Overview: This webinar is intended to assist practices develop the HIPAA Security Rule required incident response plan. It's also been pegged as one of the key compliance areas covered entities and business associates should attend to as part of what the Office for Civil Rights (OCR) "culture of compliance" initiative. The webinar will take participants from policy/procedure development, plan development and testing and steps to take if an incident occurs. Also, if the incident results in a breach of individuals' PHI or personally identifiable information (PII), the steps required by the breach notification interim final rule and state statute will be addressed.
Often when entities think of incident response, they immediately think of breaches. This webinar will cover statutory and regulatory requirements and best practices related to incident response which covers much more than just what happens if PHI or PII is breached. The methodology that is introduced is founded in The SANS Institute's PICERF Lifecycle. It's been expanded to address more than just incidents originating from the technical environment. Threats can range from loss of paper charts to a hacker attacking a server to unsuccessful attempts to penetrate a firewall to theft of mobile devices. The approach that will be communicated addresses the complex health care environment and the multiple players who need to involved in incident response at some stage or another.
Why should you attend: Cyber threats are on the rise and headlines about breaches of protected health information (PHI)/personally identifiable health information are almost a daily occurrence.The Office for Civil Rights (OCR) is actively investigating breaches of 500 individuals or more, no matter the size of the covered entity.
OCR may not be directly investigating business associates involved in those breaches but contrary to popular belief, OCR can hold business associates accountable. OCR is enforcing final and interim final HITECH-related rules and the breach notification interim final rule does hold business associates accountable. It may not have happened yet but OCR has not been all that slow to react of late.
Areas Covered in the Session:
HIPAA Security Rule incident response requirements overview
HITECH Interim Final Rule breach notification requirements
State statute and general incident/breach response requirements
Review of incident response requirements (step-by-step)
Review of an incident response policy and procedure (available through the OMA website)
Detailed plan development, resource assignment, testing and revision
A breach occurs - then what and how much does it cost?
Resources
Who Will Benefit:
Health care professionals
Practice and HIM management
CIOs
Privacy officers
Security officers
Risk managers
Compliance officers
Legal counsel
Human resources
Official Website: http://alturl.com/5nekp
Added by Roger Steven on September 24, 2012