The Safe Harbor Law: A Practical Approach


CEU: 1

Price: $0 (Subscribers ONLY)


Title: The Safe Harbor Law: A Practical Approach

Presenter: Raymond Ribble, CEO and Founder at SPHER, Inc., a market-leading compliance analytics, cyber-security solution addressing HIPAA compliance, state privacy laws, and ePHI security threats
Time: 1.02 hours

Description: HIPAA data breach penalties typically get measured in millions of dollars, even following an organization implementing NIST cybersecurity framework measures. With the new HIPAA Safe Harbor Law, signed January of 2021, HHS and OCR may consider increased penalty mitigation when an organization can demonstrate it has been following established good security practices for a period greater than 12 months.

It is important to understand that the Safe Harbor Law, while offering substantial protection, does not provide a true safe harbor. Safe harbor laws normally shield an entity from liability when the criteria are met; however, the new HIPAA Safe Harbor Law only offers some protection. The Office for Civil Rights (OCR) may consider whether a covered entity had implemented certain technical safeguards for 12 months. Where appropriate, it allows OCR leniency in assessing the breach.

Our presentation will examine what are the established security practices for healthcare, and how to pivot your organization’s security profile to mitigate breach penalties in the case of an event.

1. Understand the HIPAA Safe Harbor Law (Previously HR-7898).
2. Recognize where to find support.
3. Demonstrate compliance.

- Cost of Data Breach in Healthcare
- HR 7898 (HITECH Safe Harbor): Background
- Amended HITECH Act
- How Does it Protect a Covered Entity?
- HIPAA Security Rule
- 6 Steps to Qualify for Safe Harbor Mitigation
- Demonstrating 1+ Year Compliance
- NIST Cybersecurity Framework
- When Could a Safe Harbor Be Realized?
- HR 7898: Recognized Security Practices
- 405(d) Task Group
- Will Safe Harbor Protect CE/BA from Investigations and Penalties?
- Be Diligent: Types of Data Breach Threats
- Anatomy of a Breach: Stolen Credentials
- Credential Theft: Phishing Examples
- How to Manage a Healthcare Data Breach
- Continue Building a Culture of Compliance in Healthcare

First Healthcare Compliance

Our Mission
To help healthcare providers and their staff maintain focus on patient care by providing them a comprehensive healthcare compliance solution with the compliance resources and tools to efficiently implement an effective healthcare compliance program, all in one place. Working towards this mission, we hold ourselves to core values that reflect what is most important to us. They are, in essence, our code of conduct, our character as a company and what sets First Healthcare Compliance apart. http://www.1sthcc.com