In 2018 the Office of Civil Rights (“OCR”) reported an all-time record year for HIPAA enforcement, and in 2019, there continues to be substantial settlements. Moreover, New York state law has now expanded to require heightened reporting obligations for data breaches. On a positive note, the OCR has provided guidance regarding on do-it yourself risk analyses for small to medium size physician practices and promised to focus proposed enforcement actions on the most egregious of wrong doers. As a result of this heightened enforcement activity and guidance, there are new and evolving strategies to prepare for responding to unwanted intrusions or government investigations: This presentation will focus on:
* Lessons learned from OCR settlements in 2018 and 2019;
* Preparing for or conducting a Security Risk Analysis
* Managing vendor access to Protected Health Information
* New York State breach reporting requirements
STACEY L. GULICK, ESQ.
A Partner at Garfunkel Wild, PC, Stacey joined the firm in 2001 and is the Co-Chair of the firm’s HIPAA Compliance Practice Group and a member of the Health Care, Health Care Information and Technology and Compliance and White Collar Crime Defense Practice Groups. Her practice includes representation of healthcare providers and their business associates in implementation of HIPAA compliance programs, OCR investigations, HIPAA Breach responses, and various cyber security and interoperability issues. Ms. Gulick frequently speaks and publishes on HIPAA-related issues, cyber security, risk management and medical staff bylaws. She received her BA, Masters in Business Administration and Masters in Health Administration in 1991 from the University of Pittsburgh and her JD from the St. John's University School of Law in 2001.
This program has been approved for 2.0 PMI CEUs.
MCMS may photograph this event for marketing purposes. Unless this permission is revoked in writing to MCMS, by virtue of their attendance, all program participants agree to the use of the event photo in MCMS marketing.