Events

Webinar: Lessons and Examples of 2022’s HIPAA Breaches and Fines

Posted by HIPAA Journal

In 2022 the Office for Civil Rights (OCR) did not slow down its enforcement actions. Over 55% of HIPAA fines in 2022 were levied against small medical practices.

Watch this recorded webinar to learn about:

  • The breaches and fines of 2022 (what caused them and who was affected).
  • How to protect yourself from committing a breach in 2023 and avoid a large fine.
  • What we expect the main HIPAA issues to be in 2023 and what to look out for.

Please fill in the form to be immediately directed to the video.

HIPAA has by now become an essential part of an organization’s culture, affecting many aspects of how business is conducted. HIPAA regulations are continuously being modified, and it is therefore essential to keep up-to-speed with the latest changes.

The post Webinar: Lessons and Examples of 2022’s HIPAA Breaches and Fines appeared first on HIPAA Journal.

National HIPAA Summit – Reader Offer Discount Code

Posted by HIPAA Journal

The National HIPAA Summit is the leading forum on healthcare EDI, privacy, breach notification, confidentiality, data security, and HIPAA compliance, and the deadline for registration for the Virtual 40th National HIPAA Summit is fast approaching. The event provides a tremendous opportunity for learning through HIPAA workforce training sessions and keynote speeches from top government officials and leading industry professionals.

Reader Offer: $100 Off Registration Fee

The HIPAA Journal has a $100 discount for readers. Enter “HIPAAJournal” (not case sensitive) on the Registration Page.  This is a reader offer for the benefit of The HIPAA Journal readers. (Not a sponsored post, or an affiliate link)

Register for the Virtual 40th National HIPAA Summit Here

Attendees will gain valuable insights into health information privacy, healthcare cybersecurity, HIPAA enforcement, and a wealth of information to help them maintain HIPAA compliance and take healthcare data privacy and security to the next level.

This year, the HIPAA Summit is being co-chaired by:

  • Adam Greene, JD, MPH – Partner and Co-chair, Health Information & HIPAA Practice, Davis Wright Tremaine LLP, HIPAA Summit Distinguished Service Award Winner, Former Senior Health Information Technology and Privacy Specialist, Office for Civil Rights, HHS, Washington, DC
  • Kirk J. Nahra, JD – Partner and Co-chair of the Privacy and Cybersecurity Practice, Wilmer Hale, Adjunct Professor, American University Washington College of Law, Washington, DC
  • Iliana Peters, JD, LLM – Shareholder, Polsinelli, Former Acting Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services, Washington, DC
  • Robert M. Tennant, MA – Vice President, Federal Affairs, Workgroup for Electronic Data Interchange (WEDI); Former Director, HIT Policy, Medical Group Management Association; Washington, DC

Virtual 40th National HIPAA Summit – March 7-10, 2023

The Virtual 40th National HIPAA Summit runs March 7-10, 2023, and is split into several mini-summit groups. These groups cover privacy and HIPAA compliance best practices, HIPAA breach trends, and HIPAA enforcement initiatives and breach trends. This year summit groups covering post-Dobbs reproductive health information privacy, Privacy risks from website tracking technologies, current and emerging security risks, medical and wearable device cybersecurity, incident response and breach notification best practices, privacy and security in the metaverse, business associate compliance and risk management, lessons learned from healthcare ransomware attacks, and more.

Government Keynote Speakers

  • Nicholas Heesters, MEng, JD, CIPP – Senior Advisor for Cybersecurity, Office for Civil Rights, US Department of Health and Human Services, Philadelphia, PA
  • Melanie Fontes Rainer, MSME, JD – Director, Office for Civil Rights, HHS; Former Senior Advisor, Healthcare to Attorney General, CA DOJ; Former Chief of Staff, Medicare-Medicaid Coordination Office, Centers for Medicare & Medicaid Services, Washington, DC
  • Micky Tripathi, MPP, PhD – National Coordinator for Health Information Technology, US Department of Health and Human Services, Washington, DC
  • Elisa K. Jillson, JD – Counsel to the Director, Bureau of Consumer Protection, U.S. Federal Trade Commission, Washington, DC

Keynote Speakers

  • Patrice Ettinger, JD, CIPP/US – Chief Privacy Officer, Pfizer; Past Chair, International Association of Privacy Professionals; Former Chief Privacy Officer, Avon, New York, NY
  • Sally Greenberg – Executive Director, National Consumers League; Former Senior Product Safety Counsel, Consumers Union; Former Eastern States Civil Rights Counsel, Anti-Defamation League, Washington, DC
  • Trevor Hughes, JD, CIPP – President and Chief Executive Officer, International Association of Privacy Professionals; Former Executive Director, Network Advertising Initiative and Email Sender and Provider Coalition, Boston, MA
  • Walter E. Johnson, MS, CCEP, CCEP-I, CHC, CHPC – Assistant Privacy Officer, Inova Health System; President, Health Care Compliance Association, Washington, DC
  • Deven McGraw, JD, MPH, LLM – Cofounder and Lead, Data Stewardship & Data Sharing, Invitae; Former Deputy Director, Health Information Privacy, OCR, HHS, Redwood City, CA
  • Faith Myers, JD – Chief Privacy Officer & Vice President, Global Privacy, McKesson; Chief Privacy Officer & Senior Vice President, Compliance Officer, CoverMyMeds, Smyrna, GA
  • Jules Polonetsky, JD – Chief Executive Officer, Future of Privacy Forum; Former Chief Privacy Officer, AOL and DoubleClick; Former Consumer Affairs Commissioner, New York City; Former Member, New York State Assembly; Former Legislative Aide, Congressman Charles Schumer, Washington, DC
  • Daniel J. Solove, JD – John Marshall Harlan Research Professor of Law, George Washington University Law School; Founder, TeachPrivacy; Author, Understanding Privacy; Information Privacy Law The Future of Reputation: Gossip, Rumor, and Privacy on the Internet and The Digital Person: Technology and Privacy in the Information Age, Washington, DC
  • Gerry Zack, MBA, CPA, CFE, CIA, CRMA – Chief Executive Officer, Health Care Compliance Association (HCCA) and Society of Corporate Compliance and Ethics (SCCE); Former Chair, Association of Certified Fraud Examiners (ACFE), Minneapolis, MN

On Tuesday, February 28, 2023, there is an opportunity for professional certification preconference certified cyber security architect (CCSA) training (separate registration required). This will be followed by the preconference basic training day on March 2, 2023. The pre-conference basic training day is included in the basic HIPAA Summit registration and includes 8 training sessions, followed by a HIPAA Workforce Training Faculty Q&A.

2023 HIPAA Summit – HIPAA Workforce Training Sessions

  • HIPAA Privacy Basics – Adam Greene, JD, MPH
  • Breach Notification Rule and HIPAA Enforcement Rule Basics – Iliana Peters, JD, LLM
  • HIPAA Workforce Training 3: HIPAA Security Basics – David Holtzman, JD, CIPP/US/G
  • How to Achieve the Right Balance of Data Privacy and IT Security – Pamela Hrubey, DrPH, CIPM, CIPP/US, CCEP
  • Business Associate Basics – John Haskell, JD
  • Basics of State Privacy and Security Laws and Relationship to Federal Regulation – Sheila Sokolowski, JD
  • The Basics of Information Blocking – Jodi Daniel, JD, MPH
  • HIPAA Administrative Transactions Basics – Robert M. Tennant, MA

The full schedule for the event can be downloaded here – HIPAA Summit Schedule (PDF). The event will be live-streamed, and an archive of the webcast will be made available to registered individuals for several months after the event for workforce training purposes.

 

Reader Offer: $100 discount

The HIPAA Journal has a $100 discount for readers simply enter “HIPAAJournal” (not case sensitive) on the Registration Page.

Register for the Virtual 40th National HIPAA Summit Here

This is a reader offer for the benefit of The HIPAA Journal readers. This is not a sponsored post, this is not an affiliate link, The HIPAA Journal has no financial arrangement with The HIPAA Summit.

The post National HIPAA Summit – Reader Offer Discount Code appeared first on HIPAA Journal.

Webinar Today: 3/23: Lessons and Examples from 2022 Breaches and HIPAA Fines

Posted by HIPAA Journal

Healthcare data breaches continued to be reported at an astonishing rate in 2022, with data breaches of 500 or more records being reported at a rate of almost two per day. Healthcare providers and other healthcare entities continue to be targeted by cybercriminals and nation-state actors, and attacks have increased in both volume and sophistication. Cyberattacks on large healthcare providers continue to occur in high numbers, but 2022 has also seen an increase in attacks on small and medium-sized healthcare organizations and business associates of HIPAA-covered entities. For healthcare organizations, it is no longer a case of if a data breach will occur but when it will happen.

When data breaches occur, the HHS’ Office for Civil Rights (OCR) investigates and HIPAA-regulated entities must be able to demonstrate they are in compliance with the HIPAA Rules. High numbers of data breaches mean OCR investigates more HIPAA-regulated entities, so it is no surprise that there were many HIPAA enforcement actions in 2022. In fact, more HIPAA fines were imposed in 2022 than in any other year since OCR was given the authority to enforce HIPAA compliance.

One interesting HIPAA enforcement trend that has continued in 2022 is an increasing number of enforcement actions against small healthcare practices. In 2022, 55% of civil monetary penalties and settlements were to resolve compliance failures at small healthcare practices, with OCR continuing to focus on HIPAA Right of Access violations and missing HIPAA documentation, especially risk assessment documentation. The data breaches and HIPAA enforcement actions

Compliancy Group is hosting a webinar where attendees can learn more about the 2022 healthcare data breaches, HIPAA enforcement trends, and the lessons that can be learned from these data breaches and HIPAA fines. During the webinar you will find out about:

  • 2022 data breach trends – How they occurred, who they affected, and the lessons that can be learned from those data breaches
  • 2022 HIPAA enforcement trends – What OCR is now focused on and what to expect in 2023
  • How to protect against data breaches and civil monetary penalties
  • Compliancy Group’s HIPAA compliance experts will be on hand and will give you the inside scoop and will provide predictions for the coming year and what you should look out for.

Compliancy Group first hosted this webinar on January 18, but due to the immense popularity of the webinar, it is being run again this month, so if you missed it the first time around you have another chance to attend.

Webinar Details:

Lessons and Examples of 2022 Breaches and Fines

Host: Compliancy Group

Speaker: Liam Degnam, Compliancy Group’s Director of Strategic Initiatives

Date: Thursday, March 23rd, 2023

Time: 11:00 a.m. PT ¦ 12:00 p.m. MT ¦ 1:00 pm CT ¦ 2:00 pm ET

Register for the webinar using the form below and remember to add the date in your diary. This is a webinar you will not want to miss!

The post Webinar Today: 3/23: Lessons and Examples from 2022 Breaches and HIPAA Fines appeared first on HIPAA Journal.

Webinar Today: 12/14/2022: Solving HIPAA Compliance (Software Demonstration)

Posted by HIPAA Journal

Achieving and maintaining compliance with the Privacy, Security, Breach Notification, and Omnibus Rules of the Health Insurance Portability and Accountability Act (HIPAA) can be a challenge for HIPAA-regulated entities.

One of the easiest approaches is to seek assistance from a third-party compliance company such as Compliancy Group. Compliancy Group was founded in 2005 by former auditors and compliance experts with the goal of simplifying compliance. The company provides coaching, assistance with risk analysis and risk management, and has developed a software solution – The Guard – that helps clients automate the majority of administrative tasks associated with a compliance program. The software solution saves clients time and eliminates all the guesswork associated with the implementation process.

On December 14, 2022, Compliancy Group is hosting a webinar to demonstrate The Guard. Attendees will learn how the software solution can help their organization achieve HIPAA compliance, mitigate risk, and avoid financial penalties. Join Compliancy Group for the Group Demo of its software solution to learn how it can help your organization using the form below:

Webinar Details:

Solving HIPAA Compliance (The Guard Software Demonstration)

Wednesday, December 14th, 2022

11:00 a.m. PT ¦ 12:00 p.m. MT ¦ 1:00 pm CT ¦ 2:00 pm ET

The post Webinar Today: 12/14/2022: Solving HIPAA Compliance (Software Demonstration) appeared first on HIPAA Journal.

Webinar Today: 12/6/2022: How to Complete Your 2022 Risk Assessment

Posted by HIPAA Journal

The Health Insurance Portability and Accountability Act (HIPAA) requires HIPAA-covered entities and their business associates to complete a risk assessment. The purpose of the risk assessment is to identify and evaluate all risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI). An annual risk assessment is also required by MACRA/MIPS.

Only by conducting a risk assessment is it possible to identify all risks to ePHI, evaluate them, prioritize them, and then subject them to the risk management process. Despite the importance of this element of HIPAA compliance, it is one of the most commonly cited HIPAA violations by the HHS’ Office for Civil Rights in its enforcement activities and HIPAA audits.

The risk assessment should not be viewed as a HIPAA compliance checkbox item to avoid financial penalties. Conducting a comprehensive HIPAA risk assessment will identify vulnerabilities before they are found and exploited by threat actors. Completing an annual HIPAA risk assessment will help HIPAA-regulated entities prevent costly data breaches as well as avoid regulatory fines.

To help you complete your 2022 HIPAA risk assessment and ensure you are fully compliant, Compliancy Group is hosting a webinar that provides an overview of everything you need to know about completing your 2022 risk assessment. Previous webinars have already helped many HIPAA-regulated entities ensure compliance with this important HIPAA requirement.

The 2022 deadline is approaching so covered entities must conduct their HIPAA risk assessment by the end of the year. Due to popular demand and the importance of the subject matter, this webinar is now being run again in December.

Mark the date in your calendar and register for the webinar using the form below.

2022 Deadline Approaching Fast

How to Complete your 2022 HIPAA Risk Assessment

December 7th @ 2:00 pm ET ¦ 1:00 pm CT ¦ 12:00 pm MT ¦ 11:00 am PT

 

The post Webinar Today: 12/6/2022: How to Complete Your 2022 Risk Assessment appeared first on HIPAA Journal.

Webinar Today: Aug 17, 2022: Do I Need to be HIPAA Compliant?

Posted by HIPAA Journal

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards to protect sensitive patient health information and to prevent that information from being disclosed without an individual’s knowledge or consent. HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses, which are classed as HIPAA-covered entities.

There is a misconception that only HIPAA-covered entities need to ensure they are compliant with the HIPAA Privacy, Security, Breach Notification, and Omnibus Rules; however, HIPAA also applies to business associates of HIPAA-covered entities. A business associate is any third party that provides products or services to HIPAA-covered entities that involves contact with protected health information (PHI) in any form.

Achieving and maintaining HIPAA compliance is vital for all HIPAA-covered entities and business associates. The HHS’ Office for Civil Rights and state Attorneys General have the authority to impose financial penalties and other sanctions if non-compliance with the HIPAA Rules is discovered, and many organizations have discovered to their cost that compliance with the HIPAA Rules is not optional.

If you work in healthcare in any capacity, it is almost certain that you need to be HIPAA compliant. If you are in any doubt, Compliancy Group is hosting a webinar on August 17, 2022, to answer the question, do I need to be HIPAA compliant?

Do I Need to be HIPAA Compliant?

August 17th @ 2:00 pm ET ¦ 11:00 am PT

Host: Compliancy Group

[contact-form-7]

The post Webinar Today: Aug 17, 2022: Do I Need to be HIPAA Compliant? appeared first on HIPAA Journal.

Webinar Today: July 20, 2022: Compliance vs. Security: Why you Need Both to be HIPAA Compliant

Posted by HIPAA Journal

Healthcare providers, health plans, healthcare clearinghouses, and business associates of those entities that come into contact with protected health information (PHI) are required to ensure policies, processes, and people are compliant with the Rules of the Health Insurance Portability and Accountability Act (HIPAA).

Ensuring you have a good security posture is an important part of HIPAA compliance. The HIPAA Security Rule requires HIPAA-regulated entities to have appropriate safeguards in place to ensure the confidentiality, integrity, and availability of ePHI, and to manage risks to protected health information and reduce them to a low and acceptable level.

Ensuring you have a good security posture has never been more important. Cyber threat actors have stepped up their attacks on the healthcare industry and data breaches are occurring at record levels. Further, following the ‘Safe Harbor’ update to the HITECH Act, if you are able to demonstrate you have implemented recognized security practices, you will be protected against fines, sanctions, and extensive audits and investigations by the HHS’ Office for Civil Rights.

To help you on your compliance journey and with your security efforts, Compliancy Group is hosting a webinar that will explain the ins and outs of compliance and cybersecurity, and why both are necessary for patient privacy and your practice’s security.

During the webinar, Compliancy Group will explain how HIPAA compliance can be simplified, you will be walked through the regulation, and will be provided with actionable tips that you can implement within your practice today.

 3 learning objectives of the webinar:

  1. Why compliance and security are BOTH required for HIPAA compliance.
  2. How HIPAA and security help protect your patients.
  3. What you can implement in your practice now to avoid breaches and fines.

Webinar Details:

Compliance vs. Security: Why you Need Both to be HIPAA Compliant

Wednesday, July 20, 2022

11:00 a.m. PT ¦ 2:00 p.m. ET

Host: Compliancy Group

[contact-form-7]

The post Webinar Today: July 20, 2022: Compliance vs. Security: Why you Need Both to be HIPAA Compliant appeared first on HIPAA Journal.

Webinar: 6 Secret Ingredients to HIPAA Compliance

Posted by HIPAA Journal

 

Free Webinar Recording

6 Secret Ingredients to HIPAA Compliance

Immediate and Direct Access on HIPAAJournal.com

[contact-form-7]

 

This Compliancy Group webinar provides:

Step-by-step “how-to-guides” for HIPAA compliance

Ingredients for a well-run compliance program

Proper time and instruction for each piece

The complexities of the regulation

And much more ….

 

The post Webinar: 6 Secret Ingredients to HIPAA Compliance appeared first on HIPAA Journal.

Webinar Today: How to Become HIPAA Compliant

Posted by HIPAA Journal

Healthcare organizations and their business associates need to be HIPAA compliant, but complying with the HIPAA Rules can be a daunting task and many new businesses don’t know where to start.

To help HIPAA-regulated entities get on the right track, Compliancy Group is hosting a webinar this month and will explain the ins and outs of what is needed for your compliance program.

In the webinar, you will learn:

  • How HIPAA satisfies your patients/clients
  • The 7 fundamental elements of an effective compliance program
  • The benefits of being HIPAA compliant
  • How to protect your business from breaches and fines
  • And many more tips and tricks!

Join Compliance Group to learn how your organization can become compliant and how to start leveraging the full benefits of HIPAA.

Webinar: How to Become HIPAA Compliant

Wednesday, March 23rd, 2022 @ 11:00 a.m. PT ¦ 2:00 p.m. ET

Host: Compliancy Group

[contact-form-7]

The post Webinar Today: How to Become HIPAA Compliant appeared first on HIPAA Journal.