Show navigation

Available in:

OnDemand Webinar
Audio & Reference Manual
MP3 Download

HIPAA Security Breach Response Plan

If and when protected health information is compromised at your organization, be ready to execute your own security breach response plan.

Many covered entities and business associates who are required to comply with HIPAA as well as other federal and state law requirements protecting the privacy and security of patient information still misunderstand when an incident rises to the level of a Breach and what the required responses are. There also continues to be misunderstanding of how and when a breach occurs in certain contexts, who is responsible for it (i.e., the BA or CE?), who needs to be notified and with whom do the legal and contractual obligations rest. This topic helps the persons responsible for their organization's compliance with HIPAA and other federal and state laws requiring a consistent evaluation of each Security Incident which might compromise Protected Health Information. The material also explains the specific requirements of calculating the 500 or more threshold number of affected individuals for purposes of reporting by a business associate (i.e., per covered entity) and by the covered entity, as well as for purposes of notifying the media (i.e., per jurisdiction). This topic will go into detail and provide you and your organization with a uniquely developed Breach Risk Assessment tool that allows consistent evaluation of HHS Four Factors that are critical to a final determination of whether a breach is reportable to HHS. This information is critical for organizations to hone their breach policies and procedures to prevent under reporting of breaches (which is a HIPAA violation) as well as to over reporting of breaches (i.e., reporting an incident when HIPAA does not legally require it to be reported), which can lead to an unnecessary HHS/OCR investigation.

Runtime: 88 minutes
Purchase Options

More Program Information

Why Lorman?

Over 32 years and 1.4 million customers worth of experience providing continuing education. Our passion is providing you world-class training to help you succeed in business and as a professional.

Agenda

Definitions of Key HIPAA Terms

  • A Detailed Review of Key HIPAA Definitions Will Be Covered: Breach, Security Incident, Protected Health Information, De-Identified Data
  • Discussion on How These Definitions Materially Affect Analysis of Whether or Not a Security Incident Rises to the Level of a Breach, and Whether Notification or Other Response Is Required
  • Discussion of Why It Is Critical That Definitions of Such Terms Which Appear in HIPAA Business Associate Agreements Track HIPAA's Definitions

HIPAA Breach Risk Assessment

  • Do You Have a Breach of 500 or More Affected Individuals? Discussion of HHS's Guidance on How to Calculate the Total Number of Individuals Affected by a Breach (i.e., per Covered Entity). Additional Discussion Regarding How to Calculate Number of Individuals Affected by State/Jurisdiction for Purposes of Media Notices
  • Safe Harbors: Unintentional; Inadvertent; Not Reasonably Retained. Overview of the Statutory Carve-Outs Which Permit a Conclusion of No Breach
  • Evaluating Low Probability PHI Compromised. Detailed Discussion of HHS's Guidelines on How to Evaluate the Low Probability Threshold in a Consistent Matter. Overview of the Four Factors Critical to This Assessment, and How to Evaluate the Four Factors in a Consistent Manner. A Deep Dive Into:
    • Nature and Extent of Data: Discussion of Minimal PHI? DeIdentified Data? Limited Data Sets?
    • Nature of Recipient/Unauthorized Individual: Discussion of Cooperative vs. Uncooperative Individuals
    • Determining If PHI Was Acquired or Viewed: Discussion of Confirming No Access Through Forensics; HHS's Discussion and Guidance Regarding Whether Deployed Ransomware Is a Breach
    • Mitigation: Discussion of What Steps Need to Be Taken for Full Mitigation; Discussion of Sanitization of External Devices and Accounts That May Have Transmitted and/or Housed Breached PHI, and When Legal Intervention Might Be Appropriate (i.e., Discussion of Successful Interventions by Courts)
    • StepByStep Work Through of Example Breach Cases Using Oscislawski LLC's Low Probability Assessment Tool to Apply the Four Factor Test and Calculate a Low Probability Score, and Discussion of How to Use the Low Probability Score in Final Determination of Whether a Breach Is Reportable (i.e., Notices Required). (See Sample HIPAA Breach Risk Assessment Tool to Be Provided With Webinar)

Breach Response

  • Discussion of What Are the Breach Notification Requirements and Other Obligations of a Business Associate
  • Discussion of What Are the Breach Notification Requirements and Other Obligations of a Covered Entity, Including Detailed Drill Down on Notifications to HHS (Immediate vs. Annual); Notification to Individual (Incl. State Law Considerations); Notification of Media (What Is Required? and the 500 Individuals per/Jurisdiction Threshold)
Purchase Options

More Program Information

Why Lorman?

Over 32 years and 1.4 million customers worth of experience providing continuing education. Our passion is providing you world-class training to help you succeed in business and as a professional.

Credits

OnDemand Webinar

This course was last revised on August 28, 2019.

Call 1-866-352-9540 for further credit information.

  • AHIMA 1.5 including Privacy & Security 1.5
     
  • This program has been approved for 1.5 continuing education units for use in fulfilling the continuing education requirements of the American Health Information Management Association (AHIMA). Granting prior approval from AHIMA does not constitute endorsement of the program content or its program sponsor.
     

This program does NOT qualify, nor meet the National Standard for NASBA accreditation.

Audio & Reference Manual

  • Arizona CLE 1.5
     
  • CA MCLE 1.5
     
  • CT CLE 1.5
     
  • HI CLE 1.5
     
  • IL CLE 1.5
     
  • ME CLE 1.5
     
  • MT CLE 1.5
     
  • NJ CLE 1.8
     
  • NV CLE 1.5
     
  • VT CLE 1.5
     
  • WA CLE 1.5
     
  • WV MCLE 1.8
     
The CLE Code is ONLY a requirement when applying for CLE Credit in California (for participatory credit), Kansas, New Jersey or New York. Other states do not need to supply the CLE Code to apply for CLE credit.

This program does NOT qualify, nor meet the National Standard for NASBA accreditation.

MP3 Download

  • Arizona CLE 1.5
     
  • CA MCLE 1.5
     
  • CT CLE 1.5
     
  • HI CLE 1.5
     
  • IL CLE 1.5
     
  • ME CLE 1.5
     
  • MT CLE 1.5
     
  • NJ CLE 1.8
     
  • NV CLE 1.5
     
  • VT CLE 1.5
     
  • WA CLE 1.5
     
  • WV MCLE 1.8
     
The CLE Code is ONLY a requirement when applying for CLE Credit in California (for participatory credit), Kansas, New Jersey or New York. Other states do not need to supply the CLE Code to apply for CLE credit.

This program does NOT qualify, nor meet the National Standard for NASBA accreditation.

Purchase Options

More Program Information

Why Lorman?

Over 32 years and 1.4 million customers worth of experience providing continuing education. Our passion is providing you world-class training to help you succeed in business and as a professional.

Faculty

Helen Oscislawski, Esq.

Helen Oscislawski, Esq.

Attorneys at Oscislawski LLC

  • Founding partner, Attorneys at Oscislawski LLC
  • Corporate and regulatory attorney whose practice focuses almost exclusively on advising and representing health care clients
  • Recognized nationally for her substantial experience with and understanding of legal issues that arise with the use of electronic medical records and networked health information exchange
  • In 2008, Governor Corzine appointed her to the New Jersey Health Information Technology Commission to fill the seat reserved by statute for an attorney practicing in this state with demonstrated expertise in health privacy in 2010, Governor Christie reappointed her to the commission, and she also served as the chair of New Jersey’s Privacy and Security Committee
  • Over the course of her career, she has completed complex legal analyses regarding patient consent issues, privacy standards, security breach response, and other patient-data related challenges
  • Known to many as a go to attorney on HIPAA, health information exchange and technology, and legal advice relating to health care data breaches
  • Currently advises some of the most sophisticated organizations in the nation on all aspects of managing patient privacy and legal risk resulting from data breaches
  • Who’s Who 2017 Top Lawyer, and is also recognized as a Lawyer of Distinction, a designation granted to only the top 10% of attorneys in the nation
  • Speaks regularly at various national events on these topics, as well as maintains a popular blog called Legal HIE, www.legalhie.com
  • Can be contacted at 609-385-0833 ext.1 or [email protected]
Purchase Options

More Program Information

Why Lorman?

Over 32 years and 1.4 million customers worth of experience providing continuing education. Our passion is providing you world-class training to help you succeed in business and as a professional.

All of your training, right here at Lorman.

Pay once and get a full year of unlimited training in any format, any time!

  • Live Webinars
  • OnDemand Webinars
  • MP3 Downloads
  • Course Manuals
  • Audio Recordings*
  • Executive Reports
  • White Papers and Articles
  • Sponsored Live Webinars

Additional benefits include:

  • State Specific Credit Tracker
  • Members Only Newsletter
  • All-Access Pass Course Concierge

* For audio recordings you only pay shipping

Questions? Call 877-296-2169 to speak with a real person.

Sign Up Today
With This Course

Access to all training products for one year
$699/year

Unlimited Lorman Training

With the All-Access Pass there is no guessing what you will need for your yearly training budget. $699 will cover all of your training needs for an entire year!

Easy Registrations

Once you purchase your All-Access Pass you will never be any further than one-click away from attending any Lorman training course.

Invest in Yourself

You haven't gotten to where you are professionally by luck alone; it's taken a lot of hard work and training. Invest in yourself with the All-Access Pass.

Product ID: 406495
Published 2019
Purchase Options

Available in Multiple Formats

Purchase this course and learn on your schedule!