How to Handle HIPAA and HITECH Act Breaches, Complaints and Investigations: Everything You Need to Know



Overview

Every covered entity and the business associate will experience one or more security incidents every year. Such incidents range from an employee forgetting to log off with no harm done because you caught it before any unauthorized person accessed the computer to a ransomware attack in which you must pay a six-figure ransom to access your data.
Serious breaches require the covered entity to report the matter to the Department of Health and Human Services (DHHS) who will post the breach on the so-called "wall of shame". Not only is the breach so publicized, it may also need to be reported to local media! Worst of all, this self-reporting can result in a seven-figure civil money penalty. Further, an entity's report and response procedure for handling these incidents is an item of high interest in DHHS audits.This Continuing Education will teach attendees everything they need to know to identify security incidents, decides which ones are breaches, and tell which ones are reportable. The training will also cover how to handle incidents to minimize harm to affected individuals and to the entity. This portion will include a practical exercise to see how the methodology works in practice.Handing outside investigations and internal complaints are also key to avoiding or minimizing liability. The training will demonstrate how to respond to these events and will have another practical exercise to show how it works in practice.The course author has successfully defended eight out of eight investigations by DHHS and provided dozens of opinions as to whether a security incident was a breach, whether it was reportable, and how to handle it

Why should you attend this seminar?

Under the HITECH Act and the Omnibus Rule, covered entities and business associates must report certain breaches of PHI to the Department of Health and Human Services. These reports can result in large civil money penalties (CMP) (fines)-as high to $4.8 million to date.
Having a proper procedure to determine whether a security incident is a breach and, if so, is it reportable is absolutely crucial. Not only can it result in a CMP, it is a priority compliance issue in the HIPAA audits that are ongoing. The possibility of a CMP is illustrated by Presence Health's $475,000 settlement with the DHHS Office of Civil Rights (OCR) 2017. And it was for late reporting. God knows how bad the monetary settlement in lieu of a CMP would be if it was non-reporting rather than late reporting
The breach occurred on October 22, 2013, when paper operating room schedules - containing the protected health information of 836 individuals - went missing from a surgical facility at Joliet, Illinois-based Presence St. Joseph Medical Center.
Presence Health didn't report that fact to OCR until January 31, 2014, more than three months later. But OCR requires all organizations to report a breach within 60 days of the first person who discovers the breach.
Virtually every healthcare entity will have security incidents. Handling them properly can prevent them ripening into a breach and even if the incident is a breach, prevent having to report them to DHHS. And can help result in no penalty or a lesser penalty than a mishandled breach.
HIPAA also requires mitigation-lessening the harm of a breach. Knowing how to properly mitigate can keep a breach from being reportable and save unnecessary costs by preventing more harm from the breach.

Areas Covered in the Session:

  • HIPAA definition of a security incident.
  • Every breach is a security incident, but not every security incident is a breach of HIPAA.
  • Reporting and responding to a security incident.
  • HIPAA definition of a breach.
  • Investigating a security incident to determine whether it is a breach.
  • Practical exercise identification of security incidents and breaches?
  • Elements of an effective security incident report and response policy and procedure.
  • Who must report a security incident and to whom and when and how and why?
  • Mitigating a security incident.
  • Training your workforce on how to handle a HIPAA security incident.
  • How do you determine whether a breach is reportable?
  • Written documentation requirements.
  • Practical exercise in determining whether a breach is reportable.
  • How to provide patients/clients their right to complain.
  • Who do they complain to?
  • How do you respond to complaints?
  • How do you respond to Office for Civil Rights investigations?
  • Conclusion and question and answer.
Who can Benefit:

HIPAA compliance officers, HIPAA Security Officers, HIPAA Privacy Officers, CFOs, CEOs, COOs, CIOs, human resources directors, business office managers, administrators, medical records personnel, health information management professionals, health care attorneys, patient accounts managers, billing services, physicians, dentists, pharmacists, physical and occupational therapists, mental and behavioral health professionals, speech and language pathologists and audiologists, nurses, chiropractors, and business associates.

  • HIPAA definition of a security incident.
  • Every breach is a security incident, but not every security incident is a breach of HIPAA.
  • Reporting and responding to a security incident.
  • HIPAA definition of a breach.
  • Investigating a security incident to determine whether it is a breach.
  • Practical exercise identification of security incidents and breaches?
  • Elements of an effective security incident report and response policy and procedure.
  • Who must report a security incident and to whom and when and how and why?
  • Mitigating a security incident.
  • Training your workforce on how to handle a HIPAA security incident.
  • How do you determine whether a breach is reportable?
  • Written documentation requirements.
  • Practical exercise in determining whether a breach is reportable.
  • How to provide patients/clients their right to complain.
  • Who do they complain to?
  • How do you respond to complaints?
  • How do you respond to Office for Civil Rights investigations?
  • Conclusion and question and answer.
Generic placeholder image

Jonathan P. Tomes

Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information.
Jon has written more than 60 books, including the following: How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know; The Compliance Guide to HIPAA and the DHHS Regulations, now in its sixth edition, along with its accompanying HIPAA Documents Resource Center CD, ; Electronic Health Records: A Practical Compliance Guide, now in its 3rd edition;; Mental and Behavioral Health and HIPAA: An Uneasy Alliance; and Have You Heard About HIPAA: A Practical HIPAA Compliance Guide for Audiologists and Speech Pathologists. 
His articles have appeared in Journal of AHIMA, Health Data Management, Medical Claims Management, Credit Card Management, Journal of the Healthcare Financial Management Association, Journal of Health Care Finance, Journal of Health Care Compliance, and ACCA Docket, among others.
Jon is a skilled attorney, having litigated hundreds of cases, including medical malpractice, Public Health Service disciplinary actions, Merit Systems Protection Board cases, physician disciplinary actions, courts-martial, and civil and criminal cases. 
He has presented programs for the American Speech-Language Hearing Association ("ASHA"), Faulkner & Gray, the American Health Information Management Association ("AHIMA"), the Healthcare Financial Management Association, ("HFMA"), the American Bar Association, the American Society of Association Executives, the Kansas City Metropolitan Bar Association, the Business Network, Lorman Business Centers, and Cross Country Education, among many others.
Jon is also President of EMR Legal, Inc., which provides HIPAA consulting, and of Veterans Press, which publishes HIPAA compliance materials, including books, training videos, and CDs, and his novels: HIPAA Hysteria, JAGC-Off: A Politically Incorrect Memoir of the Real Judge Advocate General's Corps, Lawful Orders, and A Unit of Blood.
Having gone to law school after he had completed tours of duty in the U.S. Army as an Infantry platoon leader in Vietnam and as a Military Intelligence officer in West Germany during the Cold War, Jon is also a retired military judge and JAGC officer. His military decorations include the Silver Star and the Legion of Merit.

Address:
Four Points by Sheraton Miami Airport
3570 Nw 74th Ave
Miami FL 33122 United States



If you are in a group of 2-10. Select "Multiple Attendee" and get upto 30% discount.

Single Attendee [Live]

$850.0

Single Attendee [Live+Recorded]

$2149.0 

Multiple Attendee [Live]

$1700.0 
save $170.00






No. of Attendees: 
 10% off

Multiple Attendee [Live+Recorded]

$3398.0 
save $339.80






No. of Attendees: 
 10% off

Recorded Price

$1299.0

Unlimited Attendee Recorded Price

$2999.0

Select Meal: 

    Veg       Non Veg

For group of 10+ attendee registrations,
contact customer care at: +1-717-208-866, +1-302-830-3132

The registration fee includes: the workshop; all course related materials; tea/coffee and lunch.


South Beach

No visit to Miami can be considered complete without a stop at South Beach -- the quintessential Miami hot spot. From shopping to partying, this area of Miami Beach is well-known for being a trendy locale. Depending on your personal tastes, you might enjoy spending a full weekend touring South Beach.

Seaquarium

The Miami Seaquarium is located right in the middle of the tourist area, on the causeway between downtown Miami and Key Biscayne. It's a fabulous stop where you can witness an outdoor aquarium experience that's only possible in our tropical climate. Be sure to budget enough time to spend at least half a day there!

Miami Museum of Science

Check out the latest kid-friendly exhibits at the Miami Museum of Science. You're bound to find a learning adventure for the whole family. The museum is home to the Bird of Prey Research Center and the Weintraub Observatory.If you have kids (or just like to act like them!), the Miami Children's Museum's  must-see destination. 

Everglades

With 1.5 million acres of swamps, saw-grass prairies, and sub-tropical jungles, Everglades National Park is one of the most unusual public parks in the United States. Located on the southern tip of Florida, the park is home to 14 rare and endangered species, including the American Crocodile, the Florida Panther, and the West Indian Manatee.

Seminar Id:IJ2018S5
image  Speaker: Jonathan P. Tomes
calender   Date: 03/05/2018
clock  Start Time: 06:00 AM PT | 09:00 AM ET
map  Place: Miami, Florida USA
Seminar Fee Includes:
lunch Lunch
tea AM-PM Tea/Coffee
material Seminar Material
hard_copy Hard copy of presentation
certificate Attendance Certificate
Upcoming Seminar of Jonathan P. Tomes
How to Handle HIPAA and HITECH....
By: Jonathan P. Tomes
When: 03/05/2018 | 06:00 AM PT |09:00 AM ET
Price: $850.0

More Seminar

Upcoming Seminar: Life Sciences and Healthcare
How to Handle HIPAA and HITECH....
By: Jonathan P. Tomes
When: 03/05/2018 | 06:00 AM PT |09:00 AM ET
Price: $850.0
Preparing for The New EU Medic....
By: David R Dills
When: 03/09/2018 | 6:00 AM PT |9:00 AM ET
Price: $850.0

More Seminar

Past Seminar: Life Sciences and Healthcare
    
Copyright © 2018 Compliance Key . All Rights Reserved. Back to Top