What are Reasonable and Appropriate HIPAA Security Measures?

Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized aut....


Often healthcare and related businesses do not understand that HIPAA is far more about policies and procedures than it is about technical security measures. The HIPAA Security Rule, for example, does not specify whether an entity must have a password system and, if it does, how many characters it must have and whether it has to be alphanumerical with one or more special characters or whether it must have some type of biometric identification such as a thumbprint reader or retinal scan. Rather, it requires a covered entity to consider what it deems to be reasonable and appropriate and memorialize it in a policy. Similarly, it does not specify what kind of shredder it must have for paper records and what kind of method of destroying electronic PHI (ePHI) (degausser, software wipe, or a sledge hammer used with vigor). Rather it requires a written destruction plan. Failure to have these policies have resulted in the Department of Health and Human Services imposing civil money penalties (CMPs) in the millions of dollars. And, they have imposed penalties for policies that HIPAA does not even mention but that a covered entity or business associate is apparently supposed to figure out if they do that activity, say telemedicine or working from home.

Why should you attend this webinar?

DHHS and the FTC have greatly stepped up HIPAA enforcement with fines as high as $4.8 million.
Several of these sanctions involved a failure to implement reasonable and appropriate security measures.
And government sanctions are not the only penalty for a breach, such as the cost of remediation actions.
Blue Cross/Blue Shield of Tennessee settled the enforcement action with DHHS for $1.5 million but also suffered $17 million in remediation costs.

Areas Covered in the Session:

  • Understand what HIPAA requires in the way of Security Measures.
  • Understand the increased enforcement of HIPAA with emphasis on security measures.
  • Understand the Concept of Reasonable and Appropriate Security Measures.
  • Understand the DHHS Guidance on What is Reasonable and Appropriate.
  • Understand the need for Risk Analysis.
  • Understand the process for completing Risk Analysis:
  • Assemble the Risk Analysis Team.
  • Inventory assets.
  • Identify the threats/risks to those assets.
  • Quantify the risks/threats.
  • Select reasonable and appropriate, cost-effective security measures.
  • Implement the selected security measures, including training your workforce and writing policies and procedures, consents, authorizations, and the like.
  • Test and revise.
  • Understand the concept of Addressable Implementation Specifications.
  • Be Aware of State Law Guidance as to what is Reasonable and Appropriate.

Who can Benefit:

Healthcare HIPAA Security and Privacy Officers, Compliance Officers, CEOs, CFOs, Chief Information Officers, human resource officers, business managers facility administrators, medical records personnel, health information managers, health care attorneys, clinicians, nurses and business associates.

Webinar Id: LSHCJPT004

Training Options:

Duration: 60 mins

 Recorded: [Six month unlimited access]

 $217(Single Attendee) $599 (Unlimited Attendee)

Refund Policy
Upcoming Webinar of Jonathan P. Tomes
How to do a HIPAA risk analysis
By: Jonathan P. Tomes
When: 08/23/2017 | 12:30 AM PST | 03.30 PM EST
Price: $179

More Webinar

Upcoming Webinar :Life Sciences and Healthcare
Tis the Season: Navigating the Compliance Challenges with Holiday Gifts
By: Jay Anstine
When: 11/15/2017 | 12.30 PM PST | 03.30 PM EST
Price: $179
Looking Inward: Assessing the Effectiveness of Your Compliance Program.
By: Jay Anstine
When: 10/11/2017 | 10.00 AM PST | 01.00 PM EST
Price: $179

More Webinar

Copyright © 2017 Compliance Key . All Rights Reserved. Back to Top