keyglobeiollogoPhone (319) 626-2302

Catalog Number : ncd1132
Title : HIPAA Breach
Speaker : Sue Dill

Duration : 90 minutes

Webplay Recording Date : 12-4-2009
Webplay Price : $ 175 for two weeks viewing

Webinar Overview:

Has your healthcare provider ever lost a laptop or had one stolen? Would you know whether this is a breach of a new federal law (HITECH) and would you know what to do? Would you know if it required reporting to HHS, posting information on a website, what five things must be in the breach letter to the patient, and if there needed to be media disclosure? Come listen to the webinar and get answers to these pressing questions.

Healthcare organizations and providers now face new regulations effective September 23, 2009 as HHS and the FTC has released their final regulations on breach notification under HIPAA. (Other sections become effective February 17, 2010, January 1, 2011 and February 17, 2011) The new rules will result in more enforcement of HIPAA privacy related breaches of unsecured protected health information. These new rules impose costs for expensive reporting and mitigation costs. This is indeed a new era in protecting patient privacy!

These “breach notification” regulations implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).

Target Audience:

  • Privacy, Compliance, and Security Officers
  • HIM Directors at covered entities
  • Business Associates
  • others involved with privacy and security compliance

Webinar Objectives:

  • Describe what five things must be disclosed to the patient when there has been a breach and notification is required by HHS
  • Discuss the new regulations on breach notification including the three exceptions of when a patient does not have to be notified when there is a breach of protected health information
  • Recall why every lap top should be encrypted
  • Describe the new harm threshold to help determine whether or not to report the breach

Webinar Outline:

  • Introduction to HITECH and HIPAA
  • Definitions
  • What is unsecured PHI?
  • Discovery of a breach
  • Types of breaches
  • Encryption of lap tops a must
  • Business Associates
  • Definition of what constitutes a breach
  • 3 exceptions created
  • HITECH and FTC rules distinguished
  • Redacting of information
  • Exclusion of employment records
  • Limited data set
  • 3 questions to ask if a breach
  • Notice to patients must contain five requirements
  • Harm threshold new rules
  • Documentation of risk assessment
  • Breaches of less than 10 and more than 500 patients
  • When reporting is required to HHS and to the media
  • Key areas of training
  • Why organization should re-examine existing access controls

Contact Hours:

  • Nursing participants: Instruct-online has approved this program for 1.8 contact hours, Iowa Board of Nursing Approved Provider Number 339.
  • All other participants: Must attend the entire Webinar and complete a Webinar critique to receive a 1.5 Hour Attendance Certificate for each program.

Refund Policy:

Full tuition is refunded immediately on request if the participant has not been sent the program materials and instructions. Once the instructions (including access codes) have been sent, a full refund will be issued only after the program runs and it is verified that the participant did not access the program.