Sign for Notice Everyday    Sign Up| Sign In| Link| English|

Our Sponsors

    Receive Latest News

    Feedburner
    Share Us


    HIPAA Breach Evaluation and Reporting - What Qualifies as a Reportable Breach and how to Report It

    View: 234

    Website http://www.mentorhealth.com/control/w_product/~product_id=801354LIVE?ourglocal_aug_2018_SEO | Want to Edit it Edit Freely

    Category

    Deadline: August 16, 2018 | Date: August 17, 2018

    Venue/Country: Online, U.S.A

    Updated: 2018-06-19 20:03:47 (GMT+9)

    Call For Papers - CFP

    Training Options Duration: 90 Minutes

    Friday, August 17, 2018 | 10:00 AM PDT | 01:00 PM EDT

    Overview: The HIPAA Breach Notification Rule has been in effect since 2010 and has been

    significantly modified in 2013. We will discuss the origins of the rule and how it works,

    including interactions with other HIPAA rules and penalties for violations. Whenever there may

    be a privacy issue involving Protected Health Information, there may be a reportable breach

    under the HIPAA regulations. Not all privacy violations are reportable breaches, though, so it

    is essential to have a good process for evaluating incidents to see if they have resulted in a

    reportable breach.

    Any privacy rule violation that results in an acquisition, access, use, or disclosure of PHI in

    violation of the HIPAA Privacy Rule may be a breach, unless the incident is one of the defined

    exceptions from the definition. A breach is reportable unless the information was secured or

    destroyed in the incident, or unless a risk analysis shows that there is a low probability of

    compromise of the information, based on at least four factors defined in the rules. We will

    examine how to determine if a privacy violation is potentially a breach according to the

    definition, and then describe the subsequent steps in the evaluation, if it is determined that

    the definition has been met.

    We will discuss the exceptions to the breach definition for inadvertent internal uses, or when

    it can be determined that the information could not be retained in any way by the receiving

    party. Entities can avoid notification if information has been encrypted according to Federal

    standards. We will cover the guidance from the US Department of Health and Human Services that

    shows how to encrypt so as to prevent the need for notification in the event of lost data.

    Failing that, a risk analysis can be conducted to determine the probability of compromise of the

    information, considering four factors: what the data is and how well identified it is, to whom

    was it released and do they have obligations to protect the information, whether or not the

    information actually exposed, and whether or not the incident has been mitigated properly.

    However, it must be noted that any compromise of the information by Ransomware that denies

    access or control of your information should be treated as a reportable breach.

    We will discuss how to create the right breach notification policy for your organization and how

    to follow through when an incident occurs.In addition, a policy framework to help establish good

    security practices is presented. We will help you understand what isn't a breach and under what

    circumstances you don't have to consider breach notification. You'll find out how to report the

    smaller breaches (less than 500 individuals), and you'll know why you want to avoid a breach

    involving more than 500 individuals - media notices, Web site notices, and immediate

    notification of HHS, including posting on the HHS breach notification "wall of shame" on the

    Web.

    We will explain, based on historical analysis of reported breaches, what measures must be taken

    today to protect information from the most common threats, as well as discuss information

    security trends and explain what kinds of efforts will need to be undertaken in the future to

    protect the security of PHI.

    Why should you Attend: Breaches of Protected Health Information are becoming more and more

    common, and can be a result of a variety of circumstances, from words spoken too loudly in a

    public setting, to a lost thumb drive full of medical records, to files being held for ransom by

    hackers. Any violation of the HIPAA Privacy Rule may be a reportable breach under the HIPAA

    Breach Notification rules, requiring notification of individuals and HHS when information

    security is breached. Any incident involving a HIPAA issue must be evaluated to see if it is

    reportable, and any decisions or actions must be fully documented.

    There is a number of steps that must be taken to determine if an incident is a breach, and

    whether or not that breach is reportable. Determining whether to report or not is not

    necessarily straightforward, but there are guidelines to follow to help at every step of the

    way. Even Ransomware attacks by hackers may be reportable, if you lose control of your data and

    don't know exactly what happened. If the evaluation of necessity to report is not done

    correctly, you may not make the right decisions about reporting and be subject to penalties for

    non-compliance upon an investigation of a breach by HHS. Breach investigations, even for small

    breaches, are a new priority at HHS, and the HHS regional offices are taking on the job of

    looking into small breaches (affecting under 500 individuals), especially when there have been

    multiple breaches or repeated similar breaches.

    Penalties for non-compliance can be up to $50,000 per day in cases of willful negligence, so it

    is essential to evaluate incidents to see if they are reportable breaches, and act properly on

    the evaluation.

    Areas Covered in the Session:

    The definition of a Breach under HIPAA

    Evaluating the Privacy violation

    Reviewing the exceptions to the definition of a breach

    What is good enough encryption according to the rules

    Performing the Risk Analysis to determine the necessity to report

    Ransomware and Breaches - When to Report

    Avoiding Breaches

    The most common causes of breaches

    Reporting breaches to HHS and the individuals

    Reporting breaches to the press and other agencies

    Documenting your analysis and decisions

    Who Will Benefit:

    Compliance Director

    CEO

    CFO

    Privacy Officer

    Security Officer

    Information Systems Manager

    HIPAA Officer

    Chief Information Officer

    Health Information Manager

    Healthcare Counsel/Lawyer

    Office Manager

    Speaker Profile

    Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC,

    a Vermont-based consulting firm founded in 1982, providing information privacy and security

    regulatory compliance services to a wide variety of health care entities.

    Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the

    Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of

    the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy

    and security compliance issues at seminars and conferences, including speaking engagements at

    numerous regional and national healthcare association conferences and conventions and the annual

    NIST/OCR HIPAA Security Conference in Washington, D.C.

    Sheldon-Dean has more than 30 years of experience in policy analysis and implementation,

    business process analysis, information systems and software development. His experience includes

    leading the development of health care related Web sites; award-winning, best-selling commercial

    utility software; and mission-critical, fault-tolerant communications satellite control systems.

    In addition, he has eight years of experience doing hands-on medical work as a Vermont certified

    volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude,

    from the University of Vermont and his master’s degree from the Massachusetts Institute of

    Technology.

    Price - $139

    Contact Info:

    Netzealous LLC - MentorHealth

    Phone No: 1-800-385-1607

    Fax: 302-288-6884

    Email: supportatmentorhealth.com

    Website: http://www.mentorhealth.com/

    Webinar Sponsorship: https://www.mentorhealth.com/control/webinar-sponsorship/

    Follow us on : https://www.facebook.com/MentorHealth1

    Follow us on : https://www.linkedin.com/company/mentorhealth/

    Follow us on : https://twitter.com/MentorHealth1


    Keywords: Accepted papers list. Acceptance Rate. EI Compendex. Engineering Index. ISTP index. ISI index. Impact Factor.
    Disclaimer: ourGlocal is an open academical resource system, which anyone can edit or update. Usually, journal information updated by us, journal managers or others. So the information is old or wrong now. Specially, impact factor is changing every year. Even it was correct when updated, it may have been changed now. So please go to Thomson Reuters to confirm latest value about Journal impact factor.