Your SlideShare is downloading. ×
Webinar 11 30 2010 How To Conduct A Hipaa Security Risk Analysis
Webinar 11 30 2010 How To Conduct A Hipaa Security Risk Analysis
Webinar 11 30 2010 How To Conduct A Hipaa Security Risk Analysis
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Webinar 11 30 2010 How To Conduct A Hipaa Security Risk Analysis

576

Published on

If you receive, store, process or transmit ePHI, you should attend this webinar on how to conduct a HIPAA Security Risk Analysis. …

If you receive, store, process or transmit ePHI, you should attend this webinar on how to conduct a HIPAA Security Risk Analysis.
This webinar also briefly reviews the HIPAA-HITECH regulatory requirements for security risk analysis and risk management and provides a practical methodology and step-by-step instructions for completing a Risk Analysis according to the latest Health and Human Services (HHS) and Office of Civil Rights (OCR) Risk Analysis guidelines, entitled “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
576
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. How To Conduct a HIPAA Security Risk Analysis Live Webinar – Practical, Actionable Steps Tuesday, November 30, 2010 (3:30pm ET, 2:30 CT, 1:30 MT, 12:30 PT) Duration: 90 minutes 1 © 2010 HITECH Security Advisors LLC • All Rights Reserved • The Challenge The deadline for HIPAA Security Rule compliance for Covered Entities (CEs) was April 2005! For Business Associates (BAs), the date was February 2010… when they become statutorily obligated to comply with the law as a result of Health Information Technology for Economic and Clinical Health (HITECH) Act, which was enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009. Additionally, the federal government unveiled its criteria for the Meaningful Use of electronic health records (EHRs) on July 13. The criteria must be met in order for a hospital or eligible provider (EP) to qualify for reimbursement of the cost of EHR software under the American Recovery and Reinvestment Act of 2009 (ARRA). The meaningful use criteria have been divided into two groups -- the core set, which is mandatory, and the menu set, from which hospitals and EPs may choose five of the 10 criteria. The mandatory core set includes a specific privacy / security requirement to “Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.” For both hospitals and EPs, the certification criteria is to “Conduct or review a security risk analysis and implement security updates as necessary.” Whether for overall HIPAA-HITECH compliance or for meeting Meaningful Use requirements, completing a formal HIPAA Security Risk Analysis is both a foundational compliance step and a requirement of the law: (1)(i) Standard: Security management process. Implement policies and procedures to prevent, detect, contain, and correct security violations. (ii) Implementation specifications: (A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity. The Solution If you receive, store, process or transmit ePHI, you should attend this webinar on how to conduct a HIPAA Security Risk Analysis. This webinar also briefly reviews the HIPAA-HITECH regulatory requirements for security risk analysis and risk management and provides a practical methodology and step-by-step instructions for completing a Risk Analysis according to the latest Health and Human Services (HHS) and Office of Civil Rights (OCR) Risk Analysis guidelines, entitled “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”. The concepts of risk, threats, vulnerabilities, impact, likelihood and many others are explained in this webinar. A classic categorization of risks into a matrix is explored. This webinar helps you determine your risks, categorize them as Low, Medium, High or Critical and then develop a risk remediation action plan.
  • 2. How To Conduct a HIPAA Security Risk Analysis Live Webinar – Practical, Actionable Steps Tuesday, November 30, 2010 (3:30pm ET, 2:30 CT, 1:30 MT, 12:30 PT) Duration: 90 minutes 2 © 2010 HITECH Security Advisors LLC • All Rights Reserved • The Results This Risk Analysis and Methodology presented in the webinar has been used by organizations of all sizes and is purposefully designed to be able to be able to be used by the largest CEs and BAs (e.g., hospitals, insurors, care management firms, etc) to the smallest CEs and BAs (e.g., small medical practices, clinics, dental offices, medical billing companies etc.). No matter where you are in your HIPAA-HITECH compliance journey, you will benefit from learning about: • The Risk Analysis implementation specification • HHS/OCR Final Guidance on Risk Analysis • How to actually perform a risk analysis Many CEs have ignored the HIPAA Security law for the last five years. A majority of BAs are not even aware of their new obligations under the law. Will compliance change? -- Most experts think so and so do we! The Health Information Technology for Economic and Clinical Health (HITECH) Act has been called a "game changer" because it significantly strengthens many aspects of the HIPAA Security Rule (and Privacy Rule), including the penalties that the U.S. Department of Health and Human Services (HHS) could impose for violations of the HIPAA rules as well as enforcement. As a visible demonstration of seriousness, HHS has begun posting Data Breach Notifications/Violations, required by law, on its web site. If you are a “Business Associate” or “Covered Entity” or a “subcontractor” that creates, receives, maintains or transmits ePHI, you will benefit from this webinar. Who Should Attend? Business leaders and managers with responsibility for Risk Management, Corporate Compliance, and HIPAA- HITECH Privacy and Security compliance should attend. CEOs, COOs, CFOs, Chief Compliance Officers, Chief Risk Officers, Chief Privacy Officers, Chief Security Officers, Chief Information Officers. Agenda: This session is offered as a 60-90-minute webinar using the GoToWebinar platform. The open format encourages questions during and after the session. Attendees will receive the presentation materials. In this live session, attendees will learn about: • Risk Analysis essentials • Specific requirements outlined in HHS/OCR Final Guidance • A Practical Risk Analysis Methodology • Step-by-Step Instructions for completing a HIPAA Risk Analysis • Tools, templates and forms available to help you
  • 3. How To Conduct a HIPAA Security Risk Analysis Live Webinar – Practical, Actionable Steps Tuesday, November 30, 2010 (3:30pm ET, 2:30 CT, 1:30 MT, 12:30 PT) Duration: 90 minutes 3 © 2010 HITECH Security Advisors LLC • All Rights Reserved • This webinar is designed to help CEs and BAs understand and act on the specific Risk Analysis requirements included in the HIPAA Security Final Rule, as amended by The HITECH Act. About the Presenter: Bob Chaput, MA, CHP, CHSS, MCSE Bob is president of HITECH Security Advisors LLC and Data Mountain LLC. Both firms help organizations manage increasingly more significant business risks associated with the protection of personally identifiable information. Over the past 30 years, Bob has worked as an educator, an executive and an entrepreneur. He has assisted businesses and individuals in developing highly secure information technology (IT) strategies that are tightly linked with their business strategies and goals. His workshops, seminars, writings and consultations reflect his knowledge, humor, enthusiasm and vision. Bob is no stranger to managing and protecting large amounts of data – his experience includes managing some of the world’s largest healthcare data sets, requiring the highest levels of security and privacy. Bob’s experience as a CIO and general manager leading global organizations at GE, Johnson & Johnson and Healthways for 30 years equips him to help others make critical decisions about information technology and implement more sound and secure data protection solutions. His 30-year career includes 25 years of responsibility for online data backup and recovery, disaster recovery and business continuity planning, with 20 of those years spanning the highly data- regulated healthcare industry. He holds undergraduate and graduate degrees in mathematics, numerous technical certifications and is a Certified HIPAA Professional (CHP) and a Certified HIPAA Security Specialist (CHSS). bob.chaput@H3CA.com http://www.HIPAASecurityAssessment.com (615) 496-4891 Follow Bob on Twitter: http://twitter.com/BobChaput Connect with Bob: http://www.LinkedIn.com/in/BobChaput

×