BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    On-Demand

  • signal_cellular_alt Difficulty Level

    Intermediate

  • work Practice Area

    Health

Date & Time
  • event Date

    Wednesday, March 5, 2025

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    90 minutes

Credit Information

  • This 90-minute webinar is eligible in most states for 1.5 CLE credits.

$297.00
CLE
ALL

This CLE webinar will examine the challenges in HIPAA Security Rule compliance in an age of ever-increasing ransomware and cyberattacks. The panel will review the HIPAA Security Rule requirements and proposed amendments to the Rule, additional HHS agency guidance, and notable recent OCR settlements. The panel will offer best practices for cybersecurity compliance while mitigating the risk of HIPAA violations and enforcement action.

Faculty

Beth Neal Pitman
Partner
Holland & Knight LLP

Ms. Pitman advises healthcare systems and providers and healthcare information technology (IT) businesses when navigating healthcare privacy and cybersecurity regulations, other healthcare regulations, and government reimbursement program matters. Her experience includes the development and ongoing management of comprehensive HIPAA compliance programs, including drafting and negotiating business associate agreements, policies and training. When a data breach or other privacy regulatory violation occurs, Ms. Pitman guides her clients through the process for responding to the breach and any subsequent federal or state government investigations. She also provides advice to clients related to the frequent changes associated with the many federal healthcare payment programs.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Jennifer Pike
Counsel
Alston & Bird LLP

Ms. Pike serves a broad range of clients in the industry, including institutional providers, medical practices, health systems, and health care technology vendors. Her practice is focused on providing comprehensive counsel on a full range of HIPAA regulatory and compliance matters, including analysis of applicability of HIPAA requirements, creation and implementation of robust HIPAA programs designed to reduce compliance-related incidents, successful navigation of breach response and government investigations, negotiation of business associate agreements, and analysis of complex data use questions. Ms. Pike also regularly advises clients on IT-related matters and technology transactions. Her experience in these areas uniquely positions her to counsel health care entities on their adoption and use of cutting-edge technologies, as well as guide clients in developing and commercializing digital health technologies. Ms. Pike’s clients also rely on her experience advising on complex health care regulatory, compliance, and enforcement matters, including Stark Law, state and federal anti-kickback statutes and beneficiary inducement prohibitions, as well as corporate practice of medicine and compliance with Medicare and Medicaid rules and regulations.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

The healthcare industry continues to experience a significant rise in cyberattacks. In support of its recent release of the proposed revisions to the HIPAA Security Rule, OCR states that the number of people affected by cyberattacks every year "has skyrocketed exponentially." Since 2019, large breaches caused by hacking and ransomware have increased 89 percent and 102 percent. Despite years of HHS guidance and the agency's recent adoption of Cybersecurity Performance Goals, HHS felt it necessary to establish much of its prior guidance as regulatory requirements through the notice of proposed rulemaking released Dec. 27, 2024.

In a number of notable recent settlements, healthcare providers who were victims of ransomware attacks subsequently suffered hefty penalties for potential HIPAA violations as a result of OCR investigations triggered by the attacks. In addition to OCR enforcement, cyberattacks may trigger additional enforcement action by state Attorneys General and the expense of civil litigation. Finally, as part of its HITECH obligations, OCR announced initiation of its 2025 HIPAA Audit program targeting HIPAA Security Rule provisions.

Therefore, HIPAA covered entities and business associates should be up to date on HIPAA requirements impacting cybersecurity, including HHS' recently issued proposed changes to the HIPAA Security Rule and the latest agency guidance--e.g., HHS' and NIST's joint Cybersecurity Resource Guide and NIST's Cybersecurity Framework--to manage cybersecurity risks, remain compliant, and mitigate the risk of enforcement action.

Listen as our expert panel examines HIPAA compliance in the age of increased cyber threats. The panel will provide an overview of HIPAA requirements and the proposed HIPAA Security Rule revisions as well as the latest agency guidance. The panel will discuss lessons to be learned from notable recent settlements and offer best practices for mitigating the risk of cyber threats and possible subsequent enforcement actions.

Outline

  1. Introduction
    • Ransomware and other cybersecurity threats to patient data privacy
  2. Proposed HIPAA Security Rule changes
    • HHS proposed revisions to the HIPAA Security Rule
  3. Additional agency guidance for HIPAA cybersecurity compliance
    • HHS' and NIST's joint Cybersecurity Resource Guide
    • NIST's Cybersecurity Framework
  4. Lessons learned from recent settlements
  5. Best practices for managing cybersecurity risks and mitigating risk of enforcement action

Benefits

The panel will review these and other important considerations:

  • What challenges face healthcare counsel and their clients in managing cyber threats and maintaining data privacy?
  • How may the proposed HIPAA Security Rule revisions impact the development and implementation of cybersecurity compliance programs?
  • In addition to HIPAA requirements, what additional agency guidance should counsel and their clients be aware of when developing compliance programs?
  • What are best practices for cybersecurity compliance and mitigating the risk of enforcement action by OCR and others in the event of a data breach?