Skip to main content

What Does the Term "Reasonable and Appropriate" Mean under HIPAA? And How Do You Achieve It?

Compliance Key INC - HIPAA webinar
Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City. He is a nationally recognized authority and expert witness on the legal requirements for health information. 

 Webinar Id:  HIPJPTW006 
 12:30 PM PT | 3:30 PM ET 
 03/20/2018
 Duration: 60 mins 

Overview
The HIPAA Security Rule requires covered entities and business associates to implement "reasonable and appropriate" security measures to protect against improper access, use, or disclosure of Protected Health Information ("PHI"). The Rule, however, gives very little guidance as to what constitutes reasonable and appropriate security measures. This is probably a good thing because what is reasonable and appropriate for a small town dental practice will likely be wildly different from a celebrity mental health facility in Beverly Hills. The lack of guidance, however, makes compliance difficult because how does one know whether DHHS will agree that their security measure is reasonable and appropriate if you are audited or investigated. And if you are sued, will the plaintiff 's expert be able to testify that your security measures did not meet that standard and, hence, you were negligent and are liable for the potentially huge damages of a major breach.
Why should you attend this webinar?
If you are audited, investigated, or sued and found not to have reasonable and appropriate security measures, you could face civil money penalties, supervised Corrective Action Plans, bad publicity with concomitant loss of patients, lawsuit damage awards, and significant remediation costs.

Civil money penalties to date range from $50,000 to two in the $4 million range. A number of these have resulted from deficient security measures, such as a missing firewall, lack of adequate security to prevent unauthorized access, and the like.

Nor are these penalties reserved for large practices. Fines have been assessed against two-physician practices and a small hospice in North Dakota. Being not-for-profit provides no immunity, nor does being a government entity. Alaska Medicaid was fined $1.5 million;and a county government (Skagit County in Washington State), $215,000.
Areas Covered in the Session:
  • Overview of HIPAA and the Security Rule.
  • The Requirement for Reasonable and Appropriate Security Measures.
  • DHHS Guidance on What is Reasonable and Appropriate.
  • Other Guidance on What is Reasonable and Appropriate.
    • California Attorney General Guidance.
    • NIST Guidance.
    • Other Guidance?
  • How to Determine Whether Your Security Measures are Reasonable and Appropriate.
    • Risk Analysis.
    • Required and Addressable Security Measures.
    • Penetration Testing.
    • Requirement for Evaluation-Follow-up Testing.
    • Key Security Measures DHHS Focuses On.
    • Documentation.
  • Conclusion and Question and Answer.
Who can Benefit:
Health Professionals and their staffs, Privacy and Security Officers, Medical Records Professionals, IT Professionals, Office Managers, Risk Managers, Business Associates of Covered Entities (those that provide a service for the Covered Entity involving the use of individually identifiable health information (transcription services, billing services, cloud storage companies, and the like), Healthcare Attorneys, Compliance Officers, HIPAA consultants.

Compliance Key INC
717-208-8666
https://www.compliancekey.us/life-science-and-healthcare

Comments

Popular posts from this blog

HIPAA Compliance with the New Omnibus Rule: How to Pass an Audit to Avoid Penalties and Criminal Convictions

Compliance Key INC  -  H ipaa webinar                                           Jonathan P. Tomes Jonathan P. Tomes , J.D., is Keynote Speaker at Compliance key Inc. He is a health care attorney practicing in the greater Kansas City.   Webinar Id:   HIPHJPT001  2:30 PM PT | 03:30 PM ET    01/18/2018  Duration: 60 mins  Overview Before the HITECH Act, DHHS could audit covered entities for HIPAA compliance, but did not have to. With that Act, now the must audit those entities and business associates as well. In the first audits, the Phase I audits, DHHS came on site. The subsequent Phase II audits, however, were paper audits in which those audited had to provide documentation of their compliance. As yet, we do not know what form Phase III will take, but the necessary actions to prepar...

HIPAA Compliant Fundraising Under New Rules - 2019

Compliance Key  -  H ipaa   Compliance Training HIPAA Compliant Fundraising Under New Rules - 2019 Joel Simon Joel Simon is one of the nation's leading experts on the fund raising aspects of HIPAA. Joel has been a member of the Maryland bar for 30 years, and his professional experience includes work as the assistant general counsel of a community hospital. Joel is an editor of "Fundraising Under HIPAA" published by the Association of Fundraising Professionals. He has lectured on Fund Raising under HIPAA to national audiences since the original HIPAA regulations were first proposed 17 years ago. Read More Overview Not-for-Profit organizations that are governed by HIPAA often need or want to fund raise from their patients, clients, or families. What protocols should be in place to maximize philanthropic opportunities under HIPAA? What compliance measures need to be in place and assessed to properly use protected health information for fund raisi...

The top five wage and hour mistakes employers make

Compliance Key INC  -  HR Training Online in United States Overview This webinar will cover the top five mistakes that companies make in administering the Fair Labor Standards Act. This law was created in 1938 and was made to cover a different world of work that we have today. Yet modern companies and modern employees still have to be covered by these regulations.  We will cover items such as why you cannot let an employee eat at their desk, or volunteer to work without pay, and why you cannot take action against an employee for reporting you to the government. Why should you attend this webinar? The Fair Labor Standards Act requires that employers pay people correctly. Overtime, exemptions, salary or hourly, break times, meal times and travel time are all issues that cause employers difficulty. Employers need to understand these issues in order to avoid litigation, especially in the light of the revision of the FLSA that will create 4.2 million new none...