Group items tagged

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analys

Overview: This webinar will cover everything that you need to know about how to handle HIPAA security incidents, breaches, and complaints and the Department of Health and Human Resources Investigations thereof. Not all security incidents are breaches, but all breaches of confidentiality are within the broad ambit of security incidents. Privacy rule violations, such as failing to give a patient a copy of his or her medical records, may also constitute a breach as the $4.2 million fine assessed against Cignet Healthcare of Prince George's County, Maryland, dramatically proved. Handling an investigation properly is key to determining not only how to handle it to mitigate any harm and to take action to prevent it from happening again but also to determine whether it is reportable to affected individuals and to DHHS. HIPAA requires a complaint procedure (policy). The webinar will suggest what such a document should contain as it also will for the required report procedure (what is reportable, who reports, to whom, and required/suggested contents of the report) and the required response procedure (what do the responsible officials do after receiving the report or the complaint). Investigating a possible security incident is key. The webinar will cover how to conduct a thorough investigation of HIPAA security incidents, breaches, and patient complaints. Finally, the second largest HIPAA civil money penalty or settlement, $4.2 million, was in large part due to the offender's failure to cooperate with the DHHS investigation. The presenter has successfully defended his clients in seven such investigations and knows how to respond to them to avoid or minimize liability. Think of a gap analysis as an examination of: What you currently have in place for HIPAA compliance. Is that adequate? Can it be done better? Is it enough? And what am I missing? Asking these questions will help establish the direction and next steps to take. It lays the ground work for a good Risk Analy

Overview: FDA 7348.811 section 1 states, "Regardless of the type of system used by the clinical site, the regulatory requirements for clinical data do not change whether clinical data are captured on paper, electronically, or using a hybrid system." What type of system is best for your program and investigator capabilities? The wrong choice yields inspectional non compliance. The right choice of electronic data capture, direct data entry, and data management depends on a sponsor assessment of the systems and procedures at the investigator site as compliant with FDA inspectional requirements. Additional source documentation procedures (origination, authorization, and signature) are required at the investigator site to address the electronic data capture process. It is these three FDA mandated inspectional criteria, applicable to every electronic data element, that generate most of the significant inspectional noncompliant findings. Some data elements are more likely to be associated with the findings of noncompliance than others. It is in fact difficult to determine which data requires or does not require original source documentation and what defines "original source documentation". Why should you attend: Investigators commonly assume that the new guidance and regulations reduce the need for source documentation in clinical trials. In fact, there are new procedural documents relevant to the electronic source documents and direct data entry that are required to comply with the current inspectional standards and the final guidance. Sponsor due diligence in choosing, training, and monitoring investigator sites to enable the use of compliant electronic data capture is required. Basic knowledge of part 11 and GCP requirements will be helpful in attending this advanced webinar. The focus will be on the additional FDA inspectional requirements for electronic data capture, and the impact of using electronic data capture on the seven FDA inspectional priority objectives

Overview: Participants will learn how to conduct an investigation of allegations of patient privacy violations using a privacy "risk analysis" tool and steps that should be taken when a breach has been determined. Why should you Attend: You must conduct a prompt and thorough investigation of all allegations of privacy violations. A violation of a patient's privacy may result in monetary penalties, harm to your reputation and especially harm to a patient. You need to make certain your organization has the expertise to conduct a thorough privacy investigation, analyze the results and take all necessary action to mitigate and report violations when required. Areas Covered in the Session: Best practices for conducting a privacy investigation Use of the risk analysis tool Interpretation of your results Reporting requirements if necessary Recommendations of continued privacy monitoring Workforce training Who Will Benefit: Healthcare providers Compliance and Internal Audit professionals or office staff responsible for ensuring patient privacy Healthcare Administrators Business Associates and all HIPAA Covered Entities Speaker Profile : Gail Madison Brown is a registered nurse and an attorney with over 25 years of experience in health care. For the last 15 years she has focused on health care compliance and revenue cycle management operations. Gail's experience ranges from starting new compliance programs and making improvements to existing programs for physician practices to large health care organizations. Gail also has provided numerous lectures to healthcare providers, executives and professional colleagues. Gail Madison Brown will develop, implement, and oversee processes, systems, educational programs, and other activities necessary to support and grow clinical trials activities at the UT Health Science Center. The Chief Clinical Trails Officer (CCTO) provides overall strategic leadership in this area including planning, goal setting, and monitoring organ

Overview: Drug and device research is confusing and difficult on its own but when you start combining drugs with devices the regulatory landscape changes as there are more nuances to deal with. Knowing how drug and device studies are each regulated is important in navigating the challenges posed by studies that wish to use both. It is also important to be aware of current guidance affecting the use of both drugs and devices in a study as well current guidance affecting the classification of devices. Why should you attend: Information on drugs and devices is plentiful. But, it can also be daunting .The webinar will give attendees a foundation and a starting point on which they can build. Learning objectives: Define drug research Define device research Explore the differences between the two Describe requirements when drugs and devices are combined in one study Areas Covered in the Session: Defining Drug Research FDA approved drugs Investigational drugs Compassionate use Defining Device Research FDA approved devices 510 K devices Humanitarian Device Exemptions Invitro Diagnostic Devices Investigational Devices Federal regulations governing drugs and devices Guidance governing drugs and devices Combining devices and drugs into one study What are the requirements? What are the regulations and guidance? How these studies are reviewed Who Will Benefit: Investigators Researchers Research Staff Study Coordinators Auditors Research Administrators Speaker Profile Sarah Fowler-Dixon is Education Specialist and instructor with Washington University School of Medicine. She has developed a comprehensive education program for human subject research which has served as a model for other institutions. She crafted budgets, policies, procedures, reporting, and training for the new program. She has initiated the planning, development, authorship and implementation of many human subjects research policies, practices, guidelines, submission and reviewer forms often working with st

What is Depression? Every individual experiences feelings of worthlessness, sadness, and negativity. It is when these feelings spiral out of control and consume the individual to an extent that his/her normal life is disrupted, that depression arises. Depression is a serious medical condition and can significantly weaken the individual both physically and mentally. What are the causes and risk factors of depression? In medical terms, depression is due to a decreased amount of certain chemicals in the brain. Depression has a genetic basis, i.e. depression may run in family. It can also be triggered by an event such as the loss of a loved one, losing a job, etc. There are some hormonal problems like decreased thyroid levels that can also lead to depression. Depression can also follow after the diagnosis of a serious illness and leads to impaired treatment of the disease. It is accompanied by the feeling of not getting well and hence ignoring the medication and the other activities that have been advised by the doctor. Risk factors Traumatic past, abuse, neglect Loss of a loved one Serious medical conditions like Parkinson's disease, etc. Also Read: How to Prevent Depression in Elderly What are the symptoms of depression? Persisting feeling of sadness, anxiety Low self-esteem Feeling worthless Pessimistic mindset Decreased appetite Difficulty in sleeping Oversleeping Inability to concentrate Talking, walking slowly Constantly feeling tired Loss of interest in activities that were previously enjoyable Decreased sexual desire Weight loss Headache Abdominal cramps Having ideas about death, contemplating suicide What are the investigations for depression? As such there are no investigations for depression. If the symptoms listed above continue for more than two weeks, the person is diagnosed with depression. Investigations advised by the doctor can be - Thyroid function tests Cortisol levels in the blood What is the treatment of depression? The treatment is both

Human services investigation is one of the developing territories of social insurance administrations. It broadly utilizes data innovation apparatuses, information, factual and subjective investigation, illustrative and prescient displaying. The investigation help the medicinal services associations in diminishing the doctor's facility remains of patients, meeting administrative consistence, enhanced quality care, prevention of perpetual illnesses, and extortion location.

Course "Tougher Import Rules for FDA Imports in 2016" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: FDA's and the Customs and Border Patrol Service (CBP) have become increasingly sophisticated and equally demanding in the submission of information and adherence to government procedures. Firm's that fail to understand and properly execute an import and export program find that their shipment is delayed, detained or refused. In 2016 entries must use the Automated Commercial Environment (ACE) entry filing system or face entry refusals and monetary penalties up to $10,000 per offense. A number of other factors can derail the expectation of a seamless import process. The course covers detailed information about the roles and responsibilities of the various parties with an import operation and how to correct the weakest link(s) in the commercial chain. The course will include tips on how to understand FDA's thinking and offer anecdotal examples of FDA's import program curiosities. Why should you attend: What happens when your product is detained? FDA will begin a legal process that can become an expensive business debacle. You must respond fully within short timeframes. This is not the time for you to be on a learning curve. You need to have a plan in place and know what you are doing. The FDA is steadily increasing the legal and prior notice information requirements. If you do not know what those requirements are and you initiate a shipment, your product is figuratively dead in the water. You must be accurate with the import coding information and understand the automated and human review process. If not, you can expect detained shipments. CBP is implemented a new "Automated Commercial Environment" computer program that changes import logistics and information reporting for FDA regulated products. Your shipment may be stopped before it is even loaded at the foreign port. What

Overview: Final regulations for the new HIPAA Breach Notification Rule require much more than notifying individuals affected by a Breach of their Protected Health Information (PHI). Covered Entities and Business Associates first must follow and document a very specific process to determine if a Breach occurred. If no Breach occurred documentary proof must be kept for six years. If a Breach did occur timely notifications and other actions must be undertaken and documented. This webinar will explain: What Covered Entities and Business Associates must do to comply with the Breach Notification Rule What is and is not a Breach Three exceptions - when an acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is not a Breach How to perform a Breach Risk Assessment to determine if you can demonstrate a a low probability that the PHI was compromised Who must be notified in case of a Breach When notifications must be provided What information must be contained in each notification Other requirements in case of a Breach Investigate Mitigate harm to affected individuals Protect against further Breaches Document everything Planning and preparation for the worst - public relations and mitigation strategies to limit damage to the organization's reputation and financial well-being Why should you attend: Breaches and incidents that might be Breaches happen all the time! More than 173,000 separate breaches of Protected Health Information (PHI) affecting less than 500 individuals were reported to the U. S. Department of Health and Human Services (HHS) between September, 2009 and May 31, 2015 and in the same period HHS received approximately 1240 reports of PHI breaches that affected 500 or more individuals An acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule is presumed to be a Breach unless it falls within an exception or the Covered Entity or Business Associate can demonstrate a low probability that the PHI was compromi

Course "Marketing Products without Getting Hammered by FDA" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: With this seminar you will learn how to navigate FDA's legal requirements and its interpretations for enforcement purposes. The agency now applies the principles of cognitive psychology to aid in its determination of what a message really conveys. This becomes a new factor in trying to stay within FDA's legal corral. This conference will provide insight on how to manage your marketing activity and gauge what regulatory risks your business is willing to accept. You will learn how corporate management requires cooperation between marketing, regulatory affairs, legal counsel, manufacturing, engineering and finance departments. You will understand that a weak link in any department leaves the entire corporation vulnerable to FDA enforcement. Most importantly, you will understand the boundaries that FDA uses and how easy it is to cross them. With information from this course, you can step back and rationally evaluate your firm's regulatory profile for advertising and promotion. Why should you attend: If you go "off label" with advertising and promotion, you become embroiled in FDA's advertising and promotion requirements. For devices, the law is weak and lacks legal clarity. For drugs, FDA's law and regulations are extensive and have violated Constitutional protections. Depending on your point of FDA's promotion and advertising requirements can help you or hurt you? There is an inherent conflict in interests. In any case, you need to identify practical criteria to make marketing decisions. That begs the question of whether or not marketing managers and regulatory affairs managers will even try to agree on an issue. FDA's Center for Devices and Radiological Health (CDRH) has never issued a comprehensive guidance on advertising and promotion. You are on your own. CDER has esta

Overview: New changes modifying the HIPAA Privacy and Security Regulations are going into place to meet the privacy and security mandates within the HITECH Act in the American Recovery and Reinvestment Act of 2009. The changes include establishing new rights for individuals as well as changes to the limitations on uses and disclosures. New requirements for patient access to records and requirements to notify individuals in the event of a breach are only two of the many areas affected in the new law, including new requirements for restriction and accounting of disclosures and increased enforcement activity. Covered entities that use electronic health records (EHRs) will need to meet new access and disclosure rules and all kinds of business associates and their subcontractors will need to establish compliance programs. And if you are required to have a HIPAA Notice of Privacy Practices, you will need to update that to show all the new rights that patients will have, such as electronic copies, new rights to restrict disclosures, and much more. Business associates are now directly covered by the HIPAA privacy and security regulations and are liable for fines and penalties if they do not comply. If a business associate supplies services that interact with the new changes to the rules, the BA will need to be aware of the new requirements. We will explain what a Business Associate needs to do differently under the new regulations. Electronic records have new demands placed on them, in both providing access and in accounting for all disclosures of health information - the electronic age in health care brings new obligations to serve individuals as well as manage health information for healthcare professionals. We will discuss how disclosures must be tracked in an EHR and review the various ways patient records can be supplied electronically. The new regulations will be reviewed and their effects on usual practices will be discussed, as will what policies need to be chang

Overview: You need to attend in order to control your own destiny. Get involved up front instead of being a "sitting duck". More Audits are coming and government & private payers are increasing their budgets for increased audit activity around the health care provider industry. The Department of Justice is zeroing in on providers who are aberrant. Private insurance special investigations units are also gearing up and local prosecutors who are hungering for these types of prosecutions are all part of building machinery to eliminate fraud and abuse in the nation's health care system. The concern about the audit/investigative machine that has been developed should create horrendous concern for the health care provider community, because these entities will have to come up with results. Don't become one for their "results". Areas Covered in the Session: Overview of audit risks 14 Strategies to tackling auditors: i.e. Appoint Audit Manager Appoint Audit Committee Proactively seek out info from audit visitors Respond quickly to audit visitor requests Identify On Site control person Provide strong support for onsite control person Onsite control person must be close to the visitors Audit committee to meet daily with visitors Respond quickly to early findings Request feedback from visitors Request Exit conference Carefully review preliminary findings Respond to final report Correct problem findings Who Will Benefit: Health Care Professionals Health Service Providers Compliance Officers CEO's Corporate Attorneys Speaker Profile Joseph R. Batte is president of Kristall Associates, a compliance, and risk assessment specialist for the health care provider community as well as the litigation support community. He is a former special agent with the US Office of Inspector General and participated in the development of that Departments compliance guidance's. He is a nationally known speaker on compliance and has authored the book "Doctors are from Jupiter, Compliance is from

Overview: In this webinar, Hope will present the lessons she's learned over her career as a grant writer and editor in medical research. By identifying simple solutions to common problems, participants will learn tools to improve their ability create competitive grant applications and increase their academic and research productivity. To write compelling grant applications, this webinar will cover: How your choice of words will help you stay within page limits without compromising the science How to minimize abbreviations to improve readability and respect reviewer time constraints How to use Microsoft Word efficiently to improve page layout and readability How to manage references by enlisting online databases and reference management software How and when to stop developing the content to meet both grantor and institutional deadlines Why should you Attend: Many Grant Writing workshops do not teach writing per se. Though useful for beginning grant writers, most focus on understanding the application process and the various sections of a grant. For participants wanting to learn to actually write a grant, they are often left to figure out the technique for themselves. In addition, funding opportunity applications (FOAs) have changed quite rapidly in the past few years and require more focused writing in fewer pages. Competition has increased as budgets have shrunk, and knowing how to make the most out of both the time and the length of a grant project can prove challenging and extremely stressful. This webinar is for both new and experienced grant writers, either scientists and principal investigators or writers and other support staff. By using common resources (MS Word, EndNote, PubMed), the webinar content is designed to help grant-writing teams increase their efficiency in the writing process and also meet the requirements of the FOAs. Plus, plain language and good writing practices taught in this webinar will ensure straight-forward, content-rich, and well

Overview: Today's diverse, fast-changing, multidisciplinary mental health care environment involves many mental health care professionals who work together for the common goal of the patient. This includes physicians/psychiatrists, psychiatric nurses, psychologists, and others. Nothing in health care is more fractured than in mental health among a multitude of mental health practitioners. Like physicians/psychiatrists and psychiatric nurses, psychologists as health care practitioners obtained an education, passed applicable examinations, completed professional training, and hold a license to practice their chosen profession of psychology, often by being educated and trained at the doctoral level. The license to practice is issued by the state agency which has exclusive jurisdiction over this health care practitioner. Thereafter, the state's authority and power over the psychologist often presents challenges to that professional that are not easy to navigate. Their governing state agency routinely handles, investigates, and dismisses- or prosecutes - alleged violations of law that can be career ending for the psychologist if pursued. But that process takes time with many steps necessary for due process of law. One of the ultimate actions the state may take is to issue a suspension or revocation of the psychologist's professional license. Yet many state actions fall short of such drastic outcomes, but still have serious, permanent consequences for the psychologist as a licensed health care professional. Learn to identify the legal authority for state agencies to regulate the practice of psychology. Seek to understand and defend against state actions which may result in ruinous practice and career consequences for the health care professional. This program offers an objective, thorough review of the ethical and legal violations committed by psychologists. This program also reviews defenses with practice tips to defend successfully those common violations. Otherwis

Overview: The webinar will concentrate on topics that HHS has announced will be the focus of the first round of "desk audits". They reflect significant areas of non-compliance revealed in the 2012 pilot audits and HHS HIPAA violation investigations concluded by Resolution Agreements and Corrective Action Plans. They include: HIPAA Risk Analysis Risk Management based on Risk Analysis Breach Notification Notice of Privacy Practices (for Covered Entities) Minimum Necessary Standard Access of Individuals to their PHI Authorizations Workforce Training This webinar is vital because, in focusing on preparation for a HIPAA Compliance Audit, Covered Entities and Business Associates may review, prioritize and structure their HIPAA Compliance programs. If you have HIPAA Compliance documentation ready to submit on two weeks notice to HHS you are implementing an effective HIPAA Compliance program. In addition, every Covered Entity or Business Associate may face an HHS HIPAA Compliance investigation at any time due to a complaint or a Breach. If you are "audit ready" you will be ready for an investigation - and better able to avoid complaints and prevent breaches. Why should you attend: Every Covered Entity and Business Associate is liable - without prior notice - to be audited for HIPAA Compliance by HHS You will have only 2 weeks after receiving your HIPAA Compliance Audit notification and data request to upload all requested documents to an HHS HIPAA Compliance Audit Portal The HIPAA Compliance Audit data request you receive will specify content and file organization, file names and any other document submission requirements Auditors will not contact an audited entity for clarifications or ask for additional information - it is essential that submitted documents are current, accurately reflect the entity's HIPAA Compliance program and demonstrate HIPAA Compliance Only data submitted on time will be assessed Failure to respond on time may be referred to the HHS regional

A 3D cell culture is basically an artificial environment where biological cells are allowed to grow or interact naturally in all three dimensions, similar to how they do in vivo. Unlike 2D cultures, a 3D culture allows living cells in vitro to adopt all possible growth directions, much like how they would in the real world. This is ideal for treating diseases that involve multiple organ systems. In medicine, this is known as organo-evolution. Here are some advantages of 3D cell cultures: Unlike before, it is now possible to culture different kinds of cells such as blood, sperm, and stem cells in vitro. This was made possible by the introduction of new equipment called the culture chamber, which is used to manipulate cells in culture. Before, only two types of cells were possible to culture, monoclonal (which are typically the type found in bodily tissue) and plating (which are typically found in muscle and blood cells). In addition, the 3D cell culture can be controlled, making it more useful. For instance, researchers can use different types of media on different cells at the same time; this can help them investigate cell culture in more detail. Read more @ https://coherentmarketinsights-cmi.blogspot.com/2021/03/3d-cell-culture-allow-researchers-to.html

P3Care investigates the QPP MIPS 2021 proposed rule and how it will impact the healthcare industry. MIPS consulting firms constantly bring reimbursements.

P3Care investigates the QPP MIPS 2021 proposed rule and how it will impact the healthcare industry. MIPS consulting firms constantly bring reimbursements.

Course "HIPAA Security & Privacy Official - Roles and Responsibilities" has been pre-approved by RAPS as eligible for up to 12 credits towards a participant's RAC recertification upon full completion. Overview: Being the HIPAA Security and Privacy Official involves not only ensuring you know the appropriate patient rights and controls on your uses and disclosures of protected health information, but you also have the proper policies and procedures in place. If audited or the subject of a compliance review you will be required to show the government you have all the necessary documentation in place for safeguarding patient Protected Health Information and indicate how you addressed all required security safeguards. This starts with the fundamentals of a HIPAA compliance program. If your HIPAA Security and Privacy Official needs to understand what all the HIPAA requirements are or make sure the current program is adequate and can withstand government scrutiny, please join us for this informative and interactive seminar. Why you should attend: The HIPAA Security and Privacy Official is the backbone of any organization's compliance program. Often times this role is assigned as collateral duty in smaller organizations. Regardless the size of an organization, the HIPAA Security and Privacy Official must know all the requirements for compliance. This is a critical element of the position. Attendees will leave the course clearly understanding the role and all the requirements as the designated as a HIPAA Security and Privacy Official. This seminar will cover reviews, creation, and amending policy and procedure. After completing this course, a HIPAA Security and Privacy Official will have a clear understanding for what needs to be place when it comes to all of the HIPAA regulations. Areas Covered in the Session: Why was HIPAA created? The Role and Responsibilities of the HIPAA Security and Privacy Official Complying with HIPAA Requirements? What are the HIPAA Security

Overview: Discussions, presentation, and webinars regarding HIPAA regulations are usually addressed from the perspective of what the regulations entail, the necessity of compliance with the regulations, and the consequences of willful neglect or non-compliance. This presentation addresses HIPAA regulations from a different perspective - from a personal perspective - from the perspective of the person in charge of moving an organization or facility toward full compliance with HIPAA. The by-product of this presentation will be both an understanding of, and a detailed job description for, a position mandated in the regulations - the HIPAA Security/Privacy Officer. Why should you attend: The HIPAA regulations are numerous, complicated, often vague, and affect every person working in a healthcare facility. Compliance with HIPAA will require a unique individual to lead the charge - an individual whose education, background, experience, and demonstrated skill sets offer the opportunity for that person to succeed in achieving the goals of that position. This is a new position to most healthcare facilities. So understanding who this person should be, what is required of the person with this job title, and with whom this person will interface is vital to every healthcare organization with the goal of achieving full compliance with HIPAA. Areas Covered in the Session: Position goals Position requirements (education, experience, skill sets, etc.) Position responsibilities Stay abreast of regulations Initiate compliance with HIPAA (according to regulations) Ensure continuous progress toward full compliance Develop appropriate security/privacy policies & procedures Oversee and deliver appropriate training programs to all employees Track compliance with HIPAA regulations at the facility & individual levels Track access to PHI Investigate and resolve HIPAA violations Apply sanctions to HIPAA violators Manage any information security personnel Prepare a department

HIPAA Breach Notification Rules and its new version : Let us begin at the beginning: What is breach notification? The term is pretty simple to understand. It means notifying the authorities whenever there is a breach of Protected Health Information (PHI). Covered Entities (CE's) and Business Associates (BA's), who are closely associated with PHI, and individuals whose PHI data are breached, are required to bring such data breaches to the notice of the authorities, whenever there is one. A breach notification is a mechanism that is aimed at ensuring that BA's and CE's meet requirements in the HITECH Act in the American Recovery and Reinvestment Act of 2009 (ARRA). To whom should the affected individuals and CE's and BA's complain? Whenever there is a breach of PHI by a CE or a BA, or if there is violation of the Privacy, Security, or Breach Notification Rules, the affected individual can complain to the Office for Civil Rights (OCR), which will initiate investigation into these complaints. Whenever a CE or a BA detects a breach, it can complain to the Secretary of Health and Human Services (HHS). In addition, the HIPAA breach notification rules have clear guidelines on how to report breaches in the following classifications: HIPAA's definition of a breach A breach of PHI is said to have taken place when any unpermitted use or disclosure that compromises the security of the data in the PHI takes place. Any such action, resulting in the breach of any kind of data contained in a PHI, big or small, is considered a breach, unless the CE or BA can explain that the data that got breached into was not serious enough, from its risk assessment point of view, to warrant immediate intervention. The new HIPAA breach notification rules The HHS embarked on a new HIPAA breach notification program, the HIPAA Privacy, Security, and Breach Notification Audit Program, with which it seeks to bring a few changes into the existing HIPAA breach notification rules. This new Audit Pr