Objectives of the Presentation
Why should you Attend
- What is a security incident?
- How do you investigate a security incident to determine whether it is a breach?
- What is a security breach?
- What is a reportable security breach?
- How do you report a security breach to minimize liability?
- How do you minimize harm to the subjects of the breach to minimize liability?
- How do you respond to investigations by DHHS?
Privacy officers, security officers, compliance officers and healthcare attorneys who may have to decide whether a breach of health information is reportable absolutely need to know the rules so that they don't expose their covered entities, such as healthcare providers and health plans and now business associates of covered entities to seven-figure liability for failure to properly handle such a breach.
Who will Benefit
- The HIPAA definition of a security incident
- Your internal definition
- HIPAA's definition
- The HIPAA definition of a breach
- The HIPAA definition of a reportable breach
- The HIPAA test for whether a breach is reportable using the National Institute for Standards and Technology (NIST) test
- Example of a NIST analysis
- How do you report a breach?
- To affected individuals
- To DHHS
- To others
- How do you mitigate the harm of a breach?
- To the subjects of the breach
- To your organization
- How do you respond if DHHS investigates the breach?
HIPAA compliance officers, HIPAA security officers, HIPAA privacy officers, CFOs, CEOs, COOs, CIOs, human resources directors, business office managers, administrators, medical records personnel, health information management professionals, health care attorneys, patient accounts managers, billing services, physicians, dentists, pharmacists, physical and occupational therapists, mental and behavioral health professionals, speech and language pathologists and audiologists, nurses, chiropractors and business associates.
HIPAA, the HITECH Act and now changes under the Omnibus Rule require covered entities and business associates to report certain breaches. Not all security incidents are breaches, and not all breaches are reportable breaches. This webinar will explain the law in easy-to-understand terms to help covered entities and business associates comply as quickly, easily, and effectively as possible in case they experience a reportable breach so that they can stand a better chance of avoiding as much as a seven-figure fine for violation of the HIPAA Breach Notification Rule. This webinar will also help you learn how not to report something that you don't need to report that might get you on the DHHS radar screen unnecessarily. This webinar will teach you how to frame what happened, if you do need to report it, so as to minimize your potential liability.