"Advanced Breach Notification: Case Studies," HIMSS Annual Conference & Exhibition, Orlando, Fla.

While it has been over three years since HHS amended the Breach Notification Rule, in some ways, we are no closer to understanding what constitutes a reportable breach under HIPAA. HIPAA requires entities to conduct a breach risk assessment, in which at least four factors are considering to determine whether there is a "low probability of compromise" of the data. But what does it mean for data to be "compromised?" Can one breach risk assessment factor outweigh the others? What other factors can be considered in a breach risk assessment?

Topics discussed:

• Explain the four factors that must be included in any HIPAA breach risk assessment
• Apply the four breach risk assessment factors to various complex breach incident scenarios
• Compare your application of the HIPAA breach risk assessment requirement to that of other organizations