What Does the Term "Reasonable and Appropriate" Mean under HIPAA? And How Do You Achieve It?

Jonathan P. Tomes, J.D., is Keynote Speaker at Compliance Key. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. Jonathan P. Tomes is a healthcare attorney, consultant, educator, author and expert witness. He is a leading expert on the Health Insurance Portability and Accountability Act of 1996, particularly its Security and Privacy Rules. He also has litigated medical malpractice cases, defended doctors in revocation of licensure and credentialing proceedings, reviewe........


The HIPAA Security Rule requires covered entities and business associates to implement "reasonable and appropriate" security measures to protect against improper access, use, or disclosure of Protected Health Information ("PHI"). The Rule, however, gives very little guidance as to what constitutes reasonable and appropriate security measures. This is probably a good thing because what is reasonable and appropriate for a small town dental practice will likely be wildly different from a celebrity mental health facility in Beverly Hills. The lack of guidance, however, makes compliance difficult because how does one know whether DHHS will agree that their security measure is reasonable and appropriate if you are audited or investigated. And if you are sued, will the plaintiff 's expert be able to testify that your security measures did not meet that standard and, hence, you were negligent and are liable for the potentially huge damages of a major breach.

Why should you attend this webinar?

If you are audited, investigated, or sued and found not to have reasonable and appropriate security measures, you could face civil money penalties, supervised Corrective Action Plans, bad publicity with concomitant loss of patients, lawsuit damage awards, and significant remediation costs.

Civil money penalties to date range from $50,000 to two in the $4 million range. A number of these have resulted from deficient security measures, such as a missing firewall, lack of adequate security to prevent unauthorized access, and the like.

Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million;and a county government (Skagit County in Washington State), $215,000.

Areas Covered in the Session:

Who can Benefit:

Health Professionals and their staffs, Privacy and Security Officers, Medical Records Professionals, IT Professionals, Office Managers, Risk Managers, Business Associates of Covered Entities (those that provide a service for the Covered Entity involving the use of individually identifiable health information (transcription services, billing services, cloud storage companies, and the like), Healthcare Attorneys, Compliance Officers, HIPAA consultants.

Webinar Id: HIPJPTW006

Training Options:

Duration: 60 mins

 Stop, pause, and rewind: learn at your own place.

No reviews yet!!
 Recorded: [Six month unlimited access]

 $167 (Single Attendee)  $599 (Unlimited Attendee)

Refund Policy
Past Webinar of Jonathan P. Tomes
HIPAA Breach Notification Rule....
Presenter: Jonathan P. Tomes
View it anytime
Price: $231
HIPAA Compliance Through Polic....
Presenter: Jonathan P. Tomes
View it anytime
Price: $167

More Webinar

Pay Pal Logo   PayPal Verified Logo   GoDaddy Certified
Copyright © 2020 Compliance Key . All Rights Reserved. Back to Top