Overview: The global Internet of Things and the HIPAA Privacy and Security Rules allow Protected Health Information (PHI) created by Covered Entities in the United States to be transmitted and stored outside the United States - and outside the reach of U.S. government regulators. Risks for Covered Entities, patients and Business Associates may lurk anywhere in a world where identity theft is rampant and medical identity is the Golden Egg for identity thieves. The U. S. Department of Health and Human Services Inspector General in a widely cited review of State Medicaid outsourcing to foreign vendors highlighted the vulnerabilities in 2014. For example, Medicaid agencies or domestic contractors who send PHI offshore may have limited means of enforcing Business Associate Agreements (BAAs) intended to safeguard PHI. Yet little has been done to publicize, let alone address the problems.
Why should you Attend: Covered Entities and Business Associates rely on the Internet to transmit, store and backup PHI.
Do you know where your PHI is?
Do you have a Business Associate or does your Business Associate have a Subcontractor overseas that creates, receives, maintains or transmits your PHI?
What if if there is a data breach involving an offshore vendor?
What would you do?
Are you protected?
Attend this webinar to learn about:
1. HIPAA compliance issues and Off-Shore Business Associates
2. Due Diligence
3. Agency and Off-Shore Business Associates
4. Steps to address risks posed by transmitting and storing PHI outside the United States.
Areas Covered in the Session:
Explain the Covered Entity - Business Associate - Subcontractor Business Associate chain of trust, responsibility and inter-linked liability
Review the limits of U.S. government regulation of Off-Shore Business Associates
Review Due Diligence - the benefits and consequences of controlling Business Associates
Review provisions of the BAA that may reduce risk and improve opportunities for private remedies
Who Will Benefit:
Health Care Providers
HIPAA Compliance Officials
Risk Manager - Compliance Manager
Information Systems Manager
Paul R. Hales J.D, is an attorney at law in St. Louis, Missouri whose practice has included specialization in the HIPAA Privacy and Security Rules from the dates they became effective. He provides assistance and counseling on the new, more demanding compliance requirements of the HITECH modifications to HIPAA. Mr. Hales is licensed to practice before the Supreme Court of the United States, Federal Appellate and District Courts, the State Courts of Missouri and is a graduate of Columbia University Law School.
Phone No: 1-800-385-1607