LinkedIn

As HITECH breach notification compliance and enforcement become a reality, many lessons can be learned from past responses to security breaches under existing breach notice laws (effective in 45 states, the District of Columbia, Puerto Rico, the Virgin Islands, and counting) as well as the technological challenges of effectively securing PHI. This workshop will take a comprehensive look at breach notification compliance, mitigation and response strategies, including: • Fundamental requirements of the HITECH breach notice rules; • Factors to be considered in determining whether the harm threshold has been met; • Legal and regulatory assumptions for Safe Harbor as defined by HITECH; • Technical and business limits of encryption to protect PHI in transit and in storage; • Practical approaches to managing risk with Business Associates; • Considerations raised by past responses (both successful and unsuccessful) to state breach notice laws; and • Pitfalls to avoid in breach notification compliance and response efforts. The workshop will provide an inside look at government enforcement actions that have followed previous breaches notified under state law, and apply the teachings from those incidents to breach responses in the context of the HITECH breach notice rules. The workshop also will tackle a holistic look at compliance, correcting the myth of end-point encryption as a cure-all Safe Harbor shield to breach reporting, and addressing the reality that due to common threats to PHI data, reportable breaches will still happen unless encryption is viewed as only one element in a comprehensive security program. The panel will draw on their experience representing clients who experienced security incidents involving both personal information (as regulated by state breach notice laws) and protected health information (as regulated by HIPAA), to provide you with useful insights and practical compliance pointers.