Share Your Research, Maximize Your Social Impacts
Main Menu
Searching By
PARTNERS
HIPAA Breach 2013 - New HIPAA Breach Notification Rules - New Process Required for Determining Necessity to Notify
Date2013-12-19
Deadline2013-12-18
Venueonline event, USA - United States 
Keywordsonline healthcare trainings; online hipaa training; Medical Training
Websitehttp://bit.ly/HGs4Tu
Topics/Call fo Papers
Overview: The HIPAA Breach Notification Rule has been in effect since September 23, 2009 and many organizations are not prepared to respond to a breach of PHI and report and document it properly. We will discuss the origins of the rule and how it works, including interactions with other HIPAA rules and penalties for violations, and recent significant changes to the rules.
The old "harm standard" for determining whether or not to report a breach has been replaced by a new process requiring a risk assessment to see if there is "low probability of compromise" or not. Unless one of the exceptions for reporting is met, the breach must be reported if there is greater than a "low" probability of compromise.
HIPAA Covered Entities and Business Associates need to know where and what information they have, so they can know if there has been a breach, and figure out if it meets an exception, and then determine if it has a "low probability of compromise." We'll discuss how to know what kind of breach you have and how to decide if you need to notify. We'll also cover how the rules have been changed to eliminate the "harm standard" and replace it with the risk assessment.
Entities can avoid notification if information has been encrypted according to Federal standards. We'll talk about what information needs to be encrypted the most and how entities are doing it. We will cover the guidance from the US Department of Health and Human Services that shows how to encrypt so as to prevent the need for notification in the event of lost data.
We will discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs. In addition, a policy framework to help establish good security practices is presented.
We will cover the essentials of information security methods you can use to keep breaches from happening, and be in compliance with the HIPAA Security Rule as well. We'll also discuss the new penalties for non compliance, including mandatory penalties for "willful neglect" that begin at $10,000.
We will help you understand what isn't a breach and under what circumstances you don't have to consider breach notification. You'll find out how to report the smaller breaches (less than 500 individuals), as required, within 60 days of the end of each year and you'll know why you want to avoid a breach involving more than 500 individuals ? media notices, Web site notices, and immediate notification of HHS, including posting on the HHS breach notification “wall of shame” on the Web.
We will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI. We will discuss the kinds of threats that exist for PHI and how they're changing as the hackers gain experience and abilities, and why you need to prepare for next-generation attacks now.
Areas Covered in the Session:
Breach Notification Laws
State Breach Notification Laws
Changes to HIPAA Breach Notification
Federal Breach Notification Law and Regulation
The Who, What, and How of Breach Notification
The Risk Assessment Process in Breach Notification
Preventing and Preparing for Breaches
Using an Information Security Management Process
Using Risk Analysis and Risk Assessment Before a Breach
Most Common Types of Breaches
Information Security, Incident, and Breach Notification Policies
The Importance of Documentation
Enforcement and Audits
New HIPAA Violation Categories and Penalties
Preparing for HIPAA Audits
Case Studies
Future Trends and New Threats to Prepare For
History vs. the Future
Why Security Trends Are Changing
Implications of New Directions in Attacks and Targets
Who Will Benefit:
Compliance Director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
MentorHealth
webinars-AT-mentorhealth.com
Phone No: 800-385-1607
FaX: 302-288-6884
Event Link: http://bit.ly/HGs4Tu
The old "harm standard" for determining whether or not to report a breach has been replaced by a new process requiring a risk assessment to see if there is "low probability of compromise" or not. Unless one of the exceptions for reporting is met, the breach must be reported if there is greater than a "low" probability of compromise.
HIPAA Covered Entities and Business Associates need to know where and what information they have, so they can know if there has been a breach, and figure out if it meets an exception, and then determine if it has a "low probability of compromise." We'll discuss how to know what kind of breach you have and how to decide if you need to notify. We'll also cover how the rules have been changed to eliminate the "harm standard" and replace it with the risk assessment.
Entities can avoid notification if information has been encrypted according to Federal standards. We'll talk about what information needs to be encrypted the most and how entities are doing it. We will cover the guidance from the US Department of Health and Human Services that shows how to encrypt so as to prevent the need for notification in the event of lost data.
We will discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs. In addition, a policy framework to help establish good security practices is presented.
We will cover the essentials of information security methods you can use to keep breaches from happening, and be in compliance with the HIPAA Security Rule as well. We'll also discuss the new penalties for non compliance, including mandatory penalties for "willful neglect" that begin at $10,000.
We will help you understand what isn't a breach and under what circumstances you don't have to consider breach notification. You'll find out how to report the smaller breaches (less than 500 individuals), as required, within 60 days of the end of each year and you'll know why you want to avoid a breach involving more than 500 individuals ? media notices, Web site notices, and immediate notification of HHS, including posting on the HHS breach notification “wall of shame” on the Web.
We will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI. We will discuss the kinds of threats that exist for PHI and how they're changing as the hackers gain experience and abilities, and why you need to prepare for next-generation attacks now.
Areas Covered in the Session:
Breach Notification Laws
State Breach Notification Laws
Changes to HIPAA Breach Notification
Federal Breach Notification Law and Regulation
The Who, What, and How of Breach Notification
The Risk Assessment Process in Breach Notification
Preventing and Preparing for Breaches
Using an Information Security Management Process
Using Risk Analysis and Risk Assessment Before a Breach
Most Common Types of Breaches
Information Security, Incident, and Breach Notification Policies
The Importance of Documentation
Enforcement and Audits
New HIPAA Violation Categories and Penalties
Preparing for HIPAA Audits
Case Studies
Future Trends and New Threats to Prepare For
History vs. the Future
Why Security Trends Are Changing
Implications of New Directions in Attacks and Targets
Who Will Benefit:
Compliance Director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/lawyer
Office Manager
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
MentorHealth
webinars-AT-mentorhealth.com
Phone No: 800-385-1607
FaX: 302-288-6884
Event Link: http://bit.ly/HGs4Tu
Other CFPs
Last modified: 2013-11-22 16:28:22