Road to HIPAA Compliance: How to Handle HIPAA and HITECH Security Breaches, Complaints, and Investigations

Jonathan P. Tomes, J.D., is Keynote Speaker at Compliance Key. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. Jonathan P. Tomes is a healthcare attorney, consultant, educator, author and expert witness. He is a leading expert on the Health Insurance Portability and Accountability Act of 1996, particularly its Security and Privacy Rules. He also has litigated medical malpractice cases, defended doctors in revocation of licensure and credentialing proceedings, reviewe........


With the Enactment of the Modifications to HIPAA contained in the so called HI-TECH Act and its implementing regulation, the Omnibus Rule, the law and DHHS have greatly expanded the importance of handling breaches properly. How covered entities handle security incidents, breaches, and complaints is one of the key areas that DHS audits for. In addition, it has imposed civil money penalties as high as $5.5 million for failure to handle HIPAA violations properly. Every entity has a security incident on occasion-maybe dozens a year. But which of them are actually breaches and which are reportable breaches? What should you do before reporting it to minimize liability? How do you respond to the investigation? How to you handle a complaint to minimize the chance that it will lead to an investigation and perhaps a civil money penalty. These and related questions are key to HIPAA compliance and to minimizing potential liability.

Why should you attend this webinar?

As of the so called HI-TECH Act, covered entities and their business associates must report certain breaches of HIPAA to DHHS which can result in seven-figure fines, lawsuits, bad publicity, and other sanctions. Remediation costs may be immense, such as the $17 million incurred by Blue Cross/Blue Shield of Tennessee on top of the $1.5 million civil money penalty for not having sufficient security to prevent a burglar from stealing all their computer equipment and media with millions of individuals health insurance data. BCBS had to report that breach to DHHS. That is not the only method DHHS may learn of a breach, however. Civil money penalties have resulted from complaints by patients/clients, and one even resulted from a newspaper story. Civil money penalties to date range from $50,000 to two in the $4 million range. And a $50,000 or low six-figure fine may doom a small practice. And these fines cannot be discharged in bankruptcy because they are imposed as a punishment rather than compensating the government for that money it had expended. The largest civil money penalty is reserved for breaches that are not handled properly, capped at $1.5 million for identical such breaches in a calendar year. And DHHS considers that, say, if you lose an unencrypted laptop with no other reasonable and appropriate security in its place, it constitutes a separate violation for each patient's data on the lost laptop. In addition, patients and others who complain to DHHS may receive a portion of any fine, thereby providing an incentive to complain. Also, an audit by DHHS may lead to a civil money penalty.

Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million; and a county government (Skagit County in Washington State), $215,000.

In addition, other state and federal privacy laws have penalties ranging from fines, professional discipline, and lawsuits.

Areas Covered in the Session:

Who can Benefit:

Health Professionals and their staffs, Privacy and Security Officers, Medical Records Professionals, IT Professionals, Office Managers, Risk Managers, Business Associates of Covered Entities those that provide a service for the Covered Entity involving the use of individually identifiable health information transcription services, billing services, cloud storage companies, and the like, Healthcare Attorneys, Compliance Officers.

Webinar Id: HIPJPTR001

Training Options:

Duration: 60 mins

 Stop, pause, and rewind: learn at your own place.

No reviews yet!!
 Recorded: [Six month unlimited access]

 $167 (Single Attendee)  $599 (Unlimited Attendee)

Refund Policy
Past Webinar of Jonathan P. Tomes
HIPAA Breach Notification Rule....
Presenter: Jonathan P. Tomes
View it anytime
Price: $231
HIPAA Compliance Through Polic....
Presenter: Jonathan P. Tomes
View it anytime
Price: $167

More Webinar

Pay Pal Logo   PayPal Verified Logo   GoDaddy Certified
Copyright © 2020 Compliance Key . All Rights Reserved. Back to Top