Road to HIPAA Compliance: How to Handle HIPAA and HITECH Security Breaches, Complaints, and Investigations

Duration: 60 Minutes
With the Enactment of the Modifications to HIPAA contained in the so-called HI-TECH Act and its implementing regulation, the Omnibus Rule, the law and DHHS have greatly expanded the importance of handling breaches properly. How covered entities handle security incidents, breaches, and complaints is one of the key areas that DHS audits for. In addition, it has imposed civil money penalties as high as $5.5 million for failure to handle HIPAA violations properly. Every entity has a security incident on occasion-maybe dozens a year. But which of them are actually breaches and which are reportable breaches? What should you do before reporting it to minimize liability? How do you respond to the investigation? How do you handle a complaint to minimize the chance that it will lead to an investigation and perhaps a civil money penalty? These and related questions are key to HIPAA compliance and to minimize potential liability.
HIPAA and HITECH Compliance
Instructor: Jonathan P. Tomes
Product ID: 506877
Objectives of the Presentation
  • Overview of HIPAA and the security and privacy rules
  • Preemption of state and federal law
  • What is a security incident?
  • What is a breach?
    • Definition
    • How to determine whether an incident is a breach
    • How to respond to a breach?
  • What is a reportable breach?
    • Definition
    • How to determine whether an incident is a breach
    • How to respond to a breach?
  • Complaints
    • Duties before a complaint
    • Responding to a complaint
  • How to respond to investigations
  • Conclusion and Question and Answer
Why Should you Attend
As of the so-called HI-TECH Act, covered entities and their business associates must report certain breaches of HIPAA to DHHS which can result in seven-figure fines, lawsuits, bad publicity, and other sanctions. Remediation costs may be immense, such as the $17 million incurred by Blue Cross/Blue Shield of Tennessee on top of the $1.5 million civil money penalty for not having sufficient security to prevent a burglar from stealing all their computer equipment and media with millions of individuals’ health insurance data. BCBS had to report that breach to DHHS. That is not the only method DHHS may learn of a breach, however. Civil money penalties have resulted from complaints by patients/clients, and one even resulted from a newspaper story. Civil money penalties to date range from $50,000 to two in the $4 million range. And a $50,000 or low six-figure fine may doom a small practice. And these fines cannot be discharged in bankruptcy because they are imposed as a punishment rather than compensating the government for that money it had expended. The largest civil money penalty is reserved for breaches that are not handled properly, capped at $1.5 million for identical such breaches in a calendar year. And DHHS considers that, say, if you lose an unencrypted laptop with no other reasonable and appropriate security in its place, it constitutes a separate violation for each patient's data on the lost laptop. In addition, patients and others who complain to DHHS may receive a portion of any fine, thereby providing an incentive to complain. Also, an audit by DHHS may lead to a civil money penalty.

Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million; and a county government (Skagit County in Washington State), $215,000.

In addition, other states and federal privacy laws have penalties ranging from fines, professional discipline, and lawsuits.

Who will Benefit
  • Health Professionals and their staffs
  • Privacy and Security Officers
  • Medical Records Professionals
  • IT Professionals
  • Office Managers
  • Risk Managers
  • Business Associates of Covered Entities those that provide a service for the Covered Entity involving the use of individually identifiable health information transcription services, billing services and cloud storage companies
  • Healthcare Attorneys
  • Compliance Officers
$300
Recorded Session for one participant
Get life time access with download option!
Book this course
Pay Now
  $450.00 Training CD
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
  $550.00 Training USB Flash Drive
Free shipment within 4 Working Days of placing the order. Get life time access for unlimited participants.
For multiple location please contact our customer care team +1-510-857-5896.
How it works
Live Session - How it works
  • Login to onlinecompliancepanel with your registered username and password https://www.onlinecompliancepanel.com/login
  • The webinar joining link, username and password for joining the webinar will be updated on your OCP Account 24 hours prior to the webinar
  • Presentation handouts in Downloadable PDF format will be updated on your OCP Account 24 hours prior to the live session
  • Login to the audio conference on the scheduled date and time
  • Get answers to your queries through interactive Q&A sessions via chat at the end of the session
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account 24 hours after the completion of the session
  • Please let us know your thoughts and views at the end of the webinar, your valuable feedback will help us improve
Recorded Session - How it works
  • Login to onlinecompliancepanel with your registered username and password https://www.onlinecompliancepanel.com/login
  • Upon purchase of the recorded session a link will be updated on your OCP Account within 24 hours
  • Please click on the link to access the Recorded Session
  • Presentation handouts in downloadable PDF format will be updated on your OCP Account within 24 hours of the purchase of the product
  • Download the Certificate of Attendance and Purchase Invoice from your OCP Account after 48 hours of the product Purchase
  • Please share your valuable Feedback at the end of the session
Instructor Profile:
Jonathan P. Tomes, J.D., is a health care attorney. He has written more than 60 books, including "The Compliance Guide to HIPAA and the DHHS Regulations," "The Gap Analysis Survey," "The Risk Analysis ToolKit," and dozens of articles in the area of HIPAA compliance. He has been an expert witness in litigation involving health information compliance issues and is the President of EMR Legal, Inc., a national HIPAA consulting firm. His knowledge of the law and of the practical aspects of setting up a security system provides a rare opportunity for compliance officers and medical records veterans and novices alike. Mr. Tomes has presented seminars nationally for more than 20 years.
View More