I am extending you the invitations for the live webinar on “How to Handle HIPAA Security Incidents, Breaches, Complaints, and Investigations” that we are hosting with Compliance Key. If you are already registered, I apologize for the extra communication.
I wanted to take a moment to highlight the key features of our webinars and the speaker delivering this session.
Topic:- How to Handle HIPAA Security Incidents, Breaches, Complaints, and Investigations
Date & Time:- Tuesday, 30th January 2018 at 03:30 – 04:30 PM ET
With the Enactment of the Modifications to HIPAA contained in the so called HI-TECH Act and its implementing regulation, the Omnibus Rule, the law and DHHS have greatly expanded the importance of handling breaches properly. How covered entities handle security incidents, breaches, and complaints is one of the key areas that DHS audits for. In addition, it has imposed civil money penalties as high as $5.5 million for failure to handle HIPAA violations properly. Every entity has a security incident on occasion-maybe dozens a year. But which of them are actually breaches and which are reportable breaches? What should you do before reporting it to minimize liability? How do you respond to the investigation? How to you handle a complaint to minimize the chance that it will lead to an investigation and perhaps a civil money penalty. These and related questions are key to HIPAA compliance and to minimizing potential liability.
Why should You attend this webinar?
As of the so called HI-TECH Act, covered entities and their business associates must report certain breaches of HIPAA to DHHS which can result in seven-figure fines, lawsuits, bad publicity, and other sanctions. Remediation costs may be immense, such as the $17 million incurred by Blue Cross/Blue Shield of Tennessee on top of the $1.5 million civil money penalty for not having sufficient security to prevent a burglar from stealing all their computer equipment and media with millions of individuals health insurance data. BCBS had to report that breach to DHHS. That is not the only method DHHS may learn of a breach, however. Civil money penalties have resulted from complaints by patients/clients, and one even resulted from a newspaper story. Civil money penalties to date range from $50,000 to two in the $4 million range. And a $50,000 or low six-figure fine may doom a small practice. And these fines cannot be discharged in bankruptcy because they are imposed as a punishment rather than compensating the government for that money it had expended. The largest civil money penalty is reserved for breaches that are not handled properly, capped at $1.5 million for identical such breaches in a calendar year. And DHHS considers that, say, if you lose an unencrypted laptop with no other reasonable and appropriate security in its place, it constitutes a separate violation for each patient’s data on the lost laptop. In addition, patients and others who complain to DHHS may receive a portion of any fine, thereby providing an incentive to complain. Also, an audit by DHHS may lead to a civil money penalty.
Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million; and a county government (Skagit County in Washington State), $215,000.
In addition, other state and federal privacy laws have penalties ranging from fines, professional discipline, and lawsuits.
Areas Covered in the Session:
- Overview of HIPAA and the Security and Privacy Rules.
- Preemption of State and Federal Law.
- What is a Security Incident?
- What is a Breach?
- What is a Reportable Breach?
- How to respond to investigations.
- Conclusion and Question and Answer.
Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information…read more
Take a look at our webinar library:
If you have any questions, my line is always open.
Compliance Key Inc | Training made easy…
P: 717-208-8666 Ext: 100
This email and any attachments there to may contain private, confidential, and privileged material for the sole use of the intended recipient. If you believe you received this e-mail in error, please click here to remove yourself from my mailing list.