New 2018 HIPAA updated Breach Notification RuleHIPAA Privacy Quiz
The HIPAA Breach Notification Rule, 45 CFR ยงยง 164.400-414, requires HIPAA covered entities and their business associates to provide notification to patients and the Department of Health and Human Services (HHS), following a breach of unsecured protected health information.
Your ePHI data is deemed UNSECURED when
The data is not declared useless, unreadable, or indecipherable to follow up by unauthorized persons, either as is or where deciphered using some sort of technological know-how or methods [specified by HIPAA authorities]
HIPAA 2018 Changes
In this HIPAA session we will be discussing HIPAA 2018 Changes taking place in Washington with the Health and Human Services when it comes to the enforcement of the HIPAA regulations already on the books as well as some step-by-step discussions on the audit method and some current functions regarding HIPAA cases (both in courtrooms and from live audits).
Attend this Session
Breach of ePHI Data excludes:
- Any unintentional acquisition: Any unintentional acquisition, access, or use of protected health information by authorized employee or a representative of a covered entity or a business associate. This is when the data accessed or used was made in good faith and within the scope of authority
- Any inadvertent disclosure: Any inadvertent disclosure by authorized employee or a representative of a covered entity or a business associate to another authorized employee or a representative of a covered entity or a business associate where the data is not used outside such disclosure
- Any disclosure: Any disclosure by authorized employee or a representative of a covered entity or a business associate to an unauthorized person when the authorized personnel has reasonable good belief perception that this not authorized person won't realistically have gotten to help hold on to such information. - Like a guardian, relative of the person
HIPAA - Texting & Emailing in 2018
With the introduction of smartphones, emails have become the even more accessible form of communication. In conjunction with email comes the issue of security and them being intercepted and read by unintended persons. Precautions and steps are to be taken at every step of the way. So for a Healthcare concern or a business associate, it's a key to maximize patient communication tools while protecting itself and the organization from government penalties and patient lawsuits.
Attend this Session
Notification of Breach
Notification Rule:
A representative of a covered entity or a business associate shall, following discovery of a breach of unsecured protected health information, notify the covered entity of such breach.
Determining a Breach:
An acquisition, access, use, or disclosure of protected health information is presumed to be a breach.
Exemption to this clause is when the covered entity or business associate demonstrates that there is a low probability that the PHI has been compromised. The below is the risk assessment factors/clauses used to demonstrate low probability:
- The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification
- The unauthorized person who used the PHI or to whom the disclosure was made
- PHI need to be actually acquired or viewed by unauthorized personnel
- The extent to which the risk to the PHI has been migrated
Breach discovered:
A breach shall be treated as discovered by a covered entity or a business associate.
- As of the first day on which such breach is known to them OR
- By exercising reasonable diligence, would have been known to them
HIPAA Privacy Officer: Module 1
HIPAA Privacy Officer Training will uncover all HIPAA and HITECH expectations in protecting patient and member's right to privacy and the confidentiality of Protected Health Information (PHI) as you engage in treatment, payment, and healthcare operations (TPO) services.
Attend this Session
Notification within:
Rule requires that a covered entity or a business associate will provide notice of a breach to a covered entity.
- Without unreasonable delay AND
- In no case later than 60 days following the discovery of a breach
- In case the business associate is not an agent of the covered entity, then the covered entity is required to provide notification based on the time the business associate notifies the covered entity of the breach
Training for HIPAA Compliance
Training of workforce: It's the responsibility of the covered entity or the business associate in:
- Ensuring that all workforce members are appropriately trained and knowledgeable about what constitutes a breach
- Updating the policies and procedures for reporting breach
- Ensuring proper steps for analyzing are documented and staff trained for the same
- Documenting all policies, procedures for analyzing and reporting possible breach of unsecured protected health information
- Burden of proof rests on covered entity or business associate and hence ensuring all notifications should be recorded
HIPAA Privacy Officer: Module 2
HIPAA Privacy Officer Training will cover all ongoing activities of a Privacy Program related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, and access to, patient health information in compliance with federal and state laws and the healthcare organization's information privacy practices.
Attend this Session
Content of Breach Notification
A breach notification shall be written in plain language. A breach notification shall include the following elements:
- A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known
- A description of the types of unsecured protected health information that were involved in the breach (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved)
- Steps individuals should take to protect themselves from potential harm resulting from the breach
- A brief description of what the covered entity involved is doing to investigate the breach, to mitigate harm to individuals, and to protect against any further breaches and
- Contact procedures for individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an e-mail address, Web site, or postal address
Copyright 2017 - 2018 ComplianceTrain.com
GET THIS COURSE MATERIAL NOW !!
