The new HIPAA Omnibus rule becomes/became effective on September 23, 2013. The consequences for violation are significant. Do you know how to handle a HIPAA breach?
This webinar focuses on what you need to do in the event of a HIPAA breach including:
• Mandatory notices to patients
• Notification to governmental agencies
• Getting your own “house in order” as the government will be requesting policies, training logs, etc.
• What to do when social security numbers are disclosed
• Should you get insurance for HIPAA breaches
• Should you offer credit monitoring for impacted patients
Panelists:
Claudia Hinrichsen, The Health Law Partners
Bob Grant, The Compliancy Group
Moderator:
Marc Haskelson, President, The Compliancy Group LLC.
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
HIPPA or Health Insurance Portability and Accountability Act is a United States Legislation that offers data privacy and security provisions for securing confidential and sensitive medical information.
This slideshow provides a brief overview of the basics of HIPAA. Viewers receive a walkthrough of its' core fundamentals. This represents Part 1 of 3 in a series that educate primary care providers on achieving HIPAA compliance.
Developers building healthcare applications for mobile devices, wearables and the desktop need to understand HIPAA requirements in order to build apps that are in compliance. This deck gives application developers an overview of the HIPAA rules and what it means for their software development.
The Health Insurance Portability and Accountability Act (HIPAA) was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage – such as portability and the coverage of individuals with pre-existing conditions.
https://www.hipaajournal.com/hipaa-training-requirements/
Application Developers Guide to HIPAA ComplianceTrueVault
Software developers building mobile health applications need to be HIPAA compliant if their application will be collecting and sharing protected health information. This free plain language guide gives developers everything they need to know about mobile health app development and HIPAA.
Not every mHealth app needs to be HIPAA compliant. Not sure whether your mHealth application needs to be HIPAA compliant or not? Read the guide to find out!
Health Insurance Portability and Accountability Act (HIPPA) - KloudlearnKloudLearn
HIPPA or Health Insurance Portability and Accountability Act is a United States Legislation that offers data privacy and security provisions for securing confidential and sensitive medical information.
This slideshow provides a brief overview of the basics of HIPAA. Viewers receive a walkthrough of its' core fundamentals. This represents Part 1 of 3 in a series that educate primary care providers on achieving HIPAA compliance.
Developers building healthcare applications for mobile devices, wearables and the desktop need to understand HIPAA requirements in order to build apps that are in compliance. This deck gives application developers an overview of the HIPAA rules and what it means for their software development.
The Health Insurance Portability and Accountability Act (HIPAA) was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage – such as portability and the coverage of individuals with pre-existing conditions.
https://www.hipaajournal.com/hipaa-training-requirements/
Application Developers Guide to HIPAA ComplianceTrueVault
Software developers building mobile health applications need to be HIPAA compliant if their application will be collecting and sharing protected health information. This free plain language guide gives developers everything they need to know about mobile health app development and HIPAA.
Not every mHealth app needs to be HIPAA compliant. Not sure whether your mHealth application needs to be HIPAA compliant or not? Read the guide to find out!
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
The majority of changes to HIPAA have been introduced and strengthened by the recent passage of the HITECH and Omni-bus rules.
ControlCase HIPAA Compliance as a Service (CaaS)
is an Integration of services, software and compliance management and reporting for HIPAA, PCI, ISO 27001/2, SSAE16 and SAP through our cloud-based GRC.
While the Health Insurance Portability and Accountability Act (HIPAA) is best known for its multitude of requirements that govern the way health care providers can use, disclose, and safeguard protected health information (PHI), its reach goes far beyond that to health plans and business associates that only handle PHI on a limited basis. HIPAA implementation in these environments creates unique challenges—for example, which provisions actually need to be addressed—but with 2016 marking an all-time high for HIPAA enforcement cases, it may be more important now than ever to address HIPAA compliance.
While this presentation offers a rudimentary understanding of HIPAA as it relates to PHRs, its primary objective is to highlight key aspects of PHR privacy policies provided by non-covered entities (Microsoft & Google) and argue that HIPAA, after significant amendments, should be extended to them.
Health Insurance Portability and Accountability Act (HIPAA) ComplianceControlCase
The majority of changes to HIPAA have been introduced and strengthened by the recent passage of the HITECH and Omni-bus rules.
ControlCase HIPAA Compliance as a Service (CaaS)
is an Integration of services, software and compliance management and reporting for HIPAA, PCI, ISO 27001/2, SSAE16 and SAP through our cloud-based GRC.
While the Health Insurance Portability and Accountability Act (HIPAA) is best known for its multitude of requirements that govern the way health care providers can use, disclose, and safeguard protected health information (PHI), its reach goes far beyond that to health plans and business associates that only handle PHI on a limited basis. HIPAA implementation in these environments creates unique challenges—for example, which provisions actually need to be addressed—but with 2016 marking an all-time high for HIPAA enforcement cases, it may be more important now than ever to address HIPAA compliance.
While this presentation offers a rudimentary understanding of HIPAA as it relates to PHRs, its primary objective is to highlight key aspects of PHR privacy policies provided by non-covered entities (Microsoft & Google) and argue that HIPAA, after significant amendments, should be extended to them.
This webinar will provide a quick update on health care data privacy and security matters, including recent breaches, government enforcement actions and the rise in state law claims. We will also address the need for cyber liability insurance and provide key points in selecting the right policy or evaluating your existing policy.
On the agenda:
Basis of a Breach
Recent Settlements/Enforcement Areas
State Actions on the Rise
Need for Cyber Liability Insurance
PowerPoint presentation from the Human Subjects Research Committee at the University of North Alabama,
in Florence, AL, concerning HIPAA policies and procedures.
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
Siskinds, a leading Law Firm in Ontario, presented updates on PIPEDA legislation including what you need to know, and what you need to do in order to ensure your company is compliant.
This session will give an insight on taking precautionary measures from Cyber Security and Data Privacy standpoint to ensure in strengthening IT Security, Protecting our Data and Safeguarding the Business.
Speaker -
Kavitha Srinivasulu | Associate Director , AstraZeneca
Agenda
• Discuss how to handle patient communications
• Explain the issues involved with using Social Media
• Discuss how Social Media can work under HIPAA
• Identify guidance from HHS on patient communications
• Show what’s needed in a Social Media Policy
• Show the process that must be used in the event of breach
• Preparing for enforcement and auditing
• Learn how to approach compliance
HIPAA compliance for Business Associates- The value of compliance, how to acq...Compliancy Group
HIPAA compliance for Business Associates has become critical as you deal with medical professionals. During this webinar we will explain the law and what Business Associates need to know and do and how to differentiate your firm to acquire new and maintain current clients.
In this webinar, we will discuss:
-The steps on how to become HIPAA compliant as a Business Associate
-What an effective BAA should include
-How to help existing and new healthcare clients with compliance
-Why it is important to differentiate yourself as HIPAA compliant
Healthcare IT thought leadership and practice managers continually seek ways to foster a culture of alertness when it comes to HIPAA compliance. They have the dual challenge of staying on the right side of federal regulators and stopping would-be hackers. This is especially true given the potential impact a data breach can have on their organization’s reputation and bottom line. By reflecting on 2015, it becomes clear that covered entities and business associates alike will continue to prepare to mitigate the threat of cyber-attacks and the planned ramp up of OCR Phase 2 Audits.
HIPAA compliance Tune-up for 2016 is the topic of this webinar – which will be focused on mitigation strategies Covered Entities and BA’s alike can take to minimize the risk of data breach or actions prompting an OCR Audit.
The HIPAA Security Rule sets out strict guidelines for Covered Entities to maintain electronic records of their protected health information.
Fortunately, Omnibus allows Covered Entities to share access to their ePHI to third-party experts called Business Associates, and specifically identifies cloud service providers as viable options. This webinar will review how to leverage the cloud to safeguard your organization’s ePHI, including:
· What HIPAA requires.
· How to the assess your current protection level.
· Bridging the gap between your protection level and HIPAA requirements
Business Associates: How to differentiate your organization using HIPAA compl...Compliancy Group
Vendors that provide services to health care providers and health insurers are under increasing pressure to protect confidential patient/member information and certify compliance with HIPAA. These “business associates” must comply with numerous data privacy and security requirements under HIPAA and state law, and their ability to do so is often a key factor health care companies use when selecting a vendor. To stand out and make the sale, business associates need to be able to demonstrate robust HIPAA compliance and sufficient policies, procedures and protocols to protect their client’s sensitive data. This webinar will address what business associates need to do to comply with HIPAA and how to differentiate your organization from the competition using HIPAA compliance.
Presenter: William J. Roberts, Shipman & Goodwin LLP
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Compliancy Group
Since Omnibus started in 2013 Business Associates (BA) have scrambled to understand and adhere to the Federal Regulation. Though Omnibus alone was a reason for Business Associates to become compliant many realized that compliance could help differentiate their offerings. Helping the company retain and acquire new clients. Compliance is helping many BA’s open new revenue streams while increasing brand stickiness.
With the plethora of non-compliant Business Associates, Covered Entities are realizing that the best option for them is to choose a BA that is compliant to reduce their risk.
Have you ever felt confused by HIPAA’s complex regulations? Even if you are well versed in the laws, there are still many headache inducing intricacies. In this webinar, an experienced HIPAA auditor will highlight the basics of HIPAA, its regulations, what you need to know about it, and how it may affect you, especially with a new wave of HHS audits looming. The webinar is designed for HIPAA novices and experts alike, and all questions are encouraged in this interactive session.
HIPAA Compliance and Non-Business Associate Vendors - Strategies and Best Pra...Compliancy Group
HIPAA covered entities (including health care providers and health plans) and their business associates must be mindful of HIPAA compliance when working with other entities even when that other entity is not a business associate. Often, vendors have access to an organization’s premises or information systems which may result in incidental access to protected health information (PHI). For example, a cleaning service may have access to a medical records room or an IT support vendor may have remote access to employee workstations. While such incidental access to PHI does not make the vendor a business associate, an organization must ensure that its PHI is protected and that it complies with HIPAA. This webinar will address:
· Strategies for dealing with non-business associate vendors;
· Best practices to protect your organization; and
· Development of policies and model contract language.
How to prepare for OCR's upcoming phase 2 auditsCompliancy Group
Covered entities and business associates are on their toes awaiting the Phase 2 Audits from OCR. In this webinar we are highlighting the key points of what the OCR is looking for and how you should prepare. With the phase 2 audits being focused on the main sources of non-compliance in the Phase 1 Audits this could be the the webinar that saves your business!
Preparing for the unexpected in your medical practiceCompliancy Group
In the blink of an eye… it could all change. If you’re unprepared, a catastrophic event has the power to bring down your entire office. Learn about the best tax status for your business (HINT: it may not be what you think!), following Locum Tenens rules by the insurance companies, preparing for life insurance trusts, ensuring partnerships are not dissolved … and MORE!
HIPAA Compliance and Electronic Protected Health Information: Ignorance is no...Compliancy Group
How many electronic devices used in your organization store electronic Protected Health Information (ePHI)? If you work in a healthcare setting, this is not easily answered. While there has been considerable attention paid to ePHI stored on computers and networked servers, and recent attention given to portable devices like tablets and cell phones, one class of ePHI bearing technology remains rather mysterious – medical devices. This webinar shines a light on medical device data storage and introduces ePHI breach risks in direct patient care, clinical lab, and medical imaging settings. A brief case study for each setting will be presented.
How to Effectively Negotiate a Business Associate Agreement: What’s Importan...Compliancy Group
At some point, nearly all HIPAA covered entities and business associates must enter into business associate agreements (BAAs). Far too often though, entities commit one of two errors when doing so - they either sign a BAA “as is” without careful consideration of its terms or they negotiate each and every item in the agreement. The first error may result in significant costs and liability, and the second wastes time and money. This webinar will address the terms and conditions of BAAs that require your attention, and which ones you shouldn’t lose any sleep over. The webinar will give both covered entities and business associates the tools they need to identify and address BAA risks, while protecting their business and saving time and money.
Shipman & Goodwin LLP attorneys have negotiated thousands of BAAs for small providers, Fortune 500 companies and everyone in between.
So you finally completed the implementation of your EHR, now you are HIPAA compliant right? Sadly this is far from truth. Meaningful Use and HIPAA though containing some of the same requirements (Core Measure 9 and 15) are far from the same. Learn in this webinar the differences in HITECH Meaningful Use and HIPAA and how to help your organization satisfy both.
How to Increase Your Profits Using Patient Payments on File, Recurring and On...Compliancy Group
With the rise of High Deductible Insurance Plans and increased practice revenue coming directly from your patient receivables, it is extremely important for you to manage your patient receivables with a different mindset. Find out new ways to utilize billing options to reduce collection costs, increase profits and shorten the revenue cycle.
CardChoice International is the trusted advisor to both the American Medical Billing Association and the Practice Management Institute, and has partnered with healthcare organizations, to educate their members on the best methods for revenue cycle management.
Why a Risk Assessment is NOT Enough for HIPAA ComplianceCompliancy Group
A common misconception is that “A risk assessment makes me HIPAA compliant” Sadly this thought can cost your practice more than taking no action at all. A risk assessment is a requirement for HITECH under Meaningful Use Core Measure 15, but it does NOT make you HIPAA compliant. Furthermore it can enter you into the section of willful neglect and open your organization into the next level of fines.
Join industry experts to find out how you achieve Meaningful Use, HITECH and HIPAA compliance while protecting your practice. Don’t miss this webinar, it could be the biggest message you receive all year!
The must have tools to address your HIPAA compliance challengeCompliancy Group
A panel of experts from the companies that were chosen as “5 Key tools to help your organization achieve HIPAA compliance” In this webinar we will highlight ways for you and your organization to use tools to help make the task of HIPAA compliance easier and more effective.
Panelist:
Bob Grant ex HIPAA auditor and CCO of Compliancy Group LLC
Andy Nieto, Health IT Strategist at DataMotion
April Sage Director of Healthcare IT at Online Tech
Asaf Cidon CEO and co-founder of Sookasa
Daryl Glover Exec VP Strategic Initiatives of qliqSOFT
HIPAA MYTHS: HOW MUCH DO YOU KNOW? COMMON MYTHS DEBUNKED & EXPLAINEDCompliancy Group
HIPAA is a complex law with many ins and outs that requires a thorough understanding of the law and regulations. The complexity has given rise to numerous myths about what HIPAA actually does. To avoid creating unnecessary issues and frustration, hear about common issues that others encounter and learn how HIPAA will actually work in each circumstance. A good understanding of HIPAA will enable better compliance and make everyone happier.
What you need to know about Meaningful Use 2 & interoperabilityCompliancy Group
Does this describe you?
·You are constantly challenged to stay abreast of the latest information on EHR integration and HIE interoperability, Meaningful Use stages, the Direct Project, clinician and patient portals, just to name a few.
·You walk a fine line between adopting health information technology for the good it can bring patient outcomes…….and for the good incentive dollars it can mean to your organization.
·You play a key role in ensuring your organization can attest for meaningful use.
Join Andy Nieto, Health IT Strategist at DataMotion where he’ll explain the key role that interoperability plays in Meaningful Use Stage 2 attestation including:
- What does interoperability really mean
- Why you can’t ignore interoperability
- How to achieve interoperability and make it meaningful
- What you need in order to attest
Attend this hard hitting session where Rebecca Wiedmeyer, President of Vela Consulting Group will share her experiences helping hundreds of covered entities understand and address MU 2. In addition she will provide answers to the complexity of addressing ICD 10.
Panelists:
Rebecca Wiedmeyer, President of Vela Consulting Group
Moderator:
Marc Haskelson, President, The Compliancy Group LLC.
U.S. legislation such as the Affordable Care Act, HIPAA and HITECH outline rules governing the appropriate use of personal health information (PHI). Unfortunately, current technologies do not adequately monitor PHI use. In particular, while electronic medical records (EMR) systems maintain detailed audit logs that record each access to PHI, the logs contain too many accesses for compliance officers to practically monitor, putting PHI at risk. In this talk I will present the explanation-based auditing system, which aims to filter appropriate accesses from the audit log so compliance officers can focus their efforts on suspicious behavior. The underlying premise of the system is that most appropriate accesses to medical records occur for valid clinical or operational reasons in the process of treating a patient, while inappropriate accesses do not. I will discuss how explanations for accesses (1) capture these clinical and operational reasons, (2) can be mined directly from the EMR database, (3) can be enhanced by filling-in frequently missing types of data, and (4) can drastically reduce the auditing burden.
Explore our most comprehensive guide on lookback analysis at SafePaaS, covering access governance and how it can transform modern ERP audits. Browse now!
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
India Orthopedic Devices Market: Unlocking Growth Secrets, Trends and Develop...Kumar Satyam
According to TechSci Research report, “India Orthopedic Devices Market -Industry Size, Share, Trends, Competition Forecast & Opportunities, 2030”, the India Orthopedic Devices Market stood at USD 1,280.54 Million in 2024 and is anticipated to grow with a CAGR of 7.84% in the forecast period, 2026-2030F. The India Orthopedic Devices Market is being driven by several factors. The most prominent ones include an increase in the elderly population, who are more prone to orthopedic conditions such as osteoporosis and arthritis. Moreover, the rise in sports injuries and road accidents are also contributing to the demand for orthopedic devices. Advances in technology and the introduction of innovative implants and prosthetics have further propelled the market growth. Additionally, government initiatives aimed at improving healthcare infrastructure and the increasing prevalence of lifestyle diseases have led to an upward trend in orthopedic surgeries, thereby fueling the market demand for these devices.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptxmy Pandit
Explore the world of the Taurus zodiac sign. Learn about their stability, determination, and appreciation for beauty. Discover how Taureans' grounded nature and hardworking mindset define their unique personality.
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
Enterprise Excellence is Inclusive Excellence.pdfKaiNexus
Enterprise excellence and inclusive excellence are closely linked, and real-world challenges have shown that both are essential to the success of any organization. To achieve enterprise excellence, organizations must focus on improving their operations and processes while creating an inclusive environment that engages everyone. In this interactive session, the facilitator will highlight commonly established business practices and how they limit our ability to engage everyone every day. More importantly, though, participants will likely gain increased awareness of what we can do differently to maximize enterprise excellence through deliberate inclusion.
What is Enterprise Excellence?
Enterprise Excellence is a holistic approach that's aimed at achieving world-class performance across all aspects of the organization.
What might I learn?
A way to engage all in creating Inclusive Excellence. Lessons from the US military and their parallels to the story of Harry Potter. How belt systems and CI teams can destroy inclusive practices. How leadership language invites people to the party. There are three things leaders can do to engage everyone every day: maximizing psychological safety to create environments where folks learn, contribute, and challenge the status quo.
Who might benefit? Anyone and everyone leading folks from the shop floor to top floor.
Dr. William Harvey is a seasoned Operations Leader with extensive experience in chemical processing, manufacturing, and operations management. At Michelman, he currently oversees multiple sites, leading teams in strategic planning and coaching/practicing continuous improvement. William is set to start his eighth year of teaching at the University of Cincinnati where he teaches marketing, finance, and management. William holds various certifications in change management, quality, leadership, operational excellence, team building, and DiSC, among others.
1. Do
You
Know
How
To
Handle
A
HIPAA
Breach?
Claudia
A.
Hinrichsen,
Esq.
The
Greenberg,
Dresevic,
Hinrichsen,
Iwrey,
Kalmowitz,
Lebow
&
Pendleton
Law
Group
(516)
492-‐3390
chinrichsen@thehlp.com
2. Industry
leading
Education
Certified
Partner
Program
• Please
ask
questions
• For
todays
Slides
http://compliancy-‐group.com/slides023/
• Todays
&
Past
webinars
go
to:
http://compliancy-‐group.com/webinar/
Join
our
chat
on
Twitter
#cgwebinar
3. Agenda
I. DefiniSon
of
Breach
and
Risk
Assessment
II. NoSficaSon
obligaSons
in
event
of
HIPAA
breach
III. GeYng
you
own
“house
in
order”
IV. What
to
do
when
social
security
numbers
are
disclosed
V. Credit
monitoring
for
impacted
paSents
VI. Insurance
for
HIPAA
breaches
VII. QuesSons?
4. I
HIPAA
Omnibus
Rule
• New
HIPAA
regulaSons
became
effecSve
on
September
23,
2013
• Significant
modificaSons
made
to
HIPAA
rules,
including
breach
noSficaSon,
among
other
things
• Harm
standard
removed
• Four
factors
must
be
considered
in
risk
assessment
5. Determine
Whether
a
Breach
Occurred
• Impermissible
use
or
disclosure
of
protected
health
informaSon
(PHI)
is
presumed
to
be
a
breach
unless
the
Covered
EnSty
is
able
to
demonstrate
that
there
is
“low
probability
that
PHI
has
been
compromised.”
• Applies
to
“unsecured
PHI”
which
is
not
rendered
unusable,
unreadable,
or
indecipherable
I
6. Determine
Whether
a
Breach
Occurred
At
least
the
four
following
factors
must
be
assessed:
1) The
nature
and
extent
of
the
PHI
involved,
including
the
types
of
idenSfiers
and
the
likelihood
of
re-‐
idenSficaSon;
2) The
unauthorized
person
who
used
the
PHI
or
to
whom
the
disclosure
was
made;
3) whether
the
PHI
was
actually
acquired
or
viewed;
and
4) The
extent
to
which
the
risk
to
the
PHI
has
been
mi;gated.
I
7. I
Results
of
Risk
Assessment
• If
evaluaSon
of
the
factors
fails
to
demonstrate
that
low
probability
that
the
PHI
has
been
compromised,
breach
no;fica;on
is
required.
8. I
Example
1
• If
informaSon
containing
dates
of
health
care
service
and
diagnosis
of
certain
employees
was
impermissibly
disclosed
to
their
employer,
the
employer
may
be
able
to
determine
that
the
informaSon
pertains
to
specific
employees
based
on
the
informaSon
available
to
the
employer,
such
as
dates
of
absence
from
work.
• In
this
case,
there
may
be
more
than
a
low
probability
that
the
protected
health
informaSon
has
been
compromised.
9. I
Example
2
• If
a
laptop
computer
was
stolen
and
later
recovered
and
a
forensic
analysis
shows
that
the
protected
health
informaSon
on
the
computer
was
never
accessed,
viewed,
acquired,
transferred,
or
otherwise
compromised,
the
Covered
EnSty
could
determine
that
the
informaSon
was
not
actually
an
unauthorized
individual
even
though
the
opportunity
existed.
10. I
Example
3
• If
financial
informaSon,
such
as
credit
card
numbers
or
social
security
numbers
was
disclosed,
the
Covered
EnSty
may
determine
that
a
breach
has
occurred
as
unauthorized
use
or
disclosure
of
such
informaSon
could
increase
the
risk
of
idenSty
thef
or
financial
fraud.
11. NotiIication
Obligations
in
the
Event
of
a
HIPAA
Breach
• NoSficaSon
to
affected
individuals
• NoSficaSon
to
the
media
• NoSficaSon
to
the
Secretary
of
the
Department
of
Health
and
Human
Services
(the
Secretary)
• Other
noSficaSons
II
12. NotiIication
to
Affected
Individuals
• All
noSces
to
affected
individuals
must
be
wrihen
in
plain
language
and
include:
• A
brief
descripSon
of
what
happened,
including
the
date
of
the
breach
and
the
date
of
the
discovery
of
the
breach,
if
known;
• A
descripSon
of
the
types
of
PHI
(not
the
specific
PHI)
that
were
involved
in
the
breach
(such
as
whether
full
name,
social
security
number,
date
of
birth,
home
address,
account
number,
diagnosis,
disability
code
or
other
types
of
informaSon
were
involved);
II
13. NotiIication
to
Affected
Individuals
• Any
recommended
steps
individuals
should
take
to
protect
themselves
from
potenSal
harm
resulSng
from
the
breach;
• A
brief
descripSon
of
what
the
Covered
EnSty
is
doing
to
invesSgate
the
breach,
to
miSgate
harm
to
individuals
and
to
protect
against
any
further
breaches;
and
• Contact
informaSon
for
the
Privacy
Officer
of
the
Covered
EnSty.
II
14. II
Method
of
NotiIication
• The
covered
enSty
must
noSfy
affected
individuals
by:
1. Wrihen
noSficaSon
by
first-‐class
mail
to
the
individual
at
the
last
known
address
of
the
individual
2. If
the
individual
agrees
to
electronic
noSce
and
such
agreement
has
not
been
withdrawn,
by
electronic
mail
15. II
Method
of
NotiIication
• In
the
case
of
minors
or
individuals
who
lack
legal
capacity
due
to
a
mental
or
physical
condiSon,
the
parent
or
personal
representaSve
should
be
noSfied.
• If
the
covered
enSty
knows
that
an
individual
is
deceased,
the
noSficaSon
should
be
sent
to
the
individual's
next
of
kin
or
personal
representaSve
if
the
address
is
known.
16. II
Method
of
NotiIication
• In
urgent
situaSons
where
there
is
a
possibility
for
imminent
misuse
of
the
unsecured
PHI,
addiSonal
noSce
by
telephone
or
other
means
may
be
made.
However,
direct
wrihen
noSce
must
sSll
be
provided.
17. II
NotiIication
to
the
Media
• If
the
breach
of
unsecured
PHI
involves
more
than
500
residents
of
a
state
or
jurisdicSon,
prominent
media
outlet
must
be
noSfied
(most
likely
via
a
press
release)
without
unreasonable
delay
and
no
later
than
60
days
afer
discovery.
PLEASE
NOTE:
The
noSficaSon
to
the
media
is
not
a
subsStute
for
the
noSficaSon
to
the
individual.
18. II
NotiIication
to
the
Secretary
• For
breach
of
unsecured
PHI
that
involves
more
than
500
individuals,
the
Secretary
of
the
Department
of
Health
and
Human
Services
should
be
noSfied
via
ocrnoSficaSons.hhs.gov
without
unreasonable
delay
and
no
later
than
60
days
aBer
discovery.
19. II
NotiIication
to
the
Secretary
• If
the
breach
of
unsecured
PHI
involve
less
than
500
individuals,
the
Covered
EnSty’s
Privacy
Officer
should
maintain
an
internal
log
or
other
documentaSon
of
the
breach.
This
informaSon
should
then
be
submihed
annually
(before
March
1st)
to
the
Secretary
of
HHS
for
the
preceding
calendar
year
via
the
website.
• The
health
care
provider
should
maintain
its
internal
log
or
other
documentaSon
of
breaches
for
six
years.
23. III
Getting
Your
“House
in
Order”
• Review/update
the
pracSce’s
policies
and
procedures
• Provide
training
to
all
employees
in:
• Updated
policies
• Prompt
reporSng
• EvaluaSon
and
documentaSon
of
breaches
• Create
an
ac;on
plan
to
respond
to
security
incidents
and
breaches
• Conduct
regular
internal
audits
• Consider
geYng
insurance
for
HIPAA
breaches
24. Most
Common
Forms
of
Breach
• Impermissible
uses
and
disclosures
of
protected
health
informaSon
• Lack
of
safeguards
of
protected
health
informaSon
• Lack
of
pa5ent
access
to
their
protected
health
informaSon
• Uses
or
disclosures
of
more
than
the
Minimum
Necessary
protected
health
informaSon
• Complaints
to
the
covered
enSty
25. OfIice
of
Civil
Rights
(OCR)
Audits
• OCR
has
completed
audits
for
115
enSSes
with
a
total
of
979
audit
findings
and
observaSons:
• 293
regarding
Privacy
• 592
regarding
Security
• 94
regarding
Breach
No;fica;on
• An
evaluaSon
is
currently
underway
to
make
audits
a
permanent
part
of
enforcement
efforts.
• Security
Rule
assessment
will
be
highly
scruSnized.
III
26. IV
Social
Security
Numbers
• Most
states
have
addiSonal
laws
regulaSng
noSficaSon
of
unauthorized
disclosure
of
social
security
numbers.
• These
regulaSons
require
that
noSficaSon
be
provided
in
the
most
expediSous
Sme
possible
and
without
unreasonable
delay.
• The
person
that
owns
or
licenses
the
computerized
data
must
provide
noSce
to
the
individual.
27. IV
Social
Security
Number
Breach
• Typically
the
following
must
be
done
immediately
afer
discovery
of
the
breach:
• Detailed
noSce
to
affected
residents
within
state
• NoSficaSon
to
other
governmental
agencies,
including,
but
not
limited
to:
• State
Ahorney
General
• Department
of
State
• Consumer
ReporSng
Agencies
PLEASE
NOTE:
The
Ahorney
General
may
bring
a
civil
acSon
and
the
court
may
also
award
injuncSve
relief.
28. V
Credit-‐Monitoring
• According
to
the
U.S.
Federal
Trade
Commission,
it
takes
an
average
of
12
months
for
a
vicSm
of
idenSty
thef
to
noSce
the
crime.
• Credit-‐monitoring
services
will
regularly
alert
the
individual
of
any
changes
to
their
credit,
helping
stop
thef
before
it
gets
out
of
control.
29. V
Credit-‐Monitoring
• Covered
enSSes
and
others
who
maintain
PHI
may
need
to
offer
such
services
to
affected
individuals
to
miSgate
risk.
• Companies
such
as
IdenSty
Guard,
Equifax,
and
Experian
offer
credit-‐monitoring,
providing
credit
alerts
to
individuals
every
business
day.
• The
average
cost
of
credit
monitoring
per
person
is
$15
a
month
with
credit
alerts
which
will
report
new
accounts,
credit
inquiries,
address
changes,
changes
to
current
accounts/account
informaSon,
etc.
30. Business
Associate
Agreements
• Covered
EnSSes
should
include
indemnificaSon
language
in
their
Business
Associate
Agreement
for
any
costs
related
to
a
breach
including
free
credit-‐monitoring
for
affected
individuals.
• A
Covered
EnSty
may
also
consider
requiring
business
associates
to
have
data
breach
insurance.
V
31. VI
Cyber/Breach
Insurance
• A
recent
study
by
the
Ponemon
InsStute
reported
that
76%
of
parScipaSng
organizaSons
in
the
study
who
had
experienced
a
security
exploit
ranked
cyber
security
risks
as
high
or
higher
than
other
insurable
risks,
such
as
natural
disasters,
business
interrupSons,
and
fire.
• Many
general
liability
insurance
polices
are
excluding
data
breaches
ad
security
compromises.
32. VI
Cyber/Breach
Insurance
• Data
breach
insurance
may
be
necessary
to
cover
the
costs
of
responding
to
a
breach
and
may
include:
• Defense
costs
and
indemnity
for
a
statutory
violaSon,
regulatory
invesSgaSon,
negligence
or
breach
of
contract
• Credit
or
idenSty
costs
as
part
of
a
covered
liability
judgment,
award
or
sehlement
• Forensic
costs
incurred
in
the
defense
of
covered
claim
33. VII
Conclusion
• “Thus
far
in
2013,
48
percent
of
reported
data
breaches
in
the
United
States
have
been
in
the
medical/healthcare
industry.
In
2012,
there
were
154
breaches
in
the
medical
and
healthcare
sector,
accounSng
for
34.5
percent
of
all
breaches
in
2012,
and
2,237,873
total
records
lost.”
• ITRC
Breach
Report,
IdenSty
Thef
Resource
Center,
May
2013
• A
plan
of
acSon
is
crucial
in
order
to
appropriately
handle
a
breach.
• Proper
and
Smely
noSficaSon
is
necessary
34. HIPAA
Compliance
HITECH
Attestation
Risk
Assessment
Omnibus
Rule
Ready
Meaningful
Use
core
measure
15
Policy
&
Procedure
Templates
Free
Demo
and
60
Day
Evaluation
www.compliancy-‐group.com
HIPAA
Hotline
855.85HIPAA
855.854.4722