As HIPAA covered entities, health centers are required to investigate security and privacy incidents to determine whether an impermissible use or disclosure of protected health information (PHI) is a breach. Under the HIPAA Breach Notification Rule, covered entities must presume there was a breach unless they can demonstrate that there is a low probability that the PHI has been compromised based upon a four-factor risk assessment. If the covered entity determines there has been a breach of unsecured PHI, the covered entity must notify the affected patients, the Office for Civil Rights (OCR), and, in certain circumstances, the media.
This webinar will guide health centers through the risk assessment process, including the four-factor analysis for determining whether the PHI has been compromised. The presenter will review the requirements for reporting breaches to patients, to OCR and to the media. This webinar is particularly timely given the deadline for covered entities to report all breaches affecting fewer than 500 individuals to OCR within 60 days of the end of the calendar year.
This webinar is offered as a complementary product to all Health Center Compliance Premium Plan Subscribers
. To learn more about FTLF’s Premium Plan Subscription and to become a subscriber, please email email@example.com.