The HITECH Act’s requirement for breach notification is the first national law – and the most sweeping – to call for the notification of individuals whose Protected Health Information (PHI) has been breached. The law and subsequent HHS rule are enforceable now, and organizations that incur a breach and fail to fulfill all of the standards are subject to both state and federal penalties.

This audio conference summarizes the breach notification requirements under the HITECH Act, highlighting areas that are particularly challenging for organizations, such as defining incidents and determining harm. It explains how breach notification steps fit into the mandated incident response plan and the need for proactive planning. Additionally, the speaker draws upon several real-life case studies to highlight important lessons learned.

This audio conference covers:

• Key definitions under the HITECH Act
• Components of the HIPAA incident response plan
• A review of breach notification requirements and response steps
• How to perform the harm threshold assessment
• Examples of posted breaches and common failures leading to breach

About the speaker:

Kate Borten is a nationally-recognized expert on HIPAA/HITECH and health information privacy and security. In the 1990s she led the first corporate-wide information security programs at Massachusetts General Hospital and Beth Israel Deaconess Medical Center in Boston.

Since founding The Marblehead Group (www.marbleheadgroup.com) in 1999 Kate has provided privacy and security education, assessments, program development, and regulatory compliance audits to the healthcare industry and their business associates. She is a frequent speaker and author of numerous books and columns on healthcare privacy and security.

Who should attend?

• Privacy Officers
• Information Security Officers
• Compliance Officers
• Risk Managers
• Legal Counsel
• CMO
• CIO