How to Properly Handle HIPAA Security Incidents and Actual Breaches
Overview:
The word "breach" in the health care industry, and for those business associates of covered entities, certainly causes alarm when not only have you had your patient's privacy violated, but also now you have to prepare for the financial cost to remedy the breach and think about the possible criminal and civil penalties that you or your organization may have to face.
In addition, because the HITECH Act for the first time now authorizes a federal lawsuit for a HIPAA violation, an aggrieved individual may ask the attorney general of the state in which the violation occurred to sue on his behalf in federal court and recover damages, attorney's fees, and costs. As of the end of August 2011, the Connecticut Attorney General ("AG") had filed two such lawsuits and the Indiana AG had filed one.
In the first one filed, the Connecticut AG obtained a $250,000 settlement from the hospital defendant. Thus, a covered entity now faces the possibility of HIPAA lawsuits in both state and federal courts. Further, with the HITECH Act's expansion of HIPAA civil and criminal liability to business associates, the latter may also be sued in federal court. The Minnesota Attorney General has filed such a lawsuit against a business associate. Isn't it better to know the proper way to handle a breach according to the law?
Learn the difference between security incident reports and reportable breaches and how to handle each properly during this 90-minute seminar. Find out what resources are available to you to help avoid breaches of confidentiality and how your organization can be better prepared for HIPAA compliance regulations
Areas Covered in the Session:
- What is a security incident?
- What is a breach?
- What immediate action should be taken when a breach is suspected?
- How to report a breach
- How to investigate a breach
- How to mitigate the harm of a breach
- What breaches must be reported to DHHS and/or to the individuals who are the subject of the breach?
- How to report breaches to DHHS and/or to the individuals who are the subject of the breach
- How to determine whether disciplinary action is appropriate
- How to document security incidents and breaches in a security incident report
- Do you need insurance to cover HIPAA breaches?
Who Will Benefit:
- HIPAA Compliance Officers
- HIPAA Security Officers
- HIPAA Privacy Officers, CFOs
- CIOs
- Medical Records Personnel
- Health Information Management Professionals
- Health Care Attorneys
- Billing Services
Educational Objectives(S)
Upon completion of this activity, participants will be able to:
- Discuss the difference between security incident reports and reportable breaches and how to handle each properly.
CME Credit Statement
This activity has been planned and implemented in accordance with the Essential Areas and Policies of the Accreditation Council for Continuing Medical Education (ACCME) through the joint sponsorship of CFMC and MentorHealth. CFMC is accredited by the ACCME to provide continuing medical education for physicians.
CFMC designates this educational activity for a maximum of 1.5 AMA PRA Category 1 Credits™. Physicians should only claim credit commensurate with the extent of their participation in the activity.
Other Healthcare Professionals Credit Statement
This educational activity has been planned and implemented following the administrative and educational design criteria required for certification of health care professions continuing education credits. Registrants attending this activity may submit their certificate along with a copy of the course content to their professional organizations or state licensing agencies for recognition for 1.5 hours.
Disclosure Statement
It is the policy of CFMC and MentorHealth that the faculty discloses real or apparent conflicts of interest relating to the topics of the educational activity.
All members of the faculty and planning team have nothing to disclose nor do they have any vested interests or affiliations
Obtaining Certificate of Credit
Colorado Foundation for Medical Care (CFMC) hosts an online activity evaluation system, certificate and outcomes measurement process. Following the activity, you must link to CFMC's online site (link below) to complete the evaluation form in order to receive your certificate of credit. Once the evaluation form is complete and submitted, you will be automatically sent a copy of your certificate via email. Please note, participants must attend the entire activity to receive all types of credit. Continuing Education evaluation and request for certificates will be accepted up to 60 days post activity date. CFMC will keep a record of attendance on file for 6 years.