October 12, 2005

Responding To Government Investigations Of Medical Privacy And Security Breaches

Healthcare privacy and security practices are drawing substantial attention from enforcement agencies at all levels of government. That means organizations must develop effective procedures to respond to the almost inevitable visit or phone call from federal and state enforcement officials when they investigate patient and employee complaints.

To meet these challenges, HHS has trained about 200 investigators on the regional level to pursue HIPAA complaints.

However, HIPAA is far from the only reason healthcare organizations should develop procedures for dealing with the inevitable call from government investigators. The FBI and state enforcement agencies have proven to be the most aggressive players in this area.

As important, growing concerns over identity theft are prompting tighter controls and higher accountability for all organizations - including healthcare - that handle personally identifiable information. That concern prompted the American Hospital Association recently to advise its members to review and modify their privacy practices to guard against the problem.

The threats of expanded investigations and civil suits over privacy and security breaches in healthcare are real and growing.

Responding appropriately to government investigators in the privacy and security areas takes some thought and planning to avoid "fishing expeditions" and ensuring that your organization does not create new problems.

To help healthcare organizations develop appropriate procedures, Melamedia, publishers of Health Information Privacy/Security Alert sponsored:

Responding to Government Investigations of Medical Privacy and Security Breaches

This 90-minute audio seminar details the key issues and actions healthcare organizations should consider in responding to privacy and data security enforcement investigations.

Participants are briefed on:

Planning for HHS HIPAA investigator visits and calls;
Why privacy and security complaints may require different approaches;
How and when privacy and security officers should coordinate responses;
Dealing with complaints lodged against Business Associates;
Who should be on an investigation response team;
Establishing effective lines of communication between the organization and government enforcement officials;
What employees should and should not do in responding to government investigators;
What to do when employees lodge complaints;
How CMS and OCR are coordinating enforcement of the HIPAA privacy and security rules;
How other federal and state laws may affect your response to privacy and data security investigations;
and much more.

Who Should Listen

Privacy Officers
Security Officers
CIOs
General Counsels
Healthcare Compliance Officers
HIM Professionals

Hospital Administrators
Practice Managers
Electronic Records Vendors
IT Staff
HR Professionals
Healthcare Attorneys
Healthcare Consultants

The Faculty

Richard Meeks, is the University of Washington's HIPAA Compliance Officer where he also manages the HIPAA Program Office for the university's medical centers. His prior experience includes 11 years in Health Information Management where he held positions at both the University of Washington Medical Center and Harborview Medical Center. His organization assisted in the investigation of the first national HIPAA criminal case.

John R. Christiansen, is a principal in Christiansen IT Law, where he focuses on the implementation and management of healthcare information technology. In his practice, John has handled a wide variety of privacy and data security investigations for healthcare clients. He is also Co-Chair of the American Bar Association's Committee on Healthcare Privacy, Security and Information Technology and past Chair of its Healthcare Informatics Committee. His most recent book is An Integrated Standard of Care for Healthcare Information Security: HIPAA, Risk Management and Beyond (2005), the definitive legal treatise on security obligations applicable to healthcare information.

Moderator: Dennis Melamed, Editor of Health Information Privacy/Security Alert and the lead editor and writer of the three-volume HIPAA Handbook reference set.

Continuing Education Credits

All seminar participants will receive a certificate of participation
1.5 IAPP Credits

CD Ordering

The CD recording with all course materials are excellent educational and briefing resources: $275

Download the form at http://www.melamedia.com/101205.CD.pdf and fax it to 703.619.4912