Generic placeholder image

Jonathan P. Tomes

Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information.
Jon has written more than 60 books, including the following: How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know; The Compliance Guide to HIPAA and the DHHS Regulations, now in its sixth edition, along with its accompanying HIPAA Documents Resource Center CD, ; Electronic Health Records: A Practical Compliance Guide, now in its 3rd edition;; Mental and Behavioral Health and HIPAA: An Uneasy Alliance; and Have You Heard About HIPAA: A Practical HIPAA Compliance Guide for Audiologists and Speech Pathologists. 
His articles have appeared in Journal of AHIMA, Health Data Management, Medical Claims Management, Credit Card Management, Journal of the Healthcare Financial Management Association, Journal of Health Care Finance, Journal of Health Care Compliance, and ACCA Docket, among others.
Jon is a skilled attorney, having litigated hundreds of cases, including medical malpractice, Public Health Service disciplinary actions, Merit Systems Protection Board cases, physician disciplinary actions, courts-martial, and civil and criminal cases. 
He has presented programs for the American Speech-Language Hearing Association ("ASHA"), Faulkner & Gray, the American Health Information Management Association ("AHIMA"), the Healthcare Financial Management Association, ("HFMA"), the American Bar Association, the American Society of Association Executives, the Kansas City Metropolitan Bar Association, the Business Network, Lorman Business Centers, and Cross Country Education, among many others.
Jon is also President of EMR Legal, Inc., which provides HIPAA consulting, and of Veterans Press, which publishes HIPAA compliance materials, including books, training videos, and CDs, and his novels: HIPAA Hysteria, JAGC-Off: A Politically Incorrect Memoir of the Real Judge Advocate General's Corps, Lawful Orders, and A Unit of Blood.
Having gone to law school after he had completed tours of duty in the U.S. Army as an Infantry platoon leader in Vietnam and as a Military Intelligence officer in West Germany during the Cold War, Jon is also a retired military judge and JAGC officer. His military decorations include the Silver Star and the Legion of Merit.


 Webinar Id: HIPJPT011
 6 months unlimited
 Duration 90 mins
Ratings:
No reviews yet!!

NIST guidance on managing IoT(Internet of Things) cybersecurity and privacy

To date the only specific requirement relating to the National Institute of Standards and Technology ("NIST") Standards in the Security Rule does not require compliance with any NIST Standard but rather exempts covered entities from having to report breaches if they meet either of two NIST standards-the encryption standard or the disposal standard. The Security Breach Notification Rule only requires reporting of breaches of "unsecured" ........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJPT010
 6 months unlimited
 Duration 90 mins
Ratings:
No reviews yet!!

HIPAA and the NIST Standards - How do They Interact?

To date the only specific requirement relating to the National Institute of Standards and Technology ("NIST") Standards in the Security Rule does not require compliance with any NIST Standard but rather exempts covered entities from having to report breaches if they meet either of two NIST standards-the encryption standard or the disposal standard. The Security Breach Notification Rule only requires reporting of breaches of "unsecured" ........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJPTH002
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

HIPAA Compliance Through Policies

The webinar will explain the process for covered entities and business associates to use to draft, adopt, and implement HIPAA compliance policies. Writing a policy is easier than one may think. It is a three-step process: researching, drafting and revising. This webinar will teach you to ask questions, solicit help, collect samples, keep the principles of substance, organization, coherence, style, and correctness in mind while you are d........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJPTH005
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

The HIPAA Breach Notification Rule: What it Really Means and How to Comply?

With the Enactment of the Modifications to HIPAA contained in the so-called HI-TECH Act and its implementing regulation, the Omnibus Rule, the law and DHHS have greatly expanded the importance of handling breaches properly. How covered entities handle security incidents, breaches, and complaints is one of the key areas that DHS audits for. In addition, it has imposed civil money penalties as high as $5.5 million for failure to handle HI........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJPTW006
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

What Does the Term "Reasonable and Appropriate" Mean under HIPAA? And How Do You Achieve It?

The HIPAA Security Rule requires covered entities and business associates to implement "reasonable and appropriate" security measures to protect against improper access, use, or disclosure of Protected Health Information ("PHI"). The Rule, however, gives very little guidance as to what constitutes reasonable and appropriate security measures. This is probably a good thing because what is reasonable and appropriate for a small town denta........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJPTW007
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

What Is a HIPAA Security Incident and What Should You Do about It?

With the Enactment of the Modifications to HIPAA contained in the so-called HI-TECH Act and its implementing regulation, the Omnibus Rule, the law and DHHS have greatly expanded the importance of handling breaches properly. How covered entities handle security incidents, breaches, and complaints is one of the key areas that DHS audits for. In addition, it has imposed civil money penalties as high as $5.5 million for failure to handle HI........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPHJPT002
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

How to do a HIPAA and HITECH Risk Analysis

After explaining the need for conducting a HIPAA risk analysis and the penalties for not doing so, this Webinar will provide attendees a methodology for doing so. HIPAA does not specify a particular way of conducting such an analysis. But the author has taken hundreds of covered entities and business associates through the process and his way of doing must work because none of them have had a security breach.

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJPTR001
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

Road to HIPAA Compliance: How to Handle HIPAA and HITECH Security Breaches, Complaints, and Investigations

With the Enactment of the Modifications to HIPAA contained in the so called HI-TECH Act and its implementing regulation, the Omnibus Rule, the law and DHHS have greatly expanded the importance of handling breaches properly. How covered entities handle security incidents, breaches, and complaints is one of the key areas that DHS audits for. In addition, it has imposed civil money penalties as high as $5.5 million for failure to handle HI........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJP007
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

How to Handle HIPAA Security Incidents, Breaches, Complaints, and Investigations

With the Enactment of the Modifications to HIPAA contained in the so called HI-TECH Act and its implementing regulation, the Omnibus Rule, the law and DHHS have greatly expanded the importance of handling breaches properly. How covered entities handle security incidents, breaches, and complaints is one of the key areas that DHS audits for. In addition, it has imposed civil money penalties as high as $5.5 million for failure to handle HI........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPHJPT001
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

HIPAA Compliance with the New Omnibus Rule: How to Pass an Audit to Avoid Penalties and Criminal Convictions

Before the HITECH Act, DHHS could audit covered entities for HIPAA compliance, but did not have to. With that Act, now the must audit those entities and business associates as well. In the first audits, the Phase I audits, DHHS came on site. The subsequent Phase II audits, however, were paper audits in which those audited had to provide documentation of their compliance. As yet, we do not know what form Phase III will take, but the nece........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPOJPT001
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

Omnibus (Mega) Rule Changes to HIPAA & the HITECH Act and What They Mean to Covered Entities and Business Associates

The Omnibus or Mega Rule, implementing the HITECH Act of 2009 significantly changed HIPAA compliance. Although it has been in effect for some time now, some of the drastic changes are still causing covered entities and business associates significant difficulties.

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJPTH001
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

HIPAA Privacy Rule Use and Disclosure Misconceptions

With the complexity of the Privacy Rule and the frequent changes to it, healthcare covered entities and their business associates often do not know what uses and disclosures the Privacy Rule permits. Not knowing when you can disclose health information This can result in can result in bad outcomes, including the death of the patient/client, lawsuits for breach of confidentiality, HIPAA civil money penalties, and bad publicity, as well a........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJHT001
 6 months unlimited
 Duration 90 mins
Ratings:
No reviews yet!!

How to Handle HIPAA and HITECH Act Breaches, Complaints and Investigations: Everything You Need to Know

This webinar will inform covered entities and business associates how to handle security incidents. Almost every one of those entities will have one or more security incidents a year but they may or may not be a breach that they must take further action on. The webinar will spell out what actions must be taken in the event of an incident or breach and also how to handle complaints by patients/clients and what to do if investigated to av........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJMB001
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

HIPAA Issues in Mental and Behavioral Health

This webinar is not a total guide to HIPAA compliance. Total HIPAA compliance includes information on the standard transactions and code sets, identifiers, how to handle breaches, and the like. This webinar focuses on HIPAA's Security Rule and Privacy Rule compliance to enable mental and behavioral health professionals to effectively treat their clients without violating HIPAA's complex individual rights standards and disclosure standar........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJPT001
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

How to do a HIPAA risk analysis

After explaining the need for conducting a HIPAA risk analysis and the penalties for not doing so, this Webinar will provide attendees a methodology for doing so. HIPAA does not specify a particular way of conducting such an analysis. But the author has taken hundreds of covered entities and business associates through the process and his way of doing must work because none of them have had a security breach.

$167 Recorded (6 months unlimited access)
 Webinar Id: LSHCJPT004
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

What are Reasonable and Appropriate HIPAA Security Measures?

Often healthcare and related businesses do not understand that HIPAA is far more about policies and procedures than it is about technical security measures. The HIPAA Security Rule, for example, does not specify whether an entity must have a password system and, if it does, how many characters it must have and whether it has to be alphanumerical with one or more special characters or whether it must have some type of biometric identific........

$167 Recorded (6 months unlimited access)
 Webinar Id: LSHCJPT003
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

How to Perform a HIPAA Risk Analysis

Risk analysis is the key to implementing reasonable cost-effective security measures. And failure to conduct and update risk analyses are the single biggest cause of Health and Human Services imposed civil money penalties of up to several million dollars. And failure to conduct one has other affects as well-remediation and mitigation (lessening the harm of) costs, bad publicity, lost business and the like.

$167 Recorded (6 months unlimited access)
 Webinar Id: LSHCJPT002
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

How to Write and Adopt HIPAA Policies and Procedures

Often healthcare and related businesses do not understand that HIPAA is far more about policies and procedures than it is about technical security measures. The HIPAA Security Rule, for example, does not specify whether an entity must have a password system and, if it does, how many characters it must have and whether it has to be alphanumerical with one or more special characters or whether it must have some type of biometric identific........

$167 Recorded (6 months unlimited access)
 Webinar Id: LSHCJPT001
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know

This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also consti........

$167 Recorded (6 months unlimited access)
 Webinar Id: HIPJH001
 6 months unlimited
 Duration 60 mins
Ratings:
No reviews yet!!

HIPAA Compliance Through Policies

The webinar will explain the process for covered entities and business associates to use to draft, adopt, and implement HIPAA compliance policies. Writing a policy is easier than one may think. It is a three-step process: researching, drafting and revising. This webinar will teach you to ask questions, solicit help, collect samples, keep the principles of substance, organization, coherence, style, and correctness in mind while you are d........

$167 Recorded (6 months unlimited access)


PayPal logo      GoDaddy Certified
Copyright © 2018 Compliance Key. All Rights Reserved. Back to Top