Pirates of the PHI: Identifying & Responding to a Cyber Attack According to HIPAA Best Practices
Cyber crime is costly and its effects can permeate throughout an organization for years following an attempted or successful cyber attack. Employee benefits plans are particularly at risk for certain types of cyber crime activities, due to their large transactional volumes and the relative value of their portfolio of assets, both in the retirement and health and welfare contexts. While almost no defensive strategy will create a perfectly impermeable employer, there are proactive steps that can be taken by an employer to mitigate the opportunity for, and the effects of, cyber crime. The Health Insurance Portability & Accountability Act ('HIPAA'), along with other privacy-related laws and regulations, offer a roadmap to building an employer's cyber defensive strategy. In this program, participants will learn methodologies used to analyze and respond to an attempted or successful cyber attack according to HIPAA best practices.
Learning Objectives:
- Understand the four primary rules espoused under the law of HIPAA that coalesce to create an employer's cyber crime defensive strategies;
- Understand the prevalence and opportunity for cyber crime directed at private organizations, particularly respecting human resources operations and employee benefit plan administration activities;
- Understand and apply the principles of HIPAA respecting risk evaluation and risk mitigation opportunities, both as responsive and proactive tactics to mitigate cyber crime activities;
- Understand and prepare required participant, federal secretary, media, and workforce notices of breach arising upon instances of breaches of protected health information compromised as the consequence of a successful cyber crime attack or campaign of attack; and,
- Develop and implement an organizational contingency plans to respond to, and to proactively mitigate, the effects of cyber crime activities.
In-person session offerings are on a first-come, first-served basis.
To view all event accessibility & accommodations details visit here.
If a speaker has provided session materials, please visit https://presentations.shrm.org
Jason Nathaniel Sheffield
Jason Sheffield is BRPs National Director of Compliance for the Baldwin Regulatory Compliance Collaborative. He oversees the ongoing evolution of our firm's national compliance operations. Jason develops, designs and implements educational programming and compliance assuredness services by creating timely and relevant solutions designed for the benefit of our clients and colleagues, our industry partners, and the general benefits community. Jason has practiced employee benefits law and consulting for nearly two decades, representing individual, corporate, and tribal interests at the local, state, and federal levels. He has advised clients and provided representative services before administrative agencies such as the DOL, the IRS, CMS, OCR, several state-level treasury authorities, and others. He has experience with both qualified and non-qualified retirement plans, executive compensation matters, and extensive experience respecting health and welfare plan matters. Jason received his undergraduate degree from Georgia State University (magna cum laude) and his Juris Doctor from Western New England College School of Law. He is admitted to the State Bar of Georgia.