What are Reasonable and Appropriate HIPAA Security Measures?

Jonathan P. Tomes , J.D., is Keynote Speaker at ComplianceKey. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. Jon has written more than 60 books, including the following: How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know; The Compliance Guide to HIPAA and the DHHS Regulations, now in its sixth edition, along with its accompanying HIPAA Documents Resource Center CD, ; Electronic Health Records: A Practical Compli........


Often healthcare and related businesses do not understand that HIPAA is far more about policies and procedures than it is about technical security measures. The HIPAA Security Rule, for example, does not specify whether an entity must have a password system and, if it does, how many characters it must have and whether it has to be alphanumerical with one or more special characters or whether it must have some type of biometric identification such as a thumbprint reader or retinal scan. Rather, it requires a covered entity to consider what it deems to be reasonable and appropriate and memorialize it in a policy. Similarly, it does not specify what kind of shredder it must have for paper records and what kind of method of destroying electronic PHI (ePHI) (degausser, software wipe, or a sledge hammer used with vigor). Rather it requires a written destruction plan. Failure to have these policies have resulted in the Department of Health and Human Services imposing civil money penalties (CMPs) in the millions of dollars. And, they have imposed penalties for policies that HIPAA does not even mention but that a covered entity or business associate is apparently supposed to figure out if they do that activity, say telemedicine or working from home.

Why should you attend this webinar?

DHHS and the FTC have greatly stepped up HIPAA enforcement with fines as high as $4.8 million.
Several of these sanctions involved a failure to implement reasonable and appropriate security measures.
And government sanctions are not the only penalty for a breach, such as the cost of remediation actions.
Blue Cross/Blue Shield of Tennessee settled the enforcement action with DHHS for $1.5 million but also suffered $17 million in remediation costs.

Areas Covered in the Session:

Who can Benefit:

Healthcare HIPAA Security and Privacy Officers, Compliance Officers, CEOs, CFOs, Chief Information Officers, human resource officers, business managers facility administrators, medical records personnel, health information managers, health care attorneys, clinicians, nurses and business associates.

Webinar Id: LSHCJPT004

Training Options:

Duration: 60 mins

 Stop, pause, and rewind: learn at your own place.

No reviews yet!!
 Recorded: [Six month unlimited access]

 $167 (Single Attendee)  $599 (Unlimited Attendee)

Refund Policy
Past Webinar of Jonathan P. Tomes
NIST guidance on managing IoT(....
Presenter: Jonathan P. Tomes
View it anytime
Price: $167
HIPAA and the NIST Standards -....
Presenter: Jonathan P. Tomes
View it anytime
Price: $167

More Webinar

Upcoming Webinar: Life Sciences and Healthcare
The 1099 & W-9 Annual Update C....
Presenter: Miles Hutchinson
When: 12/12/2019 | 12:30 PM PT |03:30 PM ET
Price: $189
Bootcamp: Conducting A Workpla....
Presenter: Dr. Susan Strauss RN Ed.D
When: 12/18/2019 | 10:00 AM PT |01:00 PM ET
Price: $287

More Webinar

Past Webinar: Life Sciences and Healthcare
HR Auditing: Major HR Issues f....
Presenter: Ronald Adler
View it anytime
Price: $241
California Consumer Privacy Ac....
Presenter: Michael C. Redmond
View it anytime
Price: $231

More Webinar

Insert title here
Pay Pal Logo   PayPal Verified Logo   GoDaddy Certified
Copyright © 2019 Compliance Key . All Rights Reserved. Back to Top