February 26, 2008
Complying with New Health Data Breach Laws
New Healthcare Breach Notification Law Expands Responsibilities Well Beyond HIPAA
All organizations that have patient or employee health data now face new requirements to protect those records and notify individuals if breaches occur. A California law that went into effect Jan. 1 affects all organizations and covers breaches of personal records that include health information.
This is more than a HIPAA issue because it makes no distinction among those who are covered by the federal privacy and security rules and those who are not. It covers all organizations. California will not be alone for very long as many states already are looking closely at adopting similar requirements.
While healthcare organizations with HIPAA compliance plans have an advantage in dealing with the new requirements, they still will have to adjust and strengthen their compliance plans to meet the new responsibilities.
The California law puts a heavy new emphasis on incident response, breach notification and mitigation programs. But it doesn't end there.
Healthcare organizations must take a new and hard look at their Business Associate agreements as vendors represent a special area of risk.
Electronic health record and personal health record companies will come under new pressure to establish compliance plans and demonstrate their effectiveness to their clients. Again, the California law affects any organization that has personal health information.
Employers also will be under the gun because they maintain a lot of health information for many reasons, such as workers compensation, fitness for duty assessments, and medical leave.
To assist organizations meet new requirements on handling health information, Health Information Privacy/Security Alert sponsored:
Complying with New Health Data Breach Laws
Participants are briefed on:
- The Implications Of The California Medical Information Breach Notification Law;
- Policies Defining And Prioritizing Security Incidents;
- Policies Governing Business Associates;
- Policies Defining The Responsibilities Of A Security Incident Response Team;
- Policies For Internal Reporting Of Breaches;
- Timetables For Responding To Incidents Based On Their Severity;
- Integrating New Policies Into Existing Compliance Plans;
- Factors To Consider In Executing A Breach Notification To Patients And Other Affected Individuals
- and much more.
Who Should Listen
Security Officers
All Business Associates
Senior Healthcare Executives
All HR Professionals, Regardless Of Industry
Healthcare Insurers
EHR & PHR Professionals
Healthcare Providers
Research Administrators
Biomedical Product Manufacturers
Healthcare Attorneys And Consultants
The Faculty
Chris Apgar, CISSP, President, Apgar & Associates, LLC; former HIPAA Compliance officer for Providence Health Plans in Oregon and SW Washington; member of the WEDI Board of Directors; member of the HHS-funded health information exchange initiative, Health Information Security and Privacy Collaborative to develop national privacy & security solutions in electronic health information exchange within and between states.
John Christiansen, JD, Co-Chair of the American Bar Association's Committee on Healthcare Privacy, Security and Information Technology; and a member of the technical expert advisory panel for the HHS-funded Health Information Security and Privacy Collaboration; principle, Christiansen IT Law.
Dennis Melamed, Editor/Publisher, Health Information Privacy/Security Alert; Adjunct Professor, Drexel College of Medicine.
Continuing Education Credits
- All seminar participants will receive a certificate of participation
- 1.5 IAPP Credits
CD Ordering
The CD recording with all course materials are excellent educational and briefing resources: $275
Download the form at http://www.melamedia.com/022608.order.form1.pdf and fax it to 703.619.4912