Skip to main content

What Does the Term "Reasonable and Appropriate" Mean under HIPAA? And How Do You Achieve It?

Compliance Key INC - HIPAA webinar
Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. 

 Webinar Id:  HIPJPTW006 
 12:30 PM PT | 3:30 PM ET 
 03/20/2018
 Duration: 60 mins 

Overview
The HIPAA Security Rule requires covered entities and business associates to implement "reasonable and appropriate" security measures to protect against improper access, use, or disclosure of Protected Health Information ("PHI"). The Rule, however, gives very little guidance as to what constitutes reasonable and appropriate security measures. This is probably a good thing because what is reasonable and appropriate for a small town dental practice will likely be wildly different from a celebrity mental health facility in Beverly Hills. The lack of guidance, however, makes compliance difficult because how does one know whether DHHS will agree that their security measure is reasonable and appropriate if you are audited or investigated. And if you are sued, will the plaintiff 's expert be able to testify that your security measures did not meet that standard and, hence, you were negligent and are liable for the potentially huge damages of a major breach.
Why should you attend this webinar?
If you are audited, investigated, or sued and found not to have reasonable and appropriate security measures, you could face civil money penalties, supervised Corrective Action Plans, bad publicity with concomitant loss of patients, lawsuit damage awards, and significant remediation costs.

Civil money penalties to date range from $50,000 to two in the $4 million range. A number of these have resulted from deficient security measures, such as a missing firewall, lack of adequate security to prevent unauthorized access, and the like.

Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million;and a county government (Skagit County in Washington State), $215,000.
Areas Covered in the Session:
  • Overview of HIPAA and the Security Rule.
  • The Requirement for Reasonable and Appropriate Security Measures.
  • DHHS Guidance on What is Reasonable and Appropriate.
  • Other Guidance on What is Reasonable and Appropriate.
    • California Attorney General Guidance.
    • NIST Guidance.
    • Other Guidance?
  • How to Determine Whether Your Security Measures are Reasonable and Appropriate.
    • Risk Analysis.
    • Required and Addressable Security Measures.
    • Penetration Testing.
    • Requirement for Evaluation-Follow-up Testing.
    • Key Security Measures DHHS Focuses On.
    • Documentation.
  • Conclusion and Question and Answer.
Who can Benefit:
Health Professionals and their staffs, Privacy and Security Officers, Medical Records Professionals, IT Professionals, Office Managers, Risk Managers, Business Associates of Covered Entities (those that provide a service for the Covered Entity involving the use of individually identifiable health information (transcription services, billing services, cloud storage companies, and the like), Healthcare Attorneys, Compliance Officers, HIPAA consultants.

Compliance Key INC
717-208-8666
https://www.compliancekey.us/life-science-and-healthcare

Comments

Popular posts from this blog

Strategies for Becoming a Business Partner to Your Healthcare Leaders.Compliance Key INC -

Compliance Key INC  -  Healthcare Training Online                                                    Jay Anstine Mr. Anstine's professional background includes working on the provider and the payer side of the market, for large for-profit and non-profit health systems, and small physician-owned entities. In tackling the countless regulatory and operational issues for these diverse organization types, he has developed a deep understanding of the business of healthcare and the regulations that govern the industry.  Webinar Id:  LSHCSJA022  10:00 AM PT | 01:00 PM ET  12/13/2017  Duration 60 mins  Overview All too often compliance is seen as an obstacle or otherwise viewed negatively by healthcare leaders. This presentation will discuss strategies and insights to help the compliance of...

HIPAA Changes 2018: How to Comply

Compliance Key INC  -  HIPAA Compliance Training Seminar                                                 Brian L Tuttle Brian Tuttle is Keynote Speaker at Compliance key Inc . He is Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified Business Resilience Auditor (CBRA) with over 17 years experience in Health IT and Compliance Consulting. Mr. Tuttle has worked all of those 15 years with MAG Mutual Healthcare Solutions and is now Senior Compliance Consultant and IT Manager with InGauge Healthcare Solutions (previously named MAG Mutual Healthcare Solutions).  Seminar Id:  IJ2018S2  06:00 AM PT | 09:00 AM ET  02/16/2018  Duration 1 Day Overview This lesson will be addressing how practice/business managers (or compliance offers) need to get their HIPAA house in ...

Motivation Innovation: The Latest on Carrots vs. Sticks

C ompliance Key INC  -  Life science webinars                                               Don R. Powell Don R. Powell is Keynote Speaker at Compliance key Inc.He is the President and CEO of the URAC Accredited American Institute for Preventive Medicine located in Farmington Hills, Michigan. For 33 years the Institute has been a leading developer and provider of health and productivity management programs.   Webinar Id:  LSHCDT001  10:00 AM PT | 1:00 PM ET  12/14/2017  Duration 60min mins  Overview It is one thing to know how to alter one’s behavior, but it is an entirely different matter to be motivated to do so. It is felt that employee motivation is the key factor in determining the success or failure of worksite wellness programs and their ability to reduce health care costs and increase...