Catalog Number : ncd1705
Title : HITECH: HIPAA Breach Notification
Speaker : Sue Dill

Webplay Recording Date : 6-2-2010
Webplay Price : $ 200 for two weeks viewing

Webinar Purpose:

Has your healthcare staff or provider ever lost a laptop or had one stolen? Would you know whether this is a breach of the federal law (HITECH) and would you know what to do? Would you know if it required reporting to HHS, posting information on a website, what five things must be in the breach letter to the patient, and if there needed to be media disclosure? Come listen to the webinar and get answers to these pressing questions. This federal regulation has exceptions and some breaches of the HIPAA privacy are not a breach requiring notification to the patient. For example, a hospital sends the discharge summary to the wrong physician. Hospitals are required by the federal law to educate their staff on the breech notification rules. Hospitals will have to do a harm threshold analysis to determine if the patient must be notified of the breach.

Healthcare organizations and providers must follow the regulations that are now in effect as HHS and the FTC has released their final interim regulations on breach notification under HIPAA. The rules result in more enforcement of HIPAA privacy related breaches of unsecured protected health information. These rules impose costs for expensive reporting and mitigation costs. This is indeed a new era in protecting patient privacy! Access to sample toolkit with sample letters to patients, setting up toll free number, notifying HHS, etc. will be provided.

All staff are required to be trained, even for ASC, in HIPAA Breach Notification and all healthcare organizations are required to have a policy and procedure in place for Breach Notifications.

Target Audience: 

• HIPPA privacy and security officers
• In-house legal counsel
• Compliance officer
• Risk management
• Senior leadership
• Chief nursing officer
• Chief medical officer
• Nurses
• Nurse educators
• Physicians
• Director of Health Information Management (HIM)
• Medical records staff (HIM)
• IS director and IS staff
• Anyone involved in providing privacy issues with patient under HIPAA and preventing breach of confidentiality

Webinar Objectives:

• Describe what five things must be disclosed to the patient when there has been a breach and notification is required by HHS
• Discuss the regulations on breach notification including the three exceptions of when a patient does not have to be notified when there is a breach of protected health information
• Recall why every lap top should be encrypted
• Describe the harm threshold test to help determine whether or not to report the breach

A Few of the Topics that will be covered:

• Introduction to HITECH and HIPAA
• Definitions
• What is unsecured PHI?
• Discovery of a breach
• Types of breaches
• Encryption of lap tops a must
• Business Associates
• Definition of what constitutes a breach
• 3 exceptions created
• HITECH and FTC rules distinguished
• Redacting of information
• Exclusion of employment records
• Limited data set
• 3 questions to ask if a breach
• Notice to patients must contain five requirements
• Harm threshold new rules
• Documentation of risk assessment
• Breaches of less than 10 and more than 500 patients
• When reporting is required to HHS and to the media
• Key areas of training
• Why organization should re-examine existing access controls

Full tuition is refunded immediately on request if the participant has not been sent the program materials and instructions. Once the instructions (including access codes) have been sent, a full refund will be issued only after the program runs and it is verified that the participant did not access the program.