Creating Effective Security Incident Response Procedures and Practices to Meet the Breach Notification Requirements - webinars by MentorHealth

Website http://www.mentorhealth.com/ | Edit Freely

Category

Deadline: August 29, 2013 | Date: August 29, 2013

Venue/Country: Fremont, U.S.A

Updated: 2013-07-31 15:01:47 (GMT+9)

Call For Papers - CFP

Why should you attend: Organizations must understand the requirements and impact of a potential breach at their organization.

The Department of Health and Human Services ("HHS") issued final regulations, effective March 26, 2013, that update the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") privacy, security and enforcement rules to reflect changes under the Health Information Technology for Economic and Clinical Health ("HITECH") Act. The final rules also reflect breach notification changes under the HITECH Act by significantly changing the definition of breach, as now an impermissible use or disclosure of PHI is presumed to be a breach unless a covered entity or business associate can demonstrate that there is a low probability that the PHI was compromised.

In this presentation, we will discuss the need for a policy and procedure to guide you through a potential breach. We will provide scenarios and possible responses to various types of breaches. The most effective method to deal with a breach is BEFORE it happens, this session will guide organizations in creating an action plan to create policies, procedures and responses before a breach occurs. This presentation does not provide legal advice.

Areas Covered in the Session:

Definition of a Breach

Impact of State Breach Laws (A couple of samples)

Is it a breach? Organizations must conduct a review of the :

Nature of the Data Elements Breached

Likelihood the information is accessible and usable

Likelihood the breach may lead to Harm

Ability of the entity to mitigate the risks of Harm

Notice Requirements

What to do Before a Breach

Policies and Procedures

Education and Training

The Team

Insurance?

Methods to Secure the information

Steps to Follow To Reduce your Risk after Identifying a Breach

Sample Policy and Procedure

Who Will Benefit:

Information Security Officers

Compliance Officers

Chief Information Officers

William Miaoulis CISA, CISM, is a senior healthcare information system (IS) professional with more than 20 years of healthcare Information Security experience. Bill is the founder and primary consultant for HSP Associates. Prior to starting HSP Associates in January of 2013, Bill was the Chief Information Security Officer (CISO) and led the HIPAA security and privacy consulting efforts for Phoenix Health Systems for over 11 years and also was the HIPAA Consulting Manager for SAIC for 18 months. For seven years, Miaoulis was the University of Alabama Birmingham (UAB) Medical Center’s Information Security Officer, where he instituted the first security and privacy programs at UAB starting in October 1992.

Miaoulis contributes to the industry by frequently speaking at conferences on security matters, including recent sessions on Risk Analysis/Risk Management, Creating and Implementing Effective Security Policies, Understanding the HIPAA Security Rule, and Creating Effective Security Incident Response Procedures. Miaoulis has been interviewed and quoted by numerous publications including: SC Magazine, Health Data Management, Briefings on Healthcare Security, Computerworld; and Health Information Compliance Insider. Miaoulis has worked with AHIMA to produce the book “Preparing for a HIPAA Security Compliance Assessment” and also has worked on updating the AHIMA Security Practice Briefs.