My Cart 0 items

HIPAA and Security Breaches: Most frequent issues and causes, and trends for future threats

Training Options

  •   Duration: 90 Minutes  
  • Recorded Access recorded version only for one participant; unlimited viewing for 6 months ( Access information will be emailed 24 hours after the completion of live webinar)
    Price: US$215.00
  • Refund Policy

Overview:

The HIPAA Breach Notification Rule has been in effect since September 23, 2009 and most organizations are not prepared to respond to a breach of PHI and report and document it properly. We will discuss the origins of the rule and how it works, including interactions with other HIPAA rules and penalties for violations.

  • HIPAA Covered Entities and Business Associates need to know where and what information they have, so they can know if there has been a breach, and figure out how serious a breach may be and whom to notify if there is a good chance of harm. We’ll discuss how to know what you have and how to decide if you need to notify. We'll also cover how the harm standard may be changed when final regulations are issued, and how that may affect your organization.
  • Entities can avoid notification if information has been encrypted according to Federal standards. We’ll talk about what information needs to be encrypted the most and how entities are doing it. We'll cover the guidance from the US Department of Health and Human Services that shows how to encrypt so as to prevent the need for notification in the event of lost data.
  • We'll discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs. In addition, a policy framework to help establish good security practices is presented.
  • We'll cover the essentials of information security methods you can use to keep breaches from happening, and be in compliance with the HIPAA Security Rule as well. We'll also discuss the new penalties for non compliance, including mandatory penalties for "willful neglect" that begin at $10,000.
  • We'll help you understand what isn’t a breach and under what circumstances you don’t have to consider breach notification.
  • You'll find out how to report the smaller breaches (less than 500 individuals), as required, within 60 days of the end of each year.
  • You'll know why you want to avoid a breach involving more than 500 individuals – media notices, Web site notices, and immediate notification of HHS, including posting on the HHS breach notification “wall of shame” on the Web.
  • We will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI.
  • We will discuss the kinds of threats that exist for PHI and how they're changing as the hackers gain experience and abilities, and why you need to prepare for next-generation attacks now.
  • You will be provided tools and benefits including:
    • An understanding of the background of the Breach Notification Rule and what it calls for in the regulations.
    • Where to find the information and forms for filing breach notifications with HHS.
    • What goes into an effective breach notification policy?
    • How to prevent breaches as much as reasonably possible.
    • What steps to take when a security incident or breach has occurred?
    • How to consider the risk of harm to the individual, and the risks of reporting and not reporting an incident.
    • How to best document your incidents and breaches to withstand enforcement audits.
Areas Covered in the Session:
  • Learn about the HIPAA Breach Notification Rule
  • Find out what is a breach
  • What to do to prevent a Breach
  • What to do to prepare for a Breach
  • What to do when a Breach occurs
  • What you have to report, to whom ,and when
  • How to avoid Breach Notification
  • What are the most common types of breaches you can avoid
  • What are the new threats to the security of health information
Agenda:
  • I. Breach Notification Laws
    • State Breach Notification Laws
    • Changes to HIPAA
    • Federal Breach Notification Law and Regulation
    • The Who, What, and How of Breach Notification
  • II. Preventing and Preparing for Breaches
    • Using an Information Security Management Process
    • Using Risk Analysis and Risk Assessment
    • Most Common Types of Breaches
    • Information Security, Incident, and Breach Notification Policies
    • The Importance of Documentation
  • III. Enforcement and Audits
    • New HIPAA Violation Categories and Penalties
    • Preparing for HIPAA Audits
    • Case Studies
  • IV. Future Trends and New Threats to Prepare For
    • History vs. the Future
    • Why Attack Trends Are Changing
    • Implications of New Directions in Attacks and Targets
Who will benefit:
  • Compliance director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/lawyer
  • Office Manager
Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to health care firms and businesses throughout the Northeast and nationally. Sheldon-Dean’s firm provides a variety of advisory, training, assessment, policy development, project management and mitigation services for a number of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and co-chairs the WEDI HIPAA Updates sub-workgroup. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of New York City, New York State, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.


Related Webinars:

No Related Webinars Available

Copyright © 2017 GlobalCompliancePanel. All rights reserved. Netzealous