In our electronic world, breaches of PHI are inevitable, and the natural reaction is one of panic and uncertainty. Organizing and implementing breach notifications is stressful, burdensome, and expensive, and a breach may only be the presenting problem for more fundamental security issues. HIPAA’s Breach Notification Rule provides guidance by mapping out a plan of action.
Health-care organizations need to implement reasonable and appropriate safeguards that meet the practice’s environment and patient population. Use of the HIPAA Security Rule will put in place clear procedures to prevent, detect, contain, and correct security violations. This one-hour webinar will help bridge the gap between knowledge and implementation.
At the conclusion of this course, participants should be able to:
- Define what is and is not a breach under the HIPAA Privacy Rule,
- Describe the difference between “secured” and “unsecured” PHI, and
- Cite one security-incident-response policy they will implement to manage a breach notification.
John R. Christiansen, Christiansen IT Law
Since the early 1990s, John R. Christiansen has been practicing law related to health-information technology. After practicing in major law and consulting firms, John formed Christiansen IT Law in 2005 to provide services on a more flexible, cost-effective basis. Christiansen IT Law’s services include privacy and security assessment, compliance and risk management, contracting and licensing of health information technology services, and related issues. Clients include health-care providers, technology and services vendors, government agencies, academic institutions, and professional firms.
John is an active participant in professional associations, including current service as Chair of the Washington State Bar Association Health Law Section, and past Chair of the American Bar Association’s HITECH Megarule Task Force. He frequently speaks and publishes on health information technology and is the author of An Integrated Standard of Care for Healthcare Information Security
(AHLA 2005), The HITECH Business Associate Contracts Bible
(ABA 2013) and Management of Health Information in Washington State: Federal and State Regulations
(WSHIMA 2015), a recently published, comprehensive reconciliation of Washington State and federal health information privacy laws.
Tracey L.G. Hugel, RNC-TNP, CHC, CHPC, CPHIMS – Skagit Regional Medical Center, Mount Vernon, WA
– HIPAA Privacy and Security Compliance Officer, Family Care Network, Bellingham, WA Cathy Reunanen
, ARM, CPHRM – Senior Healthcare Risk Management Consultant, Physicians Insurance, Seattle, WA Cryss. Toycen
– CME Specialist, Physicians Insurance, Seattle, WA Mesina McMurray
– CME Coordinator, Physicians Insurance, Seattle, WA Amanda Pugh
– Risk Management Education Assistant, Physicians Insurance, Seattle, WA
Original release: May 2016
Last reviewed: May 2017
Expiration: May 2019
This CME activity was planned and produced in accordance with the ACCME Essentials.
Category 1 credit is applicable throughout the United States.
Estimated time to complete this activity: 1 hour
Physicians in Washington State will fulfill the risk-management-education requirement mandated by the Washington Health Services Act of 1993.
Physicians Insurance/Experix is accredited by the Washington State Medical Associasiton to provide continuing medical eduction for physicians.
Physicians Insurance/Experix designates this enduring material for a maximum of 1 AMA PRA Category 1 Credit™. Physicians should claim only the credit commensurate with the extent of their participation in the activity.
This activity meets the criteria for up to 1 hour of Category I CME credit to satisfy the relicensure requirements of the Washington State Medical Quality Assurance Commission.
The content of this activity does not relate to product of a commercial interest as defined by the ACCME; therefore, neither the planners nor the faculty have relevant financial relationships to disclose. Physicians Insurance/Experix CME maintains full control of the content of every course we provide. It is our policy to identify and resolve all speaker and planner conflicts of interest. Each speaker is required to give a balanced, evidence-based presentation that is free of commercial bias.
Resolution of Conflicts of Interest
Physicians Insurance/Experix has implemented a process to resolve conflicts of interest for each continuing medical education activity, to help ensure content objectivity, independence, fair balance, and content that is aligned with the interest of the public. Conflicts, if any, are resolved through a peer-review process.