Aggressive criminal theft and ransomware attacks on protected health information (PHI) have put HIPAA-regulated organizations (Covered Entities and Business Associates) at serious risk of government investigations, health information breaches, financial loss, and public embarrassment. Private plaintiffs, bringing class action lawsuits stemming from PHI breaches, are the newest and most aggressive enforcers of health privacy laws.
Simple steps, often overlooked but easy to follow, enable an organization to protect against costs and damage to its reputation. The HIPAA Rules are a blueprint to protect organizations.
HIPAA compliance is a systematic process that identifies and addresses risks to the privacy and security of protected health information (PHI) in a step-by-step manner. This seminar explains the steps and compliance processes in plain language, accompanied by engaging illustrations.
Why you should attend
Attend this seminar to learn how Covered Entities and Business Associates can protect their organizations by complying calmly, confidently and completely with the HIPAA Rules. The HIPAA Rules are easy to follow, step-by-step, when you know the steps.
Who Will Benefit
- Health Care Providers
- Health Plans
- Business Associates
- Third-Party Health Plan Administrators
- Compliance Committee Members - Board of Directors
- Executive Staff
- Senior Management
- Group Health Plan Administrators
- HIPAA Compliance Officials - Privacy and Security Officers
- Information Technology Managers
- Practice and Office Managers
- Patient Engagement Specialists
- Risk Managers
- Health Care Providers practicing as individuals or in small groups
- Third Party Group Health Plan Administrators
- Attorneys for Covered Entities - In-house and Outside Counsel
- Introduction - HIPAA Basics
- HIPAA Law passed by Congress
- HIPAA Rules written by the Department of Health and Human Services
- How HIPAA Rules are changing and what to expect
- The Privacy Rule - The Fundamental HIPAA Rule
- Who must Comply
- HIPAA definition of PHI - the information that must be protected
- Permitted and Required Uses and Disclosures of PHI
- Administrative, Technical and Physical Privacy Safeguards
- Business Associate Privacy Rule Compliance
- The Security Rule
- Interaction with the Privacy Rule
- Administrative, Technical and Physical Security Safeguards
- The Breach Notification Rule
- What is - and what is not a Reportable Breach of Unsecured PHI
- Potential Breach Investigation - Breach Exceptions
- Ransomware
- Breach Risk Assessment
- HIPAA Enforcement under the Trump Administration
- HHS HIPAA Enforcement in 2025
- Highly Visible Violations - Websites and Social Media
- Email, Text Messages and HIPAA
- The inter-connected, inter-dependent HIPAA compliance relationship of Covered Entities and Business Associates
- Business Associate HIPAA compliance responsibilities
- The importance of Due Diligence and how to do it
- How to avoid making Business Associates into Agents by mistake
- The chain of responsibility from Covered Entity to Business Associate to Subcontractor Business Associate, etc.
- Business Associate responsibilities for Subcontractor Business Associates
- HIPAA Risk Analysis and Risk Management
- The foundation of every HIPAA Compliance program
- Risk Analysis and Risk Management Illustrated Step-by-Step
- Conclusion
- HIPAA Compliance - an Ongoing Process
Speaker Profile
Paul R. Hales, J.D. is widely recognized for his expert knowledge and ability to explain the HIPAA Rules clearly in plain language. Paul is an attorney licensed to practice before the Supreme Court of the United States and a graduate of Columbia University Law School with an international practice in HIPAA privacy and security. He is the author of all content in The HIPAA E-Tool®, an Internet-based, complete HIPAA compliance solution with separate editions for Covered Entities, Business Associates, Health Plans and Third Party Administrators.
