HIPAA Breach Notification in 5 Steps for Covered Entities and Business Associates

Overview:    This webinar explains the inter-connected Breach Notification Rule requirements of Covered Entities and Business Associates when a Business Associate or Subcontractor Business Associate suffers a Breach. And it covers the special, more restrictive compliance requirements when a Business Associate or Subcontractor is an Agent under the Federal Common Law of Agency - including how to avoid creating an Agency relationship by mistake.

Why should you Attend: More than 170 million Americans have been affected by Breaches of Unsecured Protected Health Information (PHI) since 2009. A Ransomware attack that encrypts PHI is now presumed to be a HIPAA Breach by Federal regulators. HIPAA Breach Notification Content and Timeliness are 2 of the top Enforcement priorities of the Office for Civil Rights (OCR), the HIPAA enforcement arm of the U. S. Department of Health and Human Services. The question is not whether a Covered Entity or Business Associate will suffer a Breach. Unfortunately, it is when will you suffer your next (or first) Breach.

You should attend this session to learn exactly what to do if your organization suspects it has suffered a Potential Breach or has been attacked by Ransomware. You will learn how to investigate, assess, determine and document whether you have suffered a Breach of Unsecured PHI that requires Breach Notifications, when and how to provide Breach Notification and the other things you must do when you have a Breach. There is a secret to HIPAA Compliance. The secret is the HIPAA Rules are easy to follow, step-by-step, when you know the steps. In this session you will learn and see the 5 steps of HIPAA Breach Notification Tule compliance explained clearly in plain language.

Areas Covered in the Session: This webinar for HIPAA Covered Entities and Business Associates explains the 5 Steps of HIPAA Breach Notification Rule Compliance.They are:

Potential Breach Investigation
How to recognize a Potential Breach
The information you need to gather
5 Key Questions that can confirm no Breach occurred
the Data-based Decision - Breach, No Breach or possible "Low Probability of Compromise" indicating a Breach Risk Assessment should be done
Breach Risk Assessment
How to apply the factors that can demonstrate a "Low Probability of Compromise" to PHI meaning Breach Notifications are not required
How to conduct Breach Risk Assessment of a Ransomware Attack that can overcome the presumption that the Ransomware Attack was a Breach of Unsecured PHI requiring Breach Notification
Determination and Documentation - what to do next based on the results of your Potential Breach Investigation or Breach Risk Assessment
Notifications
The timing and content of Notifications that must be made in the case of a Breach of Unsecured PHI
Notification Procedures when 500 or more Individuals are affected by a single Breach
Notification Procedures when 1 to 499 Individuals are affected by a single Breach
Other Breach Notification Rule compliance requirements
Mitigation
Protection against further Breaches
Law Enforcement Delay
State Breach Notification Rule Requirements

Who Will Benefit:
Health Care Practice and Business Associate Owners
Compliance Official
Chief Executive Officer
Chief Operating Officer
Chief Compliance Officer
Chief Information Officer
Chief Information Security Officer
Risk Management Director
HIPAA Compliance Officer
HIPAA Privacy Officer
HIPAA Security Officer
Information Technology Supervisor
General Counsel - Associate General Counsel
Attorney
Certified Public Accountant

Speaker Profile
Paul R. Hales received his Juris Doctor degree from Columbia University Law School and is licensed to practice law before the Supreme Court of the United States. He is an expert on HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis. Paul is the author of all content in The HIPAA E-Tool, an Internet-based, Software as a Service product for health care providers and business associates.