HIPAA Breach Evaluation and Reporting - What Qualifies as a Reportable Breach and how to Report It
ENDED
Webinar by
Netzealous LLC - MentorHealth
Inquire Now
On-Site
/ Webinar
USD 139.00
Details
Training Options Duration: 90 Minutes
Friday, August 17, 2018 | 10:00 AM PDT | 01:00 PM EDT
Overview: The HIPAA Breach Notification Rule has been in effect since 2010 and has been
significantly modified in 2013. We will discuss the origins of the rule and how it works,
including interactions with other HIPAA rules and penalties for violations. Whenever there may
be a privacy issue involving Protected Health Information, there may be a reportable breach
under the HIPAA regulations. Not all privacy violations are reportable breaches, though, so it
is essential to have a good process for evaluating incidents to see if they have resulted in a
reportable breach.
Any privacy rule violation that results in an acquisition, access, use, or disclosure of PHI in
violation of the HIPAA Privacy Rule may be a breach, unless the incident is one of the defined
exceptions from the definition. A breach is reportable unless the information was secured or
destroyed in the incident, or unless a risk analysis shows that there is a low probability of
compromise of the information, based on at least four factors defined in the rules. We will
examine how to determine if a privacy violation is potentially a breach according to the
definition, and then describe the subsequent steps in the evaluation, if it is determined that
the definition has been met.
We will discuss the exceptions to the breach definition for inadvertent internal uses, or when
it can be determined that the information could not be retained in any way by the receiving
party. Entities can avoid notification if information has been encrypted according to Federal
standards. We will cover the guidance from the US Department of Health and Human Services that
shows how to encrypt so as to prevent the need for notification in the event of lost data.
Failing that, a risk analysis can be conducted to determine the probability of compromise of
the information, considering four factors: what the data is and how well identified it is, to
whom was it released and do they have obligations to protect the information, whether or not
the information actually exposed, and whether or not the incident has been mitigated properly.
However, it must be noted that any compromise of the information by Ransomware that denies
access or control of your information should be treated as a reportable breach.
We will discuss how to create the right breach notification policy for your organization and
how to follow through when an incident occurs.In addition, a policy framework to help establish
good security practices is presented. We will help you understand what isn't a breach and under
what circumstances you don't have to consider breach notification. You'll find out how to
report the smaller breaches (less than 500 individuals), and you'll know why you want to avoid
a breach involving more than 500 individuals - media notices, Web site notices, and immediate
notification of HHS, including posting on the HHS breach notification "wall of shame" on the
Web.
We will explain, based on historical analysis of reported breaches, what measures must be taken
today to protect information from the most common threats, as well as discuss information
security trends and explain what kinds of efforts will need to be undertaken in the future to
protect the security of PHI.
Why should you Attend: Breaches of Protected Health Information are becoming more and more
common, and can be a result of a variety of circumstances, from words spoken too loudly in a
public setting, to a lost thumb drive full of medical records, to files being held for ransom
by hackers. Any violation of the HIPAA Privacy Rule may be a reportable breach under the HIPAA
Breach Notification rules, requiring notification of individuals and HHS when information
security is breached. Any incident involving a HIPAA issue must be evaluated to see if it is
reportable, and any decisions or actions must be fully documented.
There is a number of steps that must be taken to determine if an incident is a breach, and
whether or not that breach is reportable. Determining whether to report or not is not
necessarily straightforward, but there are guidelines to follow to help at every step of the
way. Even Ransomware attacks by hackers may be reportable, if you lose control of your data and
don't know exactly what happened. If the evaluation of necessity to report is not done
correctly, you may not make the right decisions about reporting and be subject to penalties for
non-compliance upon an investigation of a breach by HHS. Breach investigations, even for small
breaches, are a new priority at HHS, and the HHS regional offices are taking on the job of
looking into small breaches (affecting under 500 individuals), especially when there have been
multiple breaches or repeated similar breaches.
Penalties for non-compliance can be up to $50,000 per day in cases of willful negligence, so it
is essential to evaluate incidents to see if they are reportable breaches, and act properly on
the evaluation.
Areas Covered in the Session:
The definition of a Breach under HIPAA
Evaluating the Privacy violation
Reviewing the exceptions to the definition of a breach
What is good enough encryption according to the rules
Performing the Risk Analysis to determine the necessity to report
Ransomware and Breaches - When to Report
Avoiding Breaches
The most common causes of breaches
Reporting breaches to HHS and the individuals
Reporting breaches to the press and other agencies
Documenting your analysis and decisions
Who Will Benefit:
Compliance Director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/Lawyer
Office Manager
Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems,
LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and
security regulatory compliance services to a wide variety of health care entities.
Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the
Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of
the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy
and security compliance issues at seminars and conferences, including speaking engagements at
numerous regional and national healthcare association conferences and conventions and the
annual NIST/OCR HIPAA Security Conference in Washington, D.C.
Sheldon-Dean has more than 30 years of experience in policy analysis and implementation,
business process analysis, information systems and software development. His experience
includes leading the development of health care related Web sites; award-winning, best-selling
commercial utility software; and mission-critical, fault-tolerant communications satellite
control systems. In addition, he has eight years of experience doing hands-on medical work as a
Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S.
degree, summa cum laude, from the University of Vermont and his master’s degree from the
Massachusetts Institute of Technology.
Price - $139
Contact Info:
Netzealous LLC - MentorHealth
Phone No: 1-800-385-1607
Fax: 302-288-6884
Email: [email protected]
Website: http://www.mentorhealth.com/
http://www.mentorhealth.com/control/w_product/~product_id=801354LIVE?speedycourse.com_aug_2018_SEO
Webinar Sponsorship: https://www.mentorhealth.com/control/webinar-sponsorship/
Follow us on : https://www.facebook.com/MentorHealth1
Follow us on : https://www.linkedin.com/company/mentorhealth/
Follow us on : https://twitter.com/MentorHealth1
Friday, August 17, 2018 | 10:00 AM PDT | 01:00 PM EDT
Overview: The HIPAA Breach Notification Rule has been in effect since 2010 and has been
significantly modified in 2013. We will discuss the origins of the rule and how it works,
including interactions with other HIPAA rules and penalties for violations. Whenever there may
be a privacy issue involving Protected Health Information, there may be a reportable breach
under the HIPAA regulations. Not all privacy violations are reportable breaches, though, so it
is essential to have a good process for evaluating incidents to see if they have resulted in a
reportable breach.
Any privacy rule violation that results in an acquisition, access, use, or disclosure of PHI in
violation of the HIPAA Privacy Rule may be a breach, unless the incident is one of the defined
exceptions from the definition. A breach is reportable unless the information was secured or
destroyed in the incident, or unless a risk analysis shows that there is a low probability of
compromise of the information, based on at least four factors defined in the rules. We will
examine how to determine if a privacy violation is potentially a breach according to the
definition, and then describe the subsequent steps in the evaluation, if it is determined that
the definition has been met.
We will discuss the exceptions to the breach definition for inadvertent internal uses, or when
it can be determined that the information could not be retained in any way by the receiving
party. Entities can avoid notification if information has been encrypted according to Federal
standards. We will cover the guidance from the US Department of Health and Human Services that
shows how to encrypt so as to prevent the need for notification in the event of lost data.
Failing that, a risk analysis can be conducted to determine the probability of compromise of
the information, considering four factors: what the data is and how well identified it is, to
whom was it released and do they have obligations to protect the information, whether or not
the information actually exposed, and whether or not the incident has been mitigated properly.
However, it must be noted that any compromise of the information by Ransomware that denies
access or control of your information should be treated as a reportable breach.
We will discuss how to create the right breach notification policy for your organization and
how to follow through when an incident occurs.In addition, a policy framework to help establish
good security practices is presented. We will help you understand what isn't a breach and under
what circumstances you don't have to consider breach notification. You'll find out how to
report the smaller breaches (less than 500 individuals), and you'll know why you want to avoid
a breach involving more than 500 individuals - media notices, Web site notices, and immediate
notification of HHS, including posting on the HHS breach notification "wall of shame" on the
Web.
We will explain, based on historical analysis of reported breaches, what measures must be taken
today to protect information from the most common threats, as well as discuss information
security trends and explain what kinds of efforts will need to be undertaken in the future to
protect the security of PHI.
Why should you Attend: Breaches of Protected Health Information are becoming more and more
common, and can be a result of a variety of circumstances, from words spoken too loudly in a
public setting, to a lost thumb drive full of medical records, to files being held for ransom
by hackers. Any violation of the HIPAA Privacy Rule may be a reportable breach under the HIPAA
Breach Notification rules, requiring notification of individuals and HHS when information
security is breached. Any incident involving a HIPAA issue must be evaluated to see if it is
reportable, and any decisions or actions must be fully documented.
There is a number of steps that must be taken to determine if an incident is a breach, and
whether or not that breach is reportable. Determining whether to report or not is not
necessarily straightforward, but there are guidelines to follow to help at every step of the
way. Even Ransomware attacks by hackers may be reportable, if you lose control of your data and
don't know exactly what happened. If the evaluation of necessity to report is not done
correctly, you may not make the right decisions about reporting and be subject to penalties for
non-compliance upon an investigation of a breach by HHS. Breach investigations, even for small
breaches, are a new priority at HHS, and the HHS regional offices are taking on the job of
looking into small breaches (affecting under 500 individuals), especially when there have been
multiple breaches or repeated similar breaches.
Penalties for non-compliance can be up to $50,000 per day in cases of willful negligence, so it
is essential to evaluate incidents to see if they are reportable breaches, and act properly on
the evaluation.
Areas Covered in the Session:
The definition of a Breach under HIPAA
Evaluating the Privacy violation
Reviewing the exceptions to the definition of a breach
What is good enough encryption according to the rules
Performing the Risk Analysis to determine the necessity to report
Ransomware and Breaches - When to Report
Avoiding Breaches
The most common causes of breaches
Reporting breaches to HHS and the individuals
Reporting breaches to the press and other agencies
Documenting your analysis and decisions
Who Will Benefit:
Compliance Director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/Lawyer
Office Manager
Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems,
LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and
security regulatory compliance services to a wide variety of health care entities.
Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the
Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of
the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy
and security compliance issues at seminars and conferences, including speaking engagements at
numerous regional and national healthcare association conferences and conventions and the
annual NIST/OCR HIPAA Security Conference in Washington, D.C.
Sheldon-Dean has more than 30 years of experience in policy analysis and implementation,
business process analysis, information systems and software development. His experience
includes leading the development of health care related Web sites; award-winning, best-selling
commercial utility software; and mission-critical, fault-tolerant communications satellite
control systems. In addition, he has eight years of experience doing hands-on medical work as a
Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S.
degree, summa cum laude, from the University of Vermont and his master’s degree from the
Massachusetts Institute of Technology.
Price - $139
Contact Info:
Netzealous LLC - MentorHealth
Phone No: 1-800-385-1607
Fax: 302-288-6884
Email: [email protected]
Website: http://www.mentorhealth.com/
http://www.mentorhealth.com/control/w_product/~product_id=801354LIVE?speedycourse.com_aug_2018_SEO
Webinar Sponsorship: https://www.mentorhealth.com/control/webinar-sponsorship/
Follow us on : https://www.facebook.com/MentorHealth1
Follow us on : https://www.linkedin.com/company/mentorhealth/
Follow us on : https://twitter.com/MentorHealth1
Reviews
Be the first to write a review about this course.
Write a Review
MentorHealth is a comprehensive training source for healthcare professionals. Our trainings are high on value, but not on cost. MentorHealth is the right training solution for healthcare professionals. With MentorHealth, healthcare professionals can make use of the best benefits relating to their professional training.
• They can get the benefit of advice from experts in the field.
• Healthcare professionals will have the flexibility of viewing recorded webinars at their convenience.
• MentorHealth offers online interactive participation. Using this, healthcare professionals, no matter which part of the world they are based in, will have the opportunity to listen to and interact with some of the most accomplished experts in the healthcare Industry.
MentorHealth is driven by a core objective –that of being a platform for learning and discussion to address some of the important issues and challenges that the healthcare community, consisting of healthcare workers from doctors to nurses to other support staff, is up against in today‘s scenario. Various aspects of healthcare, such as Meaningful Use, Patient Protection and Affordable Care, HIPAA, HITECH Act, Stark and Anti Kickback Act, Valid Consent, Patient Safety and Process Improvement, Patient Safety and Quality Outcomes, Healthcare Information Technology Standards Panel (HITSP), Substance Abuse and Mental Health Records, Nursing Informatics, Healthcare Disclosure, Electronic Transactions Standards such as 5010 and ICD-10, Electronic Health Records, Stimulus Code, Healthcare Information Exchange, Healthcare Information Technology, Medical Necessity, Personal Health Records, Clinical Decision Support, Financial Management and ROI, Electronic Prescribing, Healthcare Information Systems, Clinical Informatics, Insurance Claim Appeals, Auto ID and Bar Coding, Integration and Interoperability, Risk Management in the Retention and Destruction of Medical Records and Medical Records Law, to name just a few, are covered. ...
• They can get the benefit of advice from experts in the field.
• Healthcare professionals will have the flexibility of viewing recorded webinars at their convenience.
• MentorHealth offers online interactive participation. Using this, healthcare professionals, no matter which part of the world they are based in, will have the opportunity to listen to and interact with some of the most accomplished experts in the healthcare Industry.
MentorHealth is driven by a core objective –that of being a platform for learning and discussion to address some of the important issues and challenges that the healthcare community, consisting of healthcare workers from doctors to nurses to other support staff, is up against in today‘s scenario. Various aspects of healthcare, such as Meaningful Use, Patient Protection and Affordable Care, HIPAA, HITECH Act, Stark and Anti Kickback Act, Valid Consent, Patient Safety and Process Improvement, Patient Safety and Quality Outcomes, Healthcare Information Technology Standards Panel (HITSP), Substance Abuse and Mental Health Records, Nursing Informatics, Healthcare Disclosure, Electronic Transactions Standards such as 5010 and ICD-10, Electronic Health Records, Stimulus Code, Healthcare Information Exchange, Healthcare Information Technology, Medical Necessity, Personal Health Records, Clinical Decision Support, Financial Management and ROI, Electronic Prescribing, Healthcare Information Systems, Clinical Informatics, Insurance Claim Appeals, Auto ID and Bar Coding, Integration and Interoperability, Risk Management in the Retention and Destruction of Medical Records and Medical Records Law, to name just a few, are covered. ...
Related Courses
Netzealous LLC - MentorHealth
Netzealous LLC - MentorHealth
GlobalCompliancePanel
GlobalCompliancePanel
