How to Handle HIPAA Security Incidents, Breaches, Complaints, and Investigations


Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. Jon has written more than 60 books, including the following: How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know; The Compliance Guide to HIPAA and the DHHS Regulations, now in its sixth edition, along with its accompanying HIPAA Documents Resource Center CD, ; Electronic Health Records: A Practical C........

Overview

With the Enactment of the Modifications to HIPAA contained in the so called HI-TECH Act and its implementing regulation, the Omnibus Rule, the law and DHHS have greatly expanded the importance of handling breaches properly. How covered entities handle security incidents, breaches, and complaints is one of the key areas that DHS audits for. In addition, it has imposed civil money penalties as high as $5.5 million for failure to handle HIPAA violations properly. Every entity has a security incident on occasion-maybe dozens a year. But which of them are actually breaches and which are reportable breaches? What should you do before reporting it to minimize liability? How do you respond to the investigation? How to you handle a complaint to minimize the chance that it will lead to an investigation and perhaps a civil money penalty. These and related questions are key to HIPAA compliance and to minimizing potential liability.

Why should you attend this webinar?

As of the so called HI-TECH Act, covered entities and their business associates must report certain breaches of HIPAA to DHHS which can result in seven-figure fines, lawsuits, bad publicity, and other sanctions. Remediation costs may be immense, such as the $17 million incurred by Blue Cross/Blue Shield of Tennessee on top of the $1.5 million civil money penalty for not having sufficient security to prevent a burglar from stealing all their computer equipment and media with millions of individuals health insurance data. BCBS had to report that breach to DHHS. That is not the only method DHHS may learn of a breach, however. Civil money penalties have resulted from complaints by patients/clients, and one even resulted from a newspaper story. Civil money penalties to date range from $50,000 to two in the $4 million range. And a $50,000 or low six-figure fine may doom a small practice. And these fines cannot be discharged in bankruptcy because they are imposed as a punishment rather than compensating the government for that money it had expended. The largest civil money penalty is reserved for breaches that are not handled properly, capped at $1.5 million for identical such breaches in a calendar year. And DHHS considers that, say, if you lose an unencrypted laptop with no other reasonable and appropriate security in its place, it constitutes a separate violation for each patient's data on the lost laptop. In addition, patients and others who complain to DHHS may receive a portion of any fine, thereby providing an incentive to complain. Also, an audit by DHHS may lead to a civil money penalty.
Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million; and a county government (Skagit County in Washington State), $215,000.
In addition, other state and federal privacy laws have penalties ranging from fines, professional discipline, and lawsuits.

Areas Covered in the Session:

Who can Benefit:

Health Professionals and their staffs, Privacy and Security Officers, Medical Records Professionals, IT Professionals, Office Managers, Risk Managers, Business Associates of Covered Entities those that provide a service for the Covered Entity involving the use of individually identifiable health information transcription services, billing services, cloud storage companies, and the like, Healthcare Attorneys, Compliance Officers.



Webinar Id: HIPJP007

Training Options:

Duration: 60 mins

 01/30/2018

 12:30 PM PT | 03:30 PM ET

 Single Attendee: [Only for one participant]

$179 (Live)                    $319 (Live + Recorded)

 Multiple Attendee: [For a group of 2-5 participants]

$363 (Live)                    $488 (Live + Recorded)

 Corporate Attendee: [For a group of 6-10 Participants]

$726 (Live)                    $945 (Live + Recorded)

 Recorded: [Six month unlimited access]

$237 (Single Attendee) $599 (Unlimited Attendee)

Refund Policy
Upcoming Webinar :Life Sciences and Healthcare
Understanding Medical Device Design Controls
By: Charles Paul
When: 01/22/2018 | 12:30 PM PT |03.30 PM ET
Price: $179
IDMP data collection from documents - Strategies towards IDMP compliance.
By: Joel Finkle
When: 01/23/2018 | 12.30 PM PT |03.30 PM ET
Price: $179

More Webinar

    
Copyright © 2018 Compliance Key . All Rights Reserved. Back to Top