HIPAA Breach Reporting - What Qualifies as a Reportable Breach and How to Report It

Event Information
Product Format
Prerecorded Event
60 minutes
Product Description

Identify Potential HIPAA Violation Breaches and Learn How to Report and Avoid Them

Breaches of Protected Health Information (PHI) are becoming more and more common, and can be a result of a variety of circumstances, from words spoken too loudly in a public setting, to a lost thumb drive full of medical records, to files being held for ransom by hackers. Any violation of the HIPAA Privacy Rule may be a reportable breach under the HIPAA Breach Notification rules, requiring notification of individuals and HHS when information security is breached. Any incident involving a HIPAA issue must be evaluated to see if it is reportable, and any decisions or actions must be fully documented. Penalties for non-compliance can be up to $50,000 per day in cases of willful negligence, so it is essential to evaluate incidents to see if they are reportable breaches, and act properly on the evaluation.

Join expert speaker Jim Sheldon-Dean in an informative session, where he will examine how to determine if a privacy violation is potentially a breach according to the definition, and then describe the subsequent steps in the evaluation, if it is determined that the definition has been met. He will discuss the exceptions to the breach definition for inadvertent internal uses, or when it can be determined that the information could not be retained in any way by the receiving party. He will also discuss how to create the right breach notification policy for your organization and how to follow through when an incident occurs. In addition, a policy framework to help establish good security practices will be discussed as well. Several other aspects will also be taken up during the event.

Session Highlights

  • The definition of a Breach under HIPAA
  • Evaluating the Privacy violation
  • Reviewing the exceptions to the definition of a breach for inadvertent internal uses
  • When it can be determined that the information could not be retained in any way by the receiving party?
  • What is good enough encryption according to the rules?
  • Performing the Risk Analysis to determine “reportability”
  • How Security Rule plays a role?
  • How to avoid breaches?
  • What can we learn from past breaches?
  • How to deal with Ransomware?
  • Understanding the impact of a Ransomware attack
  • The most common causes of breaches
  • Reporting breaches to HHS and the individuals
  • Reporting breaches to the press and other agencies
  • What should be included in a report?
  • Documenting your analysis and decisions

Session Agenda

  • HIPAA Privacy & Security Rules
  • HIPAA Breach Notification Rule
  • What is a HIPAA Breach?
  • Reliance on the Privacy Rule and Security Rule
  • Exceptions to Reporting
  • Ransomware and Breaches – Prevention and Response
  • Evaluating a Reportable Breach Incident
  • Requirements for Reporting – Large or Small Breaches
  • Examples
  • Incident/Breach Notification Policy
    • Whom and when to report?
    • Who, what and how to notify?
    • Notification to HHS
  • Other Breach Notification Laws
  • California’s Recommended Practices
  • Your To-Do List

Who should attend

  • Compliance Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Medical Office Manager
  • Medical Practice Lawyer
  • CFO
  • CEO
  • COO
  • Privacy Officer
  • Information Security Officer

Order Below or Call 1-844-384-4744 Today

We Also Recommend
Order Form

(Select the format below)

Choose Quantity:

(*) Single User Price

You can also order through:




About Our Speaker

Jim Sheldon Dean - HIPAA Compliance & Regulations Expert

Jim Sheldon-Dean is a healthcare compliance and HIPAA expert in the areas of privacy and security regulatory compliance and business process analysis. He is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of healthcare entities. Jim is a frequent speaker regarding HIPAA...   More Info
More Events By The Speaker

Why ProfEdOnDemand?
  • Save money on travel.
  • Meet your specific training needs.
  • Keep learning after the event.
  • Save time training your whole staff.
Join Our Mailing List