Responding To Government Investigations
Of Medical Privacy And Security Breaches

1.5 IAPP CEs
Oct. 12, 2005

 Healthcare privacy and security practices are drawing substantial attention from enforcement agencies at all levels of government. That means organizations must develop effective procedures to respond to the almost inevitable visit or phone call from federal and state enforcement officials when they investigate patient and employee complaints.

To meet these challenges, HHS has trained about 200 investigators on the regional level to pursue HIPAA complaints.

However, HIPAA is far from the only reason healthcare organizations should develop procedures for dealing with the inevitable call from government investigators. The FBI and state enforcement agencies have proven to be the most aggressive  players in this area.

As important, growing concerns over identity theft are prompting tighter controls and higher accountability for all organizations - including healthcare - that handle personally identifiable information. That concern prompted the American Hospital Association recently to advise its members to review and modify their privacy practices to guard against the problem.

The threats of expanded investigations and civil suits over privacy and security breaches in healthcare are real and growing.

Responding appropriately to government investigators in the privacy and security areas takes some thought and planning to avoid "fishing expeditions" and ensuring that your organization does not create new problems.

To help healthcare organizations develop appropriate procedures, Melamedia, publishers of Health Information Privacy/Security Alert sponsored

Responding to Government Investigations of Medical Privacy and Security Breaches

This 90-minute audio seminar details the key issues and actions healthcare organizations should consider in responding to privacy and data security enforcement investigations.

Participants are briefed on:

  • Planning for HHS HIPAA investigator visits and calls;
  • Why privacy and security complaints may require different approaches;
  • How and when privacy and security officers should coordinate responses;
  • Dealing with complaints lodged against Business Associates;
  • Who should be on an investigation response team;
  • Establishing effective lines of communication between the organization and government enforcement officials;
  • What employees should and should not do in responding to government investigators;
  • What to do when employees lodge complaints;
  • How CMS and OCR are coordinating enforcement of the HIPAA privacy and security rules;
  • How other federal and state laws may affect your response to privacy and data security investigations;
    and much more

WHO SHOULD LISTEN

  • Privacy Officers
  • Security Officers
  • CIOs
  • General Counsels
  • Healthcare Compliance Officers
  • HIM Professionals
  • Hospital Administrators
  • Practice Managers
  • Electronic Records Vendors
  • IT Staff
  • HR Professionals
  • Healthcare Attorneys
  • Healthcare Consultants

THE FACULTY

Richard Meeks is the University of Washington's HIPAA Compliance Officer where he also manages the HIPAA Program Office for the university's medical centers. His prior experience includes 11 years in Health Information Management where he held positions at both the University of Washington Medical Center and Harborview Medical Center. His organization assisted in the investigation of the first national HIPAA criminal case.

John R. Christiansen is a principal in Christiansen IT Law, where he focuses on the implementation and management of healthcare information technology. In his practice, John has handled a wide variety of privacy and data security investigations for healthcare clients. He is also Co-Chair of the American Bar Association's Committee on Healthcare Privacy, Security and Information Technology and past Chair of its Healthcare Informatics Committee. His most recent book is An Integrated Standard of Care for Healthcare Information Security: HIPAA, Risk Management and Beyond (2005), the definitive legal treatise on security obligations applicable to healthcare information.

Moderator: Dennis Melamed, Editor of Health Information Privacy/Security Alert and the lead editor and writer of the three-volume HIPAA Handbook reference set.

CONTINUING EDUCATION CREDITS FOR CDs

    • All seminar participants will receive a certificate of participation
    • 1.5 IAPP Credits

ORDERING INFORMATION

  • The CD recording with all course materials: $275.00.

 

ORDER AT WWW.MELAMEDIA.COM
 or download the form at www.melamedia.com/101205.CD.pdf
and fax it to 703.619.4912

TRACK HIPAA ENFORCEMENT FOR FREE
Health Information Privacy/Security Alert offers free updates on HHS's efforts to enforce the HIPAA privacy and security regulations. The statistics include privacy complaints lodged with the Office for Civil Rights and security and transaction complaints lodged with CMS Office for Electronic Health Standards and Services.

CLICK HERE To receive the HIPAA Enforcement Statistics Update Service