This webinar will explain what Covered Entities & Business Associates must do to comply with the Breach Notification Rule. To preserve your organization's reputation and limit its financial loss you must be prepared to assess a suspected Breach and to respond properly.
1. Overview
HIPAA Breach NotificationRule - What you must
do to comply
Date: Wednesday, November 9th, 2016, Time: 01:00 PM EDT | 10:00 AM PDT
Duration: 60 Minutes
Speaker: Paul R. Hales
Final regulations for the new HIPAA Security Breach require much more than notifying
individuals affected by a Breach of their Protected Health Information. Covered Entities
and Business Associates first must follow and document a very specific process to
determine if a Breach occurred.
If no Breach occurred documentary proof must be kept for six years. If a Breach did
occur timely notifications and other actions must be undertaken and documented.
Why should you attend?
Breaches and incidents that might be Breaches happen all the time!
More than 173,000 separate breaches of Protected Health Information (PHI)
affecting less than 500 individuals were reported to the U. S. Department of Health
and Human Services between September, 2009 and May 31, 2015 and in the
same period HHS received approximately 1240 reports of PHI breaches that
affected 500 or more individuals
An acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule
is presumed to be a Breach unless it falls within an exception or the Covered Entity
or Business Associate can demonstrate a low probability that the PHI was
compromised
Not all suspected Breaches are Breaches - but you must know the rules to assess
each incident and - when appropriate - prove it was not a Breach
A Covered Entityor Business Associate has the burden to prove an acquisition,
access, use, or disclosure of PHI was not a Breach or, if a Breach occurred, that it
made all required notifications
Prominent media outlets in the region must be notified of Breaches affecting 500 or
more individuals
Register Now
2. To preserve your organization's reputation and limit its financial loss you must be
prepared to assess a suspected Breach and to respond properly and perhaps
publicly when a Breach does occur
Phishers, Hackers and Burglars are actively trying to get PHI - the FBI reported in 2014
that medical identity sells for $50 on the black market compared to $1 for a credit card or
Social Security Number.
Areas covered in the webinar
This webinar will explain:
What Covered Entities and Business Associates must do to comply with the Breach
Notification Rule
What is and is not a Breach
o Three exceptions - when an acquisition, access, use, or disclosure of PHI not
permitted by the Privacy Rule is not a Breach
o How to perform a Risk Assessment process to determine if you can
demonstrate a low probability that the PHI was compromised
Who must be notified in case of a Breach
When notifications must be provided
What information must be contained in each notification
Other requirements in case of a Breach
o Investigate
o Mitigate harm to affected individuals
o Protect against further Breaches
o Document everything
Planning and preparation for the worst - public relations and mitigation strategies to
limit damage to the organization's reputation and financial well-being
Learning objective
Breach Notification Rule Compliance Requirements
What is defined as a Breach
How to determine if a Breach occurred
How to investigate and analyze the facts of an incident that is a Potential Breach
How to do a Breach Risk Assessment to determine if there is a low probability of
compromise to PHI
In case of a breach
o Who to notify
o When notification must be made
o What information must be in each notification
3. Other things that must be done if a Breach occurred
Documentation that must be kept of all activities associate with the Breach
Notification Rule
Who will benefit
HIPAA Compliance Officials
Top Management
Health Care Providers
Practice Managers
Risk Managers
Compliance Managers
Information Systems Managers
Legal Counsel
Health Care Public Relations Consultants
Speaker profile
Paul R. Hales, J.D. is an attorney at law in St. Louis, Missouri whose practice has
included specialization in the HIPAA Privacy and Security Rules from the dates they
became effective. He provides assistance and counseling on the new, more demanding
compliance requirements of the HITECH modifications to HIPAA. Mr. Hales is licensed to
practice before the Supreme Court of the United States, Federal Appellate and District
Courts, the State Courts of Missouri and is a graduate of Columbia University Law
School.
For more information, contact support @complianceglobal.us