What Does the Term "Reasonable and Appropriate" Mean under HIPAA? And How Do You Achieve It?

Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. Jon has written more than 60 books, including the following: How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know; The Compliance Guide to HIPAA and the DHHS Regulations, now in its sixth edition, along with its accompanying HIPAA Documents Resource Center CD, ; Electronic Health Records: A Practical C........


The HIPAA Security Rule requires covered entities and business associates to implement "reasonable and appropriate" security measures to protect against improper access, use, or disclosure of Protected Health Information ("PHI"). The Rule, however, gives very little guidance as to what constitutes reasonable and appropriate security measures. This is probably a good thing because what is reasonable and appropriate for a small town dental practice will likely be wildly different from a celebrity mental health facility in Beverly Hills. The lack of guidance, however, makes compliance difficult because how does one know whether DHHS will agree that their security measure is reasonable and appropriate if you are audited or investigated. And if you are sued, will the plaintiff 's expert be able to testify that your security measures did not meet that standard and, hence, you were negligent and are liable for the potentially huge damages of a major breach.

Why should you attend this webinar?

If you are audited, investigated, or sued and found not to have reasonable and appropriate security measures, you could face civil money penalties, supervised Corrective Action Plans, bad publicity with concomitant loss of patients, lawsuit damage awards, and significant remediation costs.

Civil money penalties to date range from $50,000 to two in the $4 million range. A number of these have resulted from deficient security measures, such as a missing firewall, lack of adequate security to prevent unauthorized access, and the like.

Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million;and a county government (Skagit County in Washington State), $215,000.

Areas Covered in the Session:

Who can Benefit:

Health Professionals and their staffs, Privacy and Security Officers, Medical Records Professionals, IT Professionals, Office Managers, Risk Managers, Business Associates of Covered Entities (those that provide a service for the Covered Entity involving the use of individually identifiable health information (transcription services, billing services, cloud storage companies, and the like), Healthcare Attorneys, Compliance Officers, HIPAA consultants.

Webinar Id: HIPJPTW006

Training Options:

Duration: 60 mins


 12:30 PM PT | 3:30 PM ET

 Single Attendee: [Only for one participant]

$179 (Live)                    $319 (Live + Recorded)

 Multiple Attendee: [For a group of 2-5 participants]

$363 (Live)                    $488 (Live + Recorded)

 Corporate Attendee: [For a group of 6-10 Participants]

$726 (Live)                    $945 (Live + Recorded)

 Recorded: [Six month unlimited access]

$237 (Single Attendee) $599 (Unlimited Attendee)

Refund Policy
Upcoming Webinar of Jonathan P. Tomes
What Is a HIPAA Security Incid....
By: Jonathan P. Tomes
When: 03/06/2018 | 12:30 PM PT |3:30 PM ET
Price: $179
What Does the Term "Reasonable....
By: Jonathan P. Tomes
When: 03/20/2018 | 12:30 PM PT |3:30 PM ET
Price: $179

More Webinar

Past Webinar of Jonathan P. Tomes
Upcoming Webinar: Life Sciences and Healthcare
Is Your Material Compliance Pr....
By: James Kandler
When: 02/23/2018 | 10:00 AM PT |01:00 PM ET
Price: $179
HIPAA and Patient Engagement -....
By: Paul Hales
When: 02/23/2018 | 12:30 PM PT |03:30 PM ET
Price: $179

More Webinar

Past Webinar: Life Sciences and Healthcare
Copyright © 2018 Compliance Key . All Rights Reserved. Back to Top