| |
|
|
|
Netzealous - MentorHealth, Online
2018-05-01
Training Options Duration: 90 Minutes
Tuesday, May 1, 2018 | 10:00 AM PDT | 01:00 PM EDT
Overview: We will discuss the kinds of threats that exist for PHI and how they're changing as the hackers gain experience and abilities, and why you need to prepare for next-generation attacks now.
The HIPAA Breach Notification Rule has been in effect for more than two years now, requiring the reporting of breaches of the privacy and security of PHI, and many organizations are still not prepared to respond to a breach of PHI and report and document it properly. Given that one of the leading HIPAA compliance issues cited by HHS is a lack of incident handling policies and procedures, it is now essential for all covered entities to be prepared for incidents and breaches. We will discuss the origins of the rule and how it works, including interactions with other HIPAA rules and penalties for violations
HIPAA Covered Entities and Business Associates need to know where and what information they have, so they can know if there has been a breach, and figure out how serious a breach may be and whom to notify if there is a good chance of harm. We’ll discuss how to know whether you have a breach or not and how to decide if you need to notify. We'll also cover how the harm standard may be changed when final regulations are issued, and how that may affect your organization
Entities can avoid notification if information has been encrypted according to Federal standards. We’ll talk about what information needs to be encrypted the most and how entities are doing it. We'll cover the guidance from the US Department of Health and Human Services that shows how to encrypt so as to prevent the need for notification in the event of lost data
We'll discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs. In addition, a policy framework to help establish good security practices is presented
We'll cover the essentials of information security methods you can use to keep breaches from happening, and be in compliance with the HIPAA Security Rule as well. We'll also discuss the new penalties for non compliance, including mandatory penalties for "willful neglect" that begin at $10,000
We'll help you understand what isn't a breach and under what circumstances you don’t have to consider breach notification
You'll find out how to report the smaller breaches (less than 500 individuals), as required, within 60 days of the end of each year
You'll know why you want to avoid a breach involving more than 500 individuals - media notices, Web site notices, and immediate notification of HHS, including posting on the HHS breach notification "wall of shame" on the Web
We will explain, based on historical analysis of reported breaches and HHS’s own reports of issues found in audits, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI
Why should you Attend:
The new HIPAA Breach Notification Rule required by the HITECH Act within the American Recovery and Reinvestment Act of 2009 went into effect September 23, 2009, requiring all HIPAA covered entities and business associates to follow a number of steps to be in compliance. If there is a breach of protected health information that risks causing financial, reputational, or other harm to an individual, the breach must be reported to the individual, and all such breaches must be reported to the Secretary of the US Department of Health and Human Services at least annually
There are additional steps to take if the breach affects more than 500 individuals, including media notices and immediate notification of HHS
For every potential breach of PHI, the entity will have to determine if the information breached presents a reasonable risk of harm to the individuals, and take action to notify them if there is a risk of harm. Entities should also be aware that the harm standard may be modified upon release of a final rule in 2011, and entities should be ready to adjust to changes in the rules
Entities must adopt incident handling and breach notification policies and procedures to ensure accurate reporting and documentation of breaches, and must take steps to protect information from breaches by using encryption and proper disposal methods meeting Federal standards
Entities must follow the standards and specifications of the HIPAA Security Rule to protect information from breaches and must negotiate new Business Associate Agreements to include liability for breach notification and requirements for timely reporting to the entity
On top of all this, the landscape of information security threats and breaches is changing dramatically, forcing new kinds of security efforts and consistent application of old safeguards to protect patient information. New kinds of devices such as smart phones and tablet computers bring new challenges, new risks, and new threats. What used to be "good enough" is no longer sufficient to properly protect PHI
Areas Covered in the Session:
Learn about the HIPAA Breach Notification Rule
Find out what is a breach
What to do to prevent a Breach
What to do to prepare for a Breach
What to do when a Breach occurs
What you have to report, to whom ,and when
How to avoid Breach Notification
What are the most common types of breaches you can avoid
What are the new threats to the security of health information
Agenda:
I. Breach Notification Laws
State Breach Notification Laws
Federal Breach Notification Law and Regulation
The Who, What, and How of Breach Notification
II. Preventing and Preparing for Breaches
Using an Information Security Management Process
Using Risk Analysis and Risk Assessment
Most Common Types of Breaches
Information Security, Incident, and Breach Notification Policies
The Importance of Documentation
III. Enforcement and Audits
New HIPAA Violation Categories and Penalties
Preparing for HIPAA Audits
Case Studies
IV. Future Trends and New Threats to Prepare For
History vs. the Future
Why Attack Trends Are Changing
Implications of New Directions in Attacks and Targets
Who Will Benefit:
Compliance Director
CEO
CFO
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/Lawyer
Office Manager
Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
Price - $139
Contact Info:
Netzealous - MentorHealth
Phone No: 1-800-385-1607
Fax: 302-288-6884
Email: support@mentorhealth.com
Website: http://www.mentorhealth.com/
Webinar Sponsorship: https://www.mentorhealth.com/control/webinar-sponsorship/
|
|
|
|
|
|
|
|
Organized by:
|
|
Netzealous -MentorHealth |
|
|
Invited Speakers:
|
|
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.
Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.
|
|
|
|
|
|
|
|
Deadline for Abstracts:
|
|
2018-04-30
|
|
|
|
|
|
|
|
Registration:
|
|
http://www.mentorhealth.com/control/w_product/~product_id=801224LIVE?hum-molgen_may_2018_SEO
|
|
|
E-mail:
|
|
support@mentorhealth.com
|
|
|
|
|
|
|
|
|