HIPAA Breach Risk Assessment for Ransomware Attacks

Description

HIPAA Breach Risk Assessments determine whether a Ransomware attack constitutes a HIPAA Breach that triggers Breach Notification Rule reports and notifications. A Ransomware attack is automatically presumed to be a HIPAA Breach unless you do a HIPAA Breach Risk Assessment that demonstrates the attack resulted in only a low probability of compromise to the affected protected health information (PHI). This webinar explains how to do a Ransomware HIPAA Breach Risk Assessment.

The Problem Solved by this Webinar

The HHS Office for Civil Rights (OCR) declared that a breach of unsecured PHI is presumed to have occurred when electronic protected health information (ePHI) is encrypted as the result of a ransomware attack on a HIPAA-regulated entity (health care provider, health plan, health care clearinghouse, or business associate). The entity must then comply with the applicable breach notification provisions, including notifying affected individuals without unreasonable delay, the Secretary of HHS, and the media (for breaches affecting over 500 individuals), in accordance with HIPAA breach notification requirements.

However, it is not a breach if the ransomware-victimized entity can demonstrate that there is a low probability that the encrypted ePHI has been compromised. This webinar explains how to do that.

Areas Covered in the Webinar

• A Breach Risk Assessment can determine whether a ransomware attack is a breach of unsecured ePHI, triggering embarrassing reports and notifications.
• Factors that can be applied in performing a Breach Risk Assessment.
• OCR’s guidance about specific factors that can demonstrate a low probability of compromise to ePHI encrypted by a ransomware attack.
• How to perform a Breach Risk Assessment step-by-step.
• How to document a Breach Risk Assessment and why you must document it.
• What to do if you cannot demonstrate a low probability of compromise to ePHI.

Why You Should Attend This Webinar

Attend this webinar to learn how to perform a Breach Risk Assessment with a special emphasis on ransomware attacks. Ransomware attacks may have only a low probability of compromising ePHI. A Breach Risk Assessment can determine whether a ransomware attack resulted only in a low probability of compromise to ePHI and provide Covered Entities and Business Associates with Documentation to overcome the presumption that the ransomware attack was a Breach..

Who Will Benefit

Health Care Covered Entities

• HIPAA Compliance Officials – Privacy and Security Officers
• Chief Compliance Officer
• Practice Managers
• Health Information Technology Supervisors
• Risk Managers
• Group Health Plan Administrators
• Third Party Group Health Plan Administrators
• Covered Entity Senior Management and Owners
• Health Care Providers practicing as individuals or in small groups
• Attorneys for Covered Entities – In-house and Outside Counsel

Business Associates

• HIPAA Compliance Officials – Privacy and Security Officers
• Chief Compliance Officer
• Business Associate Senior Management and Owners
• Risk Managers
• Attorneys for Business Associates – In-house and Outside Counsel