When Patient Information Goes Missing: How to Respond to a Security Breach

Stolen laptops. Lost packages. Missing data tapes. Media reports of security breaches inside and outside the health industry are becoming an everyday event. Storage tapes containing 365,000 patient records were recently stolen from an Oregon-based home health provider and now state legislators are calling for hearings.

Hot on the heels of HIPAA, more and more states are enacting laws that require varying types of security breach notification. Even when not required by law, many organizations choose to notify, but is it always the right thing to do? Our speaker has worked with a number of health care clients on their security incident response strategies. He will share insights on:

• Key elements and unique provisions of the newly effective state notification laws.
• How these laws interact with existing obligations under the HIPAA security and privacy rules.
• What to do after a security breach occurs. When to own up, when to say nothing.
• Crafting an effective notification policy.
• Enforcement threats and how to avoid them.

Ben Butler will be the presenter of this web-based teleconference on responding to a security breach inside the health industry.