Complying with New Health Data Breach Laws
New Healthcare Breach Notification Law  Expands Responsibilities Well Beyond HIPAA.

1.5 IAPP CEs  
Feb. 26, 2008

All organizations that have patient or employee health data now face new requirements to protect those records and notify individuals if breaches occur. A California law that went into effect Jan. 1 affects all organizations and covers breaches of personal records that include health information.

This is more than a HIPAA issue because it makes no distinction among those who are covered by the federal privacy and security rules and those who are not. It covers all organizations. California will not be alone for very long as many states already are looking closely at adopting similar requirements.

While healthcare organizations with HIPAA compliance plans have an advantage in dealing with the new requirements, they still will have to adjust and strengthen their compliance plans to meet the new responsibilities.

The California law puts a heavy new emphasis on incident response, breach notification and mitigation programs. But it doesn't end there.

Healthcare organizations must take a new and hard look at their Business Associate agreements as vendors represent a special area of risk.

Electronic health record and personal health record companies will come under new pressure to establish compliance plans and demonstrate their effectiveness to their clients. Again, the California law affects any organization that has personal health information.

Employers also will be under the gun because they maintain a lot of health information for many reasons, such as workers compensation, fitness for duty assessments, and medical leave.

To assist organizations meet new requirements on handling health information, Health Information Privacy/Security Alert sponsored

Complying with New Health Data Breach Laws

Participants are briefed on:

• The Implications Of The California Medical Information Breach Notification Law ;
• Policies Defining And Prioritizing Security Incidents;
• Policies Governing Business Associates;
• Policies Defining The Responsibilities Of A Security Incident Response Team;
• Policies For Internal Reporting Of Breaches;
• Timetables For Responding To Incidents Based On Their Severity;
• Integrating New Policies Into Existing Compliance Plans;
• Factors To Consider In Executing A Breach Notification To Patients And Other Affected Individuals
  and much more.

• Privacy Officers
• Security Officers
• All Business Associates
• Senior Healthcare Executives
• All HR Professionals, Regardless Of Industry
• Healthcare Insurers

• HIM Professionals
• EHR & PHR Professionals
• Healthcare Providers
• Research Administrators
• Biomedical Product Manufacturers
• Healthcare Attorneys And Consultants

John Christiansen, JD. Co-Chair of the American Bar Association's Committee on Healthcare Privacy, Security and Information Technology; and a member of the technical expert advisory panel for the HHS-funded Health Information Security and Privacy Collaboration; principle, Christiansen IT Law.

Dennis Melamed, M.A. Editor/Publisher, Health Information Privacy/Security Alert; Adjunct Professor, Drexel College of Medicine.

CONTINUING EDUCATION CREDITS FOR CDs

• All seminar participants will receive a certificate of participation
• 1.5 IAPP Credits

• The CD recording with all course materials: $275.00.

ORDER AT WWW.MELAMEDIA.COM
 or
Download the form at www.melamedia.com/022608.order.form1.pdf a
and fax it to 703.619.4912

CLICK HERE To receive the HIPAA Enforcement Statistics Update Service