HIPAA Security Incidents & Breaches: Investigation, Documentation, and Reporting

Course Materials

Part 2: Breach Realities
Part 3: Incident Investigation


Breach Basics

  • Breaches Happen 
    • Emotional Norming. 
    • Being Proactive, not just reactive when it comes to incident and breach preparedness. 
  • HIPAA Breach Notification Rule
    • Requirements of the Breach Notification Rule
    • Refresher on what constitutes Protected Health Information (PHI) – what must be protected from “impermissible use or disclosure”
    • What makes something a HIPAA breach?
      • From incident to breach
      • Onus of proving an incident was not a breach
    • Was an incident a breach?
      • Incident risk assessment factors that are required to be evaluated in the event of a breach
    • Breach Exceptions
    • Breach Issues Beyond HIPAA
      • State Data Breach Rules
      • Licensing Board Rules
  • Breach Realities
    • Data and recommendations from HHS Office of Civil Rights Annual Report to Congress on Breaches of Unsecured Protected Health Information
      • Breaches Reported
      • Breach Causes
      • Breach Investigation
      • Recommendations/Lessons Learned
  • Incident Investigation, Breach Determination, and Documentation
    • Policies & Procedures that Protect: Your Security Incident Response & Breach Notification Policy
    • Incident Investigation and Documentation Basics
    • Breach Notification & Reporting Timeframes and Requirements
      • Large Breaches (500+ impacted individuals)
      • Small Breaches (fewer than 500 impacted individuals)
    • Breach Reporting
    • Safe Harbor from Breach Notification Rule
    • Strategies for Preventing & Limiting Breaches

Scheduled Maintenance

We will be temporarily taking the website offline at 10:00 PM Pacific (1:00 AM Eastern) tonight, July 6, in order to make some improvements. We plan to be back online by midnight Pacific (3:00 AM Eastern). We apologize for any inconvenience this may cause. Dismiss