What Is a HIPAA Security Incident and What Should You Do about It?


Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. Jon has written more than 60 books, including the following: How to Handle HIPAA and HITECH Act Breaches, Complaints, and Investigations: Everything You Need to Know; The Compliance Guide to HIPAA and the DHHS Regulations, now in its sixth edition, along with its accompanying HIPAA Documents Resource Center CD, ; Electronic Health Records: A Practical C........

Overview

With the Enactment of the Modifications to HIPAA contained in the so-called HI-TECH Act and its implementing regulation, the Omnibus Rule, the law and DHHS have greatly expanded the importance of handling breaches properly. How covered entities handle security incidents, breaches, and complaints is one of the key areas that DHS audits for. In addition, it has imposed civil money penalties as high as $5.5 million for failure to handle HIPAA violations properly. Every entity has a security incident on occasion-maybe dozens a year. But which of them are actually breaches and which are reportable breaches? What should you do before reporting it to minimize liability? How do you respond to the investigation? How to you handle a complaint to minimize the chance that it will lead to an investigation and perhaps a civil money penalty. These and related questions are key to HIPAA compliance and to minimizing potential liability.

Why should you attend this webinar?

 As of the so-called HITECH Act, covered entities and their business associates must report certain breaches of HIPAA to DHHS which can result in seven-figure fines, lawsuits, bad publicity, and other sanctions. Remediation costs may be immense, such as the $17 million incurred by Blue Cross/Blue Shield of Tennessee on top of the $1.5 million civil money penalty for not having sufficient security to prevent a burglar from stealing all their computer equipment and media with millions of individuals' health insurance data. BCBS had to report that breach to DHHS. That is not the only method DHHS may learn of a breach, however. Civil money penalties have resulted from complaints by patients/clients, and one even resulted from a newspaper story. Civil money penalties to date range from $50,000 to two in the $4 million range. And a $50,000 or low six-figure fine may doom a small practice. And these fines cannot be discharged in bankruptcy because they are imposed as a punishment rather than compensating the government for that money it had expended. The largest civil money penalty is reserved for breaches that are not handled properly, capped at $1.5 million for identical such breaches in a calendar year. And DHHS considers that, say, if you lose an unencrypted laptop with no other reasonable and appropriate security in its place, it constitutes a separate violation for each patient's data on the lost laptop. In addition, patients and others who complain to DHHS may receive a portion of any fine, thereby providing an incentive to complain. Also, an audit by DHHS may lead to a civil money penalty.

Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million; and a county government (Skagit County in Washington State), $215,000.

In addition, other state and federal privacy laws have penalties ranging from fines, professional discipline, and lawsuits.

Areas Covered in the Session:

Who can Benefit:

Health Professionals and their staffs, Privacy and Security Officers, Medical Records Professionals, IT Professionals, Office Managers, Risk Managers, Business Associates of Covered Entities (those that provide a service for the Covered Entity involving the use of individually identifiable health information (transcription services, billing services, cloud storage companies, and the like), Healthcare Attorneys, Compliance Officers.



Webinar Id: HIPJPTW007

Training Options:

Duration: 60 mins

 View anytime

Ratings:
No reviews yet!!
 Recorded: [Six month unlimited access]

 $167 (Single Attendee)  $599 (Unlimited Attendee)

Refund Policy
Upcoming Webinar of Jonathan P. Tomes
HIPAA and the NIST Standards -....
Presenter: Jonathan P. Tomes
When: 11/06/2018 | 10:30 AM PT |01:00 PM ET
Price: $179

More Webinar

Past Webinar of Jonathan P. Tomes
HIPAA Compliance Through Polic....
Presenter: Jonathan P. Tomes
View it anytime
Price: $167
The HIPAA Breach Notification ....
Presenter: Jonathan P. Tomes
View it anytime
Price: $167

More Webinar

Upcoming Webinar: Life Sciences and Healthcare
Good Documentation Practice an....
Presenter: Afsaneh Motamed Khorasani
When: 10/26/2018 | 10:00 AM PT |01:00 PM ET
Price: $179
HIPAA - Emailing, Texting, and....
Presenter: Brian L Tuttle
When: 10/29/2018 | 10:00 AM PT |01:00 PM ET
Price: $179

More Webinar

Past Webinar: Life Sciences and Healthcare
Understanding Autism Spectrum ....
Presenter: Jd Marhevko
View it anytime
Price: $167
How to Prepare for an OCR HIPA....
Presenter: Jay Hodes
View it anytime
Price: $167

More Webinar

PayPal logo   PayPal Verified logo   GoDaddy Certified
Copyright © 2018 Compliance Key. All Rights Reserved. Back to Top