Overview: Although there are many presentations, courses and services now available to help health care organizations to become HIPAA compliant, the real issue for the health care organization is to determine the most cost effective ways to understand their risks and to minimize the vulnerability to a breach and their liability when a breach does occur. This presentation focuses on understanding the responsibilities of the health care organization, the liabilities resulting from those responsibilities and the penalties that can be assessed as a result of a breach of patient protected health information.
The presentation addresses several issues relevant to both the vulnerability and the liability issues. First, the presentation describes how the health care organization can assess its HIPAA breach risk. The presentation discusses what a risk assessment is, why it is important and how to perform the risk assessment.
Based on the results of the risk assessment, the presentation takes the participants through how to mitigate these risks. This includes:
Issues that need to be addressed with the health care organization's software and hardware vendor(s)
The risks of a breach resulting from organizational members using social media, both inside the organization and at home; and,
The risks of a breach resulting from organizational members using mobile devices to access and store patient protected health information
The presentation also provides information regarding how the health care organization can use insurance to share the risk and how to keep insurance premiums to a minimum. At the conclusion of the presentation, the participant will have a checklist of items that can be used to understand and ways to limit the health care organizations HIPAA liabilities.
Why should you attend: There are so many ways a breach can occur - whether by accident, carelessness or or by intended actions. As a result, it is a common axiom that it is not if a health care organization will experience a breach, but when the health care organization will experience a breach.
The penalties for a HIPAA breach of a patient's protected health information can be severe. This includes monetary penalties as well as having to publicize your breach. We have all seen the newspaper articles and TV reports of large unauthorized disclosures of patient health information. If a disclosure includes the health information for 500 or more names, the health care organization must notify the Secretary of the Department of Health and Human Services (and this goes on the Office of Civil Rights web site for all to see) and notify local media (TV, Radio and newspapers).
Based on the Omnibus Rule, all business associates and agents of business associates have the same risk as the health care covered entities. Therefore, it is equally important for all business associates and agents of business associates to be cognizant of their vulnerabilities and liabilities.
This topic can be invaluable for an health care organization trying to understand their HIPAA vulnerability of a breach occurring and their liability when a breach does occur and looking for ways to minimize that vulnerability and liability. In discussing this topic, the presentation addresses opportunities for the health care organization to perform their risk assessments, as directed by the HIPAA regulations, how to mitigate the risks found in the assessment and some of the potential "safe harbors" that can reduce their risk.
The topic also spends considerable time reviewing the risks inherent in the traditional health care environment and provides references for the participant to address newer HIPAA breach risks resulting from the modern use of social media and the use of mobile devices.
Areas Covered in the Session:
Discuss what is a risk assessment and why it is important
Discuss how to assess the health care organization's risk and the vulnerability of a breach occurring
What is health care organization's liability when a breach occurs - including monetary penalties
The impact of the use of social media on the health care organization's HIPAA breach risk
The impact of the use of mobile devices on the health car organization's HIPAA breach risk
HIPAA's description of how to reduce the risk of a breach of electronic health information
The opportunities for acquiring HIPAA breach insurance
Who Will Benefit:
Chief Executive Officer
Chief Operating Officer
Chief Financial Officer
Chief Risk Manager
Health Care Software Vendors wanting to ensure successful implementation
Jim Wener has over 40 years of experience in assisting health care organizations – both providers and payers- in identifying their automation requirements and helping these organizations select and successfully implement the automation most applicable for their needs. His systems and processes background and his experience in working with health care data has given Mr. Wener a unique perspective regarding the issues related to implementing new health care models and how they affect all of the stakeholders in the health care system.