Helen to conduct Live Webinar on “HIPAA Security Breach Response Plan”

by | Aug 28, 2019

To register visit: www.lorman.com/training/medical-records/hipaa-security-breach-response-plan#overview

Agenda

Definitions of Key HIPAA Terms
  • A Detailed Review of Key HIPAA Definitions Will Be Covered: Breach, Security Incident, Protected Health Information, De-Identified Data
  • Discussion on How These Definitions Materially Affect Analysis of Whether or Not a Security Incident Rises to the Level of a Breach, and Whether Notification or Other Response Is Required
  • Discussion of Why It Is Critical That Definitions of Such Terms Which Appear in HIPAA Business Associate Agreements Track HIPAA’s Definitions
HIPAA Breach Risk Assessment
  • Do You Have a Breach of 500 or More Affected Individuals? Discussion of HHS’s Guidance on How to Calculate the Total Number of Individuals Affected by a Breach (i.e., per Covered Entity). Additional Discussion Regarding How to Calculate Number of Individuals Affected by State/Jurisdiction for Purposes of Media Notices
  • Safe Harbors: Unintentional; Inadvertent; Not Reasonably Retained. Overview of the Statutory Carve-Outs Which Permit a Conclusion of No Breach
  • Evaluating Low Probability PHI Compromised. Detailed Discussion of HHS’s Guidelines on How to Evaluate the Low Probability Threshold in a Consistent Matter. Overview of the Four Factors Critical to This Assessment, and How to Evaluate the Four Factors in a Consistent Manner. A Deep Dive Into:
    • Nature and Extent of Data: Discussion of Minimal PHI? DeIdentified Data? Limited Data Sets?
    • Nature of Recipient/Unauthorized Individual: Discussion of Cooperative vs. Uncooperative Individuals
    • Determining If PHI Was Acquired or Viewed: Discussion of Confirming No Access Through Forensics; HHS’s Discussion and Guidance Regarding Whether Deployed Ransomware Is a Breach
    • Mitigation: Discussion of What Steps Need to Be Taken for Full Mitigation; Discussion of Sanitization of External Devices and Accounts That May Have Transmitted and/or Housed Breached PHI, and When Legal Intervention Might Be Appropriate (i.e., Discussion of Successful Interventions by Courts)
    • StepByStep Work Through of Example Breach Cases Using Oscislawski LLC’s Low Probability Assessment Tool to Apply the Four Factor Test and Calculate a Low Probability Score, and Discussion of How to Use the Low Probability Score in Final Determination of Whether a Breach Is Reportable (i.e., Notices Required). (See Sample HIPAA Breach Risk Assessment Tool to Be Provided With Webinar)
Breach Response
  • Discussion of What Are the Breach Notification Requirements and Other Obligations of a Business Associate
  • Discussion of What Are the Breach Notification Requirements and Other Obligations of a Covered Entity, Including Detailed Drill Down on Notifications to HHS (Immediate vs. Annual); Notification to Individual (Incl. State Law Considerations); Notification of Media (What Is Required? and the 500 Individuals per/Jurisdiction Threshold)
SHARE THIS: