Online Safety Community

HIPAA breach evaluation and reporting

Protected Health Information (PHI) is a very valuable piece of information. It is valuable for the patient, for the healthcare provider, and for the insurer. Unfortunately, there is one source to which it is more valuable than to all these: Hackers. Protected Health Information is meant to be protected, but this information is coveted in the black market more than credit cards and social security.

The reason is simple: The PHI contains very vital, but confidential information about a patient’s condition, as well as the medication she is under. When this information is hacked, it gives the most direct access to prescription habits, leading medical companies to target their marketing efforts at the most focused, pinpointed source at which their medicines are consumed. They can save loads of money on market research, advertising and many other activities with information obtained stealthily.

The core aim of HIPAA is to prevent breaches

It is to prevent this from happening that the HIPAA was enacted. The HIPAA Breach Notification Rule, which was enacted in 2010, set out rules for defining a breach and the steps for reporting it to the US department of Health and Human Services (HHS). Significantly amended in 2013; HIPAA has rules on how to encrypt information according to federal standards set out by the government.

HIPAA has a clear definition of what constitutes a breach of information. It also defines what kind of act is considered a violation and what a reportable breach is. Although a variety of circumstances can result in a breach of privacy information; not all privacy violations need to be reported.

Guidelines from the HHS explain how to encrypt so as to obviate the need for notification in case data is lost. If entities fail at this, they can conduct a Risk Analysis to determine the probability of compromise of data using four factors:

  • What data was breached is and the ease with which it can be identified and located
  • The sourced to which this data was released, and if these sources are legally bound to protect the information
  • Whether or not there was actual exposure of the information
  • Whether or not proper steps have been taken to mitigate the incident.

Heavy penalties for noncompliance

Healthcare providers and those who have access to PHI for medical reasons need to get a grasp of exactly what constitutes a breach of information, and what and how to report. Although the HHS describes steps on how entities need to determine if a breach has happened and the ways to report it, if it needs to be reported; noncompliance is taken very seriously. A wrong move in this regard can hit them hard: $50,000 a day if the HHS determines that the noncompliance was a result of willful negligence.

All these aspects of HIPAA breach evaluation and reporting will be dealt with in detail at a webinar that MentorHealth, a leading provider of professional trainings for the healthcare industry, will be offering. Jim Sheldon-Dean, who is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities; will be the speaker at this webinar.

To enroll for this course and to get a complete understanding of all aspects of HIPAA breach evaluation and reporting, please visit .This course is approved for 1.5 general credits from the Nevada Board of Continuing Legal Education.

A complete understanding of what a breach is and how to report it

At this webinar, Jim will traverse the important areas of HIPAA, such as how to create the right breach notification policy for the organization and how to follow up when an incident occurs. He will also help participants understand what the HHS doesn’t consider a breach and in what circumstances entities don’t need to consider notifying it about a breach.

The means of reporting the smaller breaches –meaning those involving less than 500 individuals –and the ways of avoiding a breach involving more than 500 individuals will be explained. Jim will also present a policy framework to help establish good security practices.

Jim will cover the following areas at this highly useful session on HIPAA breach evaluation and reporting:

  • The definition of a Breach under HIPAA
  • Evaluating the Privacy violation
  • Reviewing the exceptions to the definition of a breach
  • What is good enough encryption according to the rules
  • Performing the Risk Analysis to determine the necessity to report
  • Ransomware and Breaches - When to Report
  • Avoiding Breaches
  • The most common causes of breaches
  • Reporting breaches to HHS and the individuals
  • Reporting breaches to the press and other agencies
  • Documenting your analysis and decisions.

Views: 9

Comment

You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

Mark Nilson posted an event

Guidelines for Performing a Vendor Audit with an emphasis on Construction Audit at Training Doyens 26468 E Walker Dr,Aurora, Colorado

April 3, 2018 from 1pm to 2:30pm
OVERVIEWVendor/Contract audits require a certain skill set to understand the terms and conditions of a contract between a Company and any given vendor where products or services are outsourced.  Understanding the risks that are inherent within them is the first step in developing audit objectives and steps. The primary focus of the audit is the vendor (third party) activities pertinent to a contract. A majority of the fieldwork on these types of audits will likely be performed at the Vendor’s…See More
15 hours ago
gracylayla posted an event

How to begin your career in IBM API Connect? at 4608 Spalding, plano TX 75024 United States

February 19, 2018 to February 19, 2019
IBM API Connect is a complete API lifecycle management solution that will make things easier for developers, Central IT, and LoB Management. The thought behind API Connect is that APIs are small data applications, often called microservices, but they are applications nonetheless.IBM API Management with a built-in gateway, allowing you to create, run, manage, and secure APIs and Microservices. API Connect is the first of its kind: a unified end-to-end API management solution that enables the…See More
16 hours ago
John Robinson posted a blog post

Risk Management in the Global Economy and outlook for 2017

Risk management in the global economy is a highly challenging field for risk managers from any part of the world. With most of the world’s countries almost becoming part of the global economy in this era of globalization; it is emerging that risks that apply to one part any one nation’s or group of…See More
18 hours ago
Training Doyens posted an event
Thumbnail

Hot Issues in Multi-State & Internet Sales Tax at 26468 E Walker Dr, Aurora, Colorado 80016-6104

March 13, 2018 from 1pm to 2pm
OVERVIEWStates are tense. They need more revenue.Millions of dollars of internet sales occur daily without tax.  The states want their money. In just 90 minutes, learn the different ways your company triggers nexus on itself and what it must do to comply with state regulations.WHY SHOULD YOU ATTENDWill I owe taxes in more than one state for the same sale? Must I charge tax on my internet sales?  Why is my drop shipper charging me tax?  Why did I receive a NEXUS Questionnaire and what if I don’t…See More
18 hours ago

Forum

Occupational Health and Safety 7 Replies

Health and safety are important aspects of an organisation’s smooth and effective functioning.  Did you know that workplace health & safety injuries cost Australian businesses over $60 billion…Continue

Tags: Safety, and, Health, Occupational

Started by WHS Solutions. Last reply by Tony Ferraro yesterday.

About sailpoint software

An identity management system refers to an information system, or to a set of technologies that can be used for enterprise or cross-network identity management. Additional terms are used synonymously…Continue

Tags: sailpoint

Started by sujathayarlagadda on Friday.

What can be essentials safety measures taken to secure campus?

Students safety inside and outside the school premises is a huge concern in today's risk environment. what measures should be taken to ensure campus security?Continue

Tags: security, campus

Started by Jen McDade Feb 6.

What can be essentials safety measures taken to secure campus?

Students safety inside and outside the school premises is a huge concern in today's risk environment. what measures should be taken to ensure campus security?Continue

Tags: security, campus

Started by Jen McDade Feb 6.

What are the advantages of IoT in healthcare Industry?

No DescriptionContinue

Tags: Aware360, IoTin

Started by Jen McDade Feb 5.

Badge

Loading…

© 2018   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service