atanu1982/New-2018-HIPAA-updated-Breach-Notification-Rule
The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification to patients and the Department of Health and Human Services (HHS), following a breach of unsecured protected health information. Your ePHI data is deemed UNSECURED when The data is not declared useless, unreadable, or indecipherable to follow up by unauthorized persons, either as is or where deciphered using some sort of technological know-how or methods [specified by HIPAA authorities] HIPAA 2018 Changes In this HIPAA session we will be discussing HIPAA 2018 Changes taking place in Washington with the Health and Human Services when it comes to the enforcement of the HIPAA regulations already on the books as well as some step-by-step discussions on the audit method and some current functions regarding HIPAA cases (both in courtrooms and from live audits). Attend this Session Breach of ePHI Data excludes: Any unintentional acquisition: Any unintentional acquisition, access, or use of protected health information by authorized employee or a representative of a covered entity or a business associate. This is when the data accessed or used was made in good faith and within the scope of authority Any inadvertent disclosure: Any inadvertent disclosure by authorized employee or a representative of a covered entity or a business associate to another authorized employee or a representative of a covered entity or a business associate where the data is not used outside such disclosure Any disclosure: Any disclosure by authorized employee or a representative of a covered entity or a business associate to an unauthorized person when the authorized personnel has reasonable good belief perception that this not authorized person won't realistically have gotten to help hold on to such information. - Like a guardian, relative of the person HIPAA - Texting & Emailing in 2018 With the introduction of smartphones, emails have become the even more accessible form of communication. In conjunction with email comes the issue of security and them being intercepted and read by unintended persons. Precautions and steps are to be taken at every step of the way. So for a Healthcare concern or a business associate, it's a key to maximize patient communication tools while protecting itself and the organization from government penalties and patient lawsuits. Attend this Session Notification of Breach Notification Rule: A representative of a covered entity or a business associate shall, following discovery of a breach of unsecured protected health information, notify the covered entity of such breach. Determining a Breach: An acquisition, access, use, or disclosure of protected health information is presumed to be a breach. Exemption to this clause is when the covered entity or business associate demonstrates that there is a low probability that the PHI has been compromised. The below is the risk assessment factors/clauses used to demonstrate low probability: The nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification The unauthorized person who used the PHI or to whom the disclosure was made PHI need to be actually acquired or viewed by unauthorized personnel The extent to which the risk to the PHI has been migrated Breach discovered: A breach shall be treated as discovered by a covered entity or a business associate. As of the first day on which such breach is known to them OR By exercising reasonable diligence, would have been known to them HIPAA Privacy Officer: Module 1 HIPAA Privacy Officer Training will uncover all HIPAA and HITECH expectations in protecting patient and member's right to privacy and the confidentiality of Protected Health Information (PHI) as you engage in treatment, payment, and healthcare operations (TPO) services. Attend this Session Notification within: Rule requires that a covered entity or a business associate will provide notice of a breach to a covered entity. Without unreasonable delay AND In no case later than 60 days following the discovery of a breach In case the business associate is not an agent of the covered entity, then the covered entity is required to provide notification based on the time the business associate notifies the covered entity of the breach Training for HIPAA Compliance Training of workforce: It's the responsibility of the covered entity or the business associate in: Ensuring that all workforce members are appropriately trained and knowledgeable about what constitutes a breach Updating the policies and procedures for reporting breach Ensuring proper steps for analyzing are documented and staff trained for the same Documenting all policies, procedures for analyzing and reporting possible breach of unsecured protected health information Burden of proof rests on covered entity or business associate and hence ensuring all notifications should be recorded HIPAA Privacy Officer: Module 2 HIPAA Privacy Officer Training will cover all ongoing activities of a Privacy Program related to the development, implementation, maintenance of, and adherence to the organization's policies and procedures covering the privacy of, and access to, patient health information in compliance with federal and state laws and the healthcare organization's information privacy practices. Attend this Session Content of Breach Notification A breach notification shall be written in plain language. A breach notification shall include the following elements: A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known A description of the types of unsecured protected health information that were involved in the breach (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved) Steps individuals should take to protect themselves from potential harm resulting from the breach A brief description of what the covered entity involved is doing to investigate the breach, to mitigate harm to individuals, and to protect against any further breaches and Contact procedures for individuals to ask questions or learn additional information, which shall include a toll-free telephone number, an e-mail address, Web site, or postal address.....https://www.complyarena.com/articledetails/New-2018-HIPAA-Breach-Notification-Rule-Update