HIPAA and the NIST Standards - How do They Interact?


Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. Jon has written more than 60 books, including the following: How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know; The Compliance Guide to HIPAA and the DHHS Regulations, now in its sixth edition, along with its accompanying HIPAA Documents Resource Center CD, ; Electronic Health Records: A Practical C........

Overview

To date the only specific requirement relating to the National Institute of Standards and Technology ("NIST") Standards in the Security Rule does not require compliance with any NIST Standard but rather exempts covered entities from having to report breaches if they meet either of two NIST standards-the encryption standard or the disposal standard. The Security Breach Notification Rule only requires reporting of breaches of "unsecured" PHI. 45 C.F.R.  164.400-414.
With the increasing number of cybersecurity breaches since HIPAA became law, DHHS recognized that more attention needed to be paid to improving cybersecurity and focused on the NIST Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) and developed a crosswalk between it and the HIPAA Security Rule. It provides a policy framework of computer security guidance for how private sector organizations in the U.S. can improve their ability to prevent, detect, and respond to cyber attacks.
The course author has successfully defended eight out of eight investigations by DHHS and provided dozens of opinions as to whether a security incident was a breach, whether it was reportable, and how to handle it

Why should you attend this webinar?

With the increasing number of cybersecurity breaches since HIPAA became law, DHHS has become more aggressive in penalizing covered entities and business associates for breaches of Protected Health Information ("PHI") Privacy and Security with civil money penalties (fines) as high as high as $5.5 million and with the majority in the seven-figure range. Many of these fines could have been avoided if the entity had encrypted or destroyed the PHI consistent with the NIST standards. While HIPAA does not require encryption or that level of destruction, in terms, if encryption or destruction consistent with the NIST standards is employed, the possible compromise is not considered a breach and need not be reported to the Department of Health and Human Services ("DHHS") for possible enforcement action.
Additionally, the Security Rule is very vague and only requires "reasonable and appropriate security measures. But what are such measures? In recent guidance, DHHS has released a crosswalk developed with NIST and the Office of the National Coordinator for Health IT ("ONC"), that identifies "mappings" between the NIST Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) and the HIPAA Security Rule. Use of this crosswalk will help covered entities and business associates ensure that their security measures are reasonable and appropriate.

Areas Covered in the Session:

Who can Benefit:

HIPAA compliance officers, HIPAA Security Officers, HIPAA Privacy Officers, Healthcare IT Officers, CFOs, CEOs, COOs, CIOs, human resources directors, business office managers, administrators, medical records personnel, health information management professionals, health care attorneys, patient accounts managers, billing services, physicians, dentists, pharmacists, physical and occupational therapists, mental and behavioral health professionals, speech and language pathologists and audiologists, nurses, chiropractors, and business associates.



Webinar Id: HIPJPT010

Training Options:

Duration: 90 mins

 11/06/2018

 10:30 AM PT | 01:00 PM ET

 Single Attendee: [Only for one participant]

$179 (Live)                    $319 (Live + Recorded)

 Multiple Attendee: [For a group of 2-5 participants]

$368 (Live)                    $495 (Live + Recorded)

 Corporate Attendee: [For a group of 6-10 Participants]

$741 (Live)                    $1157 (Live + Recorded)

 Recorded: [Six month unlimited access]

$167 (Single Attendee) $599 (Unlimited Attendee)

Refund Policy
Upcoming Webinar of Jonathan P. Tomes
NIST guidance on managing IoT(....
Presenter: Jonathan P. Tomes
When: 11/27/2018 | 10:30 AM PT |01:00 PM ET
Price: $179

More Webinar

Past Webinar of Jonathan P. Tomes
HIPAA and the NIST Standards -....
Presenter: Jonathan P. Tomes
6 months unlimited
Price: $167
HIPAA Compliance Through Polic....
Presenter: Jonathan P. Tomes
6 months unlimited
Price: $167

More Webinar

Upcoming Webinar: Life Sciences and Healthcare
The 5 most Dangerous Risks Und....
Presenter: Brian L Tuttle
When: 11/15/2018 | 10:30 AM PT |01:00 PM ET
Price: $179
Employment Laws and Regulation....
Presenter: Margie Faulk
When: 11/21/2018 | 10:30 AM PT |01:00 PM ET
Price: $179

More Webinar

Past Webinar: Life Sciences and Healthcare
Good Documentation Guideline (....
Presenter: Afsaneh Motamed Khorasani
6 months unlimited
Price: $167
When HIPAA Compliance And Soci....
Presenter: Jay Anstine
6 months unlimited
Price: $167

More Webinar

PayPal logo   PayPal Verified logo   godaddy logo
Copyright © 2018 Compliance Key. All Rights Reserved. Back to Top