New HIPAA Notification Rules for Breaches of Protected Health Information

Description

Group health plans must notify individuals of data breaches occurring on or after Sept. 23, now that federal rules have been issued on this new requirement added to HIPAA by February’s HITECH Act. All individuals whose protected health information (PHI) is compromised must be notified within 60 days — sometimes sooner — and HHS and even the media must be notified in some cases. With HHS planning to start imposing monetary penalties early next year, plan sponsors need to get systems and practices in place for breach detection, response and notification.

Program Highlights:
 

• What are the new breach notice rules and how do they affect employer-sponsored plans?
• What do I need to do if one of my employees or business associates has an unauthorized PHI disclosure that might be a breach?
• How does the HITECH safe harbor for “secured” PHI work?
• What kinds of risk assessments are required – both to prevent breaches and after one occurs?

Recording Date

Speakers

Joanne Hustead, Esq.  is a senior health care compliance specialist with The Segal Company. She specializes in research and compliance issues on federal laws and regulations affecting group health plans, especially HIPAA’s privacy rules. Prior to joining Segal, she was an assistant research professor at Georgetown University's Institute for Health Care Research and Policy.
 

Presentation Materials

Listen and watch the presentation online or download the files below.