CALL US : +1 717-208-8666
You are here : Home / Webinar / Life Sciences and Healthcare (Live)
What are Reasonable and Appropriate HIPAA Security Measures?
Jonathan P. Tomes

Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the le

View More  
Often healthcare and related businesses do not understand that HIPAA is far more about policies and procedures than it is about technical security measures. The HIPAA Security Rule, for example, does not specify whether an entity must have a password system and, if it does, how many characters it must have and whether it has to be alphanumerical with one or more special characters or whether it must have some type of biometric identification such as a thumbprint reader or retinal scan. Rather, it requires a covered entity to consider what it deems to be reasonable and appropriate and memorialize it in a policy. Similarly, it does not specify what kind of shredder it must have for paper records and what kind of method of destroying electronic PHI (ePHI) (degausser, software wipe, or a sledge hammer used with vigor). Rather it requires a written destruction plan. Failure to have these policies have resulted in the Department of Health and Human Services imposing civil money penalties (CMPs) in the millions of dollars. And, they have imposed penalties for policies that HIPAA does not even mention but that a covered entity or business associate is apparently supposed to figure out if they do that activity, say telemedicine or working from home.
Why should you attend this webinar ?
DHHS and the FTC have greatly stepped up HIPAA enforcement with fines as high as $4.8 million.
Several of these sanctions involved a failure to implement reasonable and appropriate security measures.
And government sanctions are not the only penalty for a breach, such as the cost of remediation actions.
Blue Cross/Blue Shield of Tennessee settled the enforcement action with DHHS for $1.5 million but also suffered $17 million in remediation costs.
Areas Covered in the Session:
  • Understand what HIPAA requires in the way of Security Measures.
  • Understand the increased enforcement of HIPAA with emphasis on security measures.
  • Understand the Concept of Reasonable and Appropriate Security Measures.
  • Understand the DHHS Guidance on What is Reasonable and Appropriate.
  • Understand the need for Risk Analysis.
  • Understand the process for completing Risk Analysis:
  • Assemble the Risk Analysis Team.
  • Inventory assets.
  • Identify the threats/risks to those assets.
  • Quantify the risks/threats.
  • Select reasonable and appropriate, cost-effective security measures.
  • Implement the selected security measures, including training your workforce and writing policies and procedures, consents, authorizations, and the like.
  • Test and revise.
  • Understand the concept of Addressable Implementation Specifications.
  • Be Aware of State Law Guidance as to what is Reasonable and Appropriate.
Who can Benefit:
Healthcare HIPAA Security and Privacy Officers, Compliance Officers, CEOs, CFOs, Chief Information Officers, human resource officers, business managers facility administrators, medical records personnel, health information managers, health care attorneys, clinicians, nurses and business associates.
Product Id : LSHCJPT004
Training Options                        Duration: 60 mins
Recorded   (6 months unlimited access)
     Refund Policy
Past Webinar of Jonathan P. Tomes
How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know
How to Write and Adopt HIPAA Policies and Procedures
More Webinars  
Upcoming Webinar :Life Sciences and Healthcare
Transition to ISO 13485:2016
Live 07/24/2017  Time: 10:00 AM PST | 01:00 PM EST
3-Hour Virtual Seminar on HIPAA Phase 2 Audits 2017 updates - an Insiders Perspective
Live 07/24/2017  Time: 10.00 AM PST | 01.00 PM EST
More Webinars  
Past Webinar : Life Sciences and Healthcare
Preparing for Imminent Federal HIPAA Audits (Level: Beginner)
Preparing for Imminent Federal HIPAA Audits (Level:Intermediate)
More Webinars  

Customer Review




Twitter @ ComplianceKey


News Letter



Like us on Facebook

PayPal Acceptance Mark
Back to Top