HIPAA Breach Notification Rule - What you must do to comply - By Compliance Global Inc. 2015

Overview: Final regulations for the new HIPAA Security Breach require much more than notifying individuals affected by a Breach of their Protected Health Information. Covered Entities and Business Associates first must follow and document a very specific process to determine if a Breach occurred. If no Breach occurred documentary proof must be kept for six years. If a Breach did occur timely notifications and other actions must be undertaken and documented. Why Should You Attend: • Breaches and incidents that might be Breaches happen all the time! • More than 173,000 separate breaches of Protected Health Information (PHI) affecting less than 500 individuals were reported to the U. S. Department of Health and Human Services between September, 2009 and May 31, 2015 and in the same period HHS received approximately 1240 reports of PHI breaches that affected 500 or more individuals • An acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is presumed to be a Breach unless it falls within an exception or the Covered Entity or Business Associate can demonstrate a low probability that the PHI was compromised • Not all suspected Breaches are Breaches - but you must know the rules to assess each incident and - when appropriate - prove it was not a Breach • A Covered Entityor Business Associate has the burden to prove an acquisition, access, use, or disclosure of PHI was not a Breach or, if a Breach occurred, that it made all required notifications • Prominent media outlets in the region must be notified of Breaches affecting 500 or more individuals • To preserve your organization's reputation and limit its financial loss you must be prepared to assess a suspected Breach and to respond properly and perhaps publicly when a Breach does occur • Phishers, Hackers and Burglars are actively trying to get PHI - the FBI reported in 2014 that medical identity sells for $50 on the black market compared to $1