Incident Response - Are You Ready? - Webinar By MentorHealth November 27, 2012

Overview: This webinar is intended to assist practices develop the HIPAA Security Rule required incident response plan. It's also been pegged as one of the key compliance areas covered entities and business associates should attend to as part of what the Office for Civil Rights (OCR) "culture of compliance" initiative. The webinar will take participants from policy/procedure development, plan development and testing and steps to take if an incident occurs. Also, if the incident results in a breach of individuals' PHI or personally identifiable information (PII), the steps required by the breach notification interim final rule and state statute will be addressed.

Often when entities think of incident response, they immediately think of breaches. This webinar will cover statutory and regulatory requirements and best practices related to incident response which covers much more than just what happens if PHI or PII is breached. The methodology that is introduced is founded in The SANS Institute's PICERF Lifecycle. It's been expanded to address more than just incidents originating from the technical environment. Threats can range from loss of paper charts to a hacker attacking a server to unsuccessful attempts to penetrate a firewall to theft of mobile devices. The approach that will be communicated addresses the complex health care environment and the multiple players who need to involved in incident response at some stage or another.

Why should you attend: Cyber threats are on the rise and headlines about breaches of protected health information (PHI)/personally identifiable health information are almost a daily occurrence.The Office for Civil Rights (OCR) is actively investigating breaches of 500 individuals or more, no matter the size of the covered entity.

OCR may not be directly investigating business associates involved in those breaches but contrary to popular belief, OCR can hold business associates accountable. OCR is enforcing final and interim final HITECH-related rules and the breach notification interim final rule does hold business associates accountable. It may not have happened yet but OCR has not been all that slow to react of late.

Areas Covered in the Session:
HIPAA Security Rule incident response requirements overview
HITECH Interim Final Rule breach notification requirements
State statute and general incident/breach response requirements
Review of incident response requirements (step-by-step)
Review of an incident response policy and procedure (available through the OMA website)
Detailed plan development, resource assignment, testing and revision
A breach occurs - then what and how much does it cost?
Resources

Who Will Benefit:
Health care professionals
Practice and HIM management
CIOs
Privacy officers
Security officers
Risk managers
Compliance officers
Legal counsel
Human resources

Chris Apgar, CISSP, CEO and President of Apgar & Associates, LLC and former HIPAA Compliance officer for Providence Health Plans, is a nationally recognized information security, privacy, national identifier, HIPAA & electronic health information exchange expert. He has over 13 years of experience assisting health care organizations comply with HIPAA, HITECH and other privacy and security regulations. Mr. Apgar also has assisted health care, utilities and financial organizations implement privacy and security safeguards to protect against organizational harm and harm to consumers.

Mr. Apgar is a member of the Workgroup for Electronic Data Interchange (WEDI) Board of Directors member and has served on the Board for more than six years. Mr. Apgar continues to Chair the Oregon & SW Washington Healthcare, Privacy and Security Forum for the 12th year. Mr. Apgar recently joined the State of California Office of Privacy Protection project team charged with developing educational material for health care providers, health plans and consumers regarding medical identity theft and prevention. He is also a member of the Oregon Prescription Drug Monitoring Program Advisory Commission.

Apgar & Associate, LLC clients range from small to large health plans, providers, healthcare clearinghouses, vendors, non-profits, government agencies and health care associations. He has been endorsed by the Oregon Medical Association to assist members with privacy, security and regulatory compliance. Mr. Apgar is also a nationally known speaker and author. More information about Mr. Apgar and Apgar & Associates, LLC can be found at http://www.apgarandassoc.com.

Official Website: http://alturl.com/giycn