements for timely reporting to the entity.
Evaluation of the risk of compromise requires consideration of a number of factors and every HIPAA-covered organization will need have a process ready to perform the risk analysis and come to defensible conclusions in order to avoid violations and potential fines.
On top of all this, the landscape of information security threats and breaches is changing dramatically, requiring new kinds of security efforts and consistent application of old safeguards to protect patient information. What used to be "good enough" is no longer sufficient to properly protect PHI.
Areas Covered in the Session:
Breach Notification Laws
State Breach Notification Laws
Changes to HIPAA Breach Notification
Federal Breach Notification Law and Regulation
The Who, What, and How of Breach Notification
The Risk Assessment Process in Breach Notification
Preventing and Preparing for Breaches
Using an Information Security Management Process
Using Risk Analysis and Risk Assessment Before a Breach
Most Common Types of Breaches
Information Security, Incident, and Breach Notification Policies
The Importance of Documentation
Enforcement and Audits
New HIPAA Violation Categories and Penalties
Preparing for HIPAA Audits
Case Studies
Future Trends and New Threats to Prepare For
History vs. the Future
Why Security Trends Are Changing
Implications of New Directions in Attacks and Targets
Who Will Benefit:
Compliance Director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
MentorHealth
Roger Steven
Phone No: 800-385-1607
FaX: 302-288-6884
webinars-AT-mentorhealth.com
Event Link: http://www.mentorhealth.com/control/w_product/~pro...
http://www.mentorhealth.com/