SUMMER CAMP 2026 | WEEK 6

Breaches under HIPAA and 42 CFR Part 2: New Requirements, New Risk

August 11 & 13, 2026
3:00-4:30 pm
January 21, 2026 at 1:00 pm (EDT)

Week 6 - Compliance Summer Camp

This training is Week 6 of 6 in the "Compliance Summer Camp 2026" webinar series.
Session 1
Session 2
Instructor
Audience
Format
TUESDAY, AUGUST 11
3:00-4:30 PM ET
Breach Basics: From Discovery to Notification

Health centers, like healthcare providers across the country, remain significant targets for cyberattacks and other privacy incidents involving patient information, including protected health information protected under HIPAA and substance use disorder treatment records protected under 42 CFR Part 2. This session will cover the basics of identifying and evaluating potential breaches, including the definition of a breach, risk assessment requirements, notification timelines, and reporting obligations to affected individuals, the U.S. Department of Health and Human Services (HHS), and, where applicable, the media. The presentation will also explore the impact of the 2024 amendments to 42 CFR Part 2 on breach notification for all health centers, including those without a Part 2 program.
Learning Objectives

  • Identify what constitutes a reportable breach under HIPAA and 42 CFR Part 2
  • Conduct and document a breach risk assessment as required by HIPAA and 42 CFR Part 2
  • Understand the timing, content and reporting obligations for notifications to patients, HHS and the media
  • COOs
  • Compliance Officers
  • Risk Managers
  • Clinical Leadership
Dianne Pledgie

Counsel

Dianne advises health care and non-profit organizations on the development and implementation of robust compliance programs.

Dianne also provides legal guidance on privacy, security and confidentiality matters, with particular focus on Health Insurance Portability and Accountability Act (HIPAA), 42 C.F.R. Part 2 and the Information Blocking Rule, including:

  • Advising clients on their obligations to protect patient records, respond to patient requests, and develop policies and procedures;
  • Reviewing business associate agreements, data use agreements, and patient consents related to the use and disclosure of protected health information and sensitive information; and
  • Supporting clients experiencing security incidents.

  • This training will include two 90-minute webinar sessions.
  • Each session will be recorded.
  • The recording will be available on-demand shortly after the live session is concluded.
THURSDAY, AUGUST 13
3:00-4:30 PM ET
Beyond Breach Basics: OCR Investigations, Litigation and Enforcement

Once a breach is reported, health centers are faced with government investigations, class action lawsuits and questions from the community. This session will walk through OCR’s investigation process into breach reports or complaints, highlighting recent areas of enforcement focus and focusing on building a corrective action plan that limits potential penalties. This session will also address the potential for class action lawsuits and response options. Finally, this session will address practical strategies for engaging with the community and building trust after a breach.
Learning Objectives

  • Understand OCR’s investigation process following a reported breach or complaint.
  • Identify common compliance deficiencies and enforcement trends arising from healthcare breaches.
  • Recognize litigation risks associated with privacy and security incidents, including class action claims