HIPAA Breach Analysis and Reporting: What Is Reportable and How?
Event Date: 07/11/2023
Time: 3 pm ET | 2 pm CT | 1 pm MT | 12 pm PT
Duration of the training: 90 Minutes
Location: Online Webinar
By: Jim Sheldon-Dean

Conference Materials (Password Required)

Breaches of Protected Health Information are becoming more and more common, and can be a result of a variety of circumstances, from words spoken too loudly in a public setting, to a lost thumb drive full of medical records, to files being held for ransom by hackers.

Any violation of the HIPAA Privacy Rule may be a reportable breach under the HIPAA Breach Notification rules, requiring notification of individuals and HHS when information security is breached. Any incident involving a HIPAA issue must be evaluated to see if it is reportable, and any decisions or actions must be fully documented.

There are several steps that must be taken to determine if an incident is a breach, and whether or not that breach is reportable. Determining whether to report or not is not necessarily straightforward, but there are guidelines to follow to help at every step of the way. Even Ransomware attacks by hackers may be reportable, if you lose control of your data and don’t know exactly what happened.

If the evaluation of necessity to report is not done correctly, you may not make the right decisions about reporting and be subject to penalties for non-compliance upon an investigation of a breach by HHS. Breach investigations, even for small breaches, are a new priority at HHS, and the HHS regional offices are taking on the job of looking into small breaches (affecting under 500 individuals), especially when there have been multiple breaches or repeated similar breaches.

Penalties for non-compliance can up to millions of dollars in cases of willful negligence, so it is essential to evaluate incidents to see if they are reportable breaches, and act properly on the evaluation.

Learning Objectives:

Whenever there may be a privacy issue involving Protected Health Information, there may be a reportable breach under the HIPAA regulations. Not all privacy violations are reportable breaches, though, so it is essential to have a good process for evaluating incidents to see if they have resulted in a reportable breach.

Any privacy rule violation that results in an acquisition, access, use, or disclosure of PHI in violation of the HIPAA Privacy Rule may be a breach, unless the incident is one of the defined exceptions from the definition. A breach is reportable unless the information was secured or destroyed in the incident, or unless a risk analysis shows that there is a low probability of compromise of the information, based on at least four factors defined in the rules.

We will examine how to determine if a privacy violation is potentially a breach according to the definition, and then describe the subsequent steps in the evaluation if it is determined that the definition has been met. We will discuss the exceptions to the breach definition for inadvertent internal uses, or when it can be determined that the information could not be retained in any way by the receiving party.

In addition, any reporting must be made within the required time frames, or penalties can result, as shown in recent enforcement actions by HHS for late reporting of breaches.

We will explain, based on historical analysis of reported breaches, what measures must be taken today to protect information from the most common threats, as well as discuss information security trends and explain what kinds of efforts will need to be undertaken in the future to protect the security of PHI.

Areas Covered in the Session:
  • The definition of a Breach under HIPAA
  • Evaluating the Privacy Violation
  • Reviewing the exceptions to the definition of a breach
  • What is good enough encryption according to the rules
  • Performing the Risk Analysis to determine the necessity to report
  • Ransomware and Breaches – When to Report
  • Avoiding Breaches
  • The most common causes of breaches
  • Reporting breaches to HHS and the individuals
  • Reporting breaches to the press and other agencies
  • Documenting your analysis and decisions
Suggested Attendees:
  • CEO
  • HIPAA Privacy Officers
  • HIPAA Security Officers
  • Information Security Officers
  • Risk Managers
  • Compliance Officers
  • Privacy Officers
  • Health Information Managers
  • Information Technology Managers
  • Information Systems Managers
  • Medical Office Managers
  • Chief Financial Officers
  • Systems Managers
  • Chief Information Officer
  • Healthcare Counsel/lawyer
  • Operations Directors
Presenter Biography:

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities.  He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference.  Sheldon-Dean has more than two decades of experience specializing in HIPAA compliance, four decades of experience in policy analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont-certified volunteer emergency medical technician.  Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

This is a Live Virtual session.

A new way of immersive learning that allows you to engage live with our instructor and peers providing you with the flexibility to juggle the new work-life balance.

Purchase Order Form – Click Here to download PO form.

Snippet From Our Previous Session

Frequently Asked Questions:

HOW MUCH TIME DOES IT TAKE TO RECEIVE THE DVDs/ FLASH DRIVE? +

For DVDs/ FLASH DRIVE – It will take around 7 working days.

CAN I PLACE AN ORDER ON CALL? +

Yes, you can call our toll-free number 302-444-0162 and ask our representative for the enrollment. Alternatively, you can also mail us at care@skillacquire.com .

CAN I PURCHASE ANY OF YOUR TRAINING FORMATS, AT ANY TIME? +

For DVDs/ FLASH DRIVE – Yes, you can place the order at care@skillacquire.com using the order brochure or can call us at our toll-free number 302-444-0162.

DO I REQUIRE A COMPUTER FOR ATTENDING A LIVE COURSE? +

The system requirements are quite basic: OS: Windows any version preferably above Windows Vista & Mac any version above OS X 10.6 Internet Speed: Preferably above 1 MBPS Headset: Any decent headset and microphone which can be used to talk and hear clearly, in case of live course you can raise questions using a microphone.

HOW CAN I BECOME FACULTY AT SKILLACQUIRE? +

Please share your detailed CV with us and our team will screen the best faculty for the specific field.

HOW CAN I GET ACCESS TO THE LIVE TRAINING? +

You can access the live training using Joining Link or Dial-In Number. To get the joining link, you can click on the conference materials on the product description page, and enter your email address and password that you received in your email.

We will also send you the joining link or dial-in number to the registered email address 2-3 days prior to the live training. You can simply click the joining link to join the live training.

HOW CAN I MAKE A BULK PURCHASE? +

You can call our customer service department at 302-444-0162 and may also avail some discounts on the bulk orders.

WHAT’S THIS DIFFERENT FORMAT? +
  • Live (One Attendee) – Only 1 person will be able to join the webinar
  • Live (2 to 4 Attendees) – Upto 4 persons are allowed to join the webinar
  • Live (5 to 10 Attendees) – Upto 10 persons are allowed to join the webinar
  • On-Demand Recording (One Attendee) – Webinar recording link will be provided for a single attendee
  • On-Demand Recording (Multiple Attendees) – Webinar recording link will be provided that can access by more than one person
  • DVD – DVD will be shipped physically to the address provided
  • Flash Drive – Flash drive will be shipped physically to the address provided
  • Live + DVD – This allows you to attend live webinar plus you also get DVD shipped to the address provided
  • Replay + FLASH DRIVE – Allows you to get webinar recording link plus you also get DVD shipped to the address provided
  • Live + REPLAY + DVD – This allows you to attend live webinar plus you also get webinar recording to your email and DVD shipped to the address provided
WHAT CERTIFICATION DO I GET POST THE TRAINING? +

After successful completion of the training, you will be awarded the course completion certificate (on request). The certifications/ recertifications should be mentioned under the description of every course.

TESTIMONIALS

“Jim Sheldon-Dean’s insights on privacy and security were very much helpful to our team, it was great to learn from an instructor like him. Appreciate!”
–CHRISTINE JACOB MD, CDI SPECIALIST

“This program on HIPAA did a great job providing actionable concepts in a way that updated our team and me, I now know how I will implement the concepts because I already did it in their online seminar, it was easy to ask questions from the speaker at the end of my 60 minutes course.”
–MELISSA PRESTON, HEALTH INFORMATION MANAGEMENT STAFF

“The workshop was very insightful and made absolute sense in terms of the regulations and their compliance. I am thankful for having the opportunity to attend.”
–BARBARA CAPRIOTTY, REHABILITATION DIRECTOR

Related products

Shopping Cart