HIPAA Security Incidents & Breaches: Investigation, Documentation, and Reporting

1.5 CE Credit Hours. Legal-Ethical. Continuing Education Session Replay

Presented By: Tara Sanderson, PsyD, MBA and Liath Dalton

Learn from Dr. Tara Sanderson and Liath Dalton as they provide a high-level overview of the most common causes of unauthorized disclosures/HIPAA breaches; the basics of breach response, including investigating, documenting, notification, and reporting; and, ways to prevent the likelihood and lessen the impact of a breach.

Course Description

Educational Objectives

  • Describe the HIPAA Breach Notification Rule
  • Identify necessary HIPAA Security Policies and Procedures to be in compliance with the HIPAA Security Rule standards related to breach prevention, notification, and response
  • Recognize common causes of HIPAA Breaches


Breach Basics

  • Breaches Happen 
    • Emotional Norming. 
    • Being Proactive, not just reactive when it comes to incident and breach preparedness. 
  • HIPAA Breach Notification Rule
    • Requirements of the Breach Notification Rule
    • Refresher on what constitutes Protected Health Information (PHI) – what must be protected from “impermissible use or disclosure”
    • What makes something a HIPAA breach?
      • From incident to breach
      • Onus of proving an incident was not a breach
    • Was an incident a breach?
      • Incident risk assessment factors that are required to be evaluated in the event of a breach
    • Breach Exceptions
    • Breach Issues Beyond HIPAA
      • State Data Breach Rules
      • Licensing Board Rules
  • Breach Realities
    • Data and recommendations from HHS Office of Civil Rights Annual Report to Congress on Breaches of Unsecured Protected Health Information
      • Breaches Reported
      • Breach Causes
      • Breach Investigation
      • Recommendations/Lessons Learned
  • Incident Investigation, Breach Determination, and Documentation
    • Policies & Procedures that Protect: Your Security Incident Response & Breach Notification Policy
    • Incident Investigation and Documentation Basics
    • Breach Notification & Reporting Timeframes and Requirements
      • Large Breaches (500+ impacted individuals)
      • Small Breaches (fewer than 500 impacted individuals)
    • Breach Reporting
    • Safe Harbor from Breach Notification Rule
    • Strategies for Preventing & Limiting Breaches


●  US Dept. of Health and Human Services. (2006). HIPAA Administrative Simplification . Washington, DC: Author.

●  U.S. Department of Health and Human Services Office for Civil Rights. (n.d.). Annual report to Congress on breaches of unsecured protected health … Retrieved February 23, 2023, from https://www.hhs.gov/sites/default/files/breach-report-to-congress-2021.pdf

●  (OCR), O. for C. R. (2021, June 28). Breach notification guidance. HHS.gov. Retrieved June 2, 2022, from https://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html

●  (OCR), O. for C. R. (2021, June 28). Breach notification rule. HHS.gov. Retrieved June 2, 2022, from https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html

●  (OCR), O. for C. R. (2021, June 28). Summary of the HIPAA security rule. HHS.gov. Retrieved May 19, 2022, from https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

●  US Dept. of Health and Human Services. (2013). HIPAA Omnibus Final Rule . Washington, DC: Author.

●  Huggins, B. R. (2017, April 17). What is HIPAA Breach Notification? Retrieved June 2, 2022, from https://personcenteredtech.com/2017/01/04/hipaa-breach-notification/.

1.5 CE Credit Hours.

Presented/Developed By

Dr. Tara Sanderson, PsyD, MBA runs a successful group practice in Tigard, Oregon. She has been teaching, training and supporting Student Interns and Preliminary Licensed Supervisees for over 15 years. In addition to understanding the Ethical ramifications of supervision, Dr. Sanderson also has her MBA and has studied the business dynamics of supporting a business. She teaches a course on How to Start a Private Practice designed for clinicians getting ready to launch into business for themselves. Her course on How to Have Interns in Your Practice has recently launched. In that course she shares in depth about how to responsibly and ethically have interns in your practice. It also comes with all the forms you need to create the process for managing and monitoring the interns in your practice. She is the author of Too Much, Not Enough: A guide to decreasing anxiety and creating balance through intentional choices.

On a personal note, Tara enjoys playing table top role playing games with family and friends, motorcycling with her husband and geocaching while she travels.


Consulting Website: www.drtarasanderson.com

Practice Website: www.drsandersonandassociates.com

Book Website: www.toomuchnotenoughbook.com

How to Start a Private Practice: www.howtostartaprivatepractice.com

How to have interns in your practice: www.howtohaveinternsinyourpractice.com

Liath Dalton is PCT’s director and a co-owner. Liath is especially passionate about helping therapists be resourced and supported in navigating the security compliance process and identifying the solutions and processes that meet the particular needs of their practices. Liath’s consultation area of expertise is focused on selecting the right combination of services and tech that not only meet the legal-ethical needs of mental health practices, but also the functionality, efficiency, and cost-effectiveness needs as well.


Program Notices

Accuracy, Utility, and Risks Statement: This program discusses strategies for complying with HIPAA and some other US Federal rules. It may not include information on all applicable state laws. Misapplication of the materials, or errors in the materials, could result in non-compliance with applicable laws or ethics codes.

Conflicts of Interest: None stated.

Commercial Support: None.

This course is subject to our cancellation/refund policy and complaint policy.

1.5 CE Credit Hours.

1.5 CE Credit Hours. Legal-Ethical. Continuing Education Session Replay


You are not currently logged in to this site. Need to log in? Click here→


Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss