SlideShare a Scribd company logo

HIPAA Compliance Made Easy: Conducting a Risk Assessment

Conference Panel
Conference Panel

Conducting a HIPAA risk assessment is a legal requirement, and this webinar will equip healthcare organizations with the knowledge and tools necessary to fulfill this obligation. By understanding the risks that threaten the confidentiality, integrity, and availability of protected health information, organizations can take proactive measures to mitigate these risks and establish a robust compliance framework. Attending the "How to Conduct a HIPAA Risk Assessment Webinar" will empower healthcare organizations to embark on a continuous risk assessment process, enabling them to stay informed about evolving threats and ensure ongoing compliance with HIPAA standards and implementation specifications. By embracing the insights and best practices shared in the webinar, organizations can strengthen their security posture and safeguard patient information effectively. Register, https://conferencepanel.com/conference/how-to-conduct-a-hipaa-risk-assessment-and-the-surprising-danger-of-not-doing-one

Healthcare
1 of 20
Download to read offline
How to Conduct a HIPAA Risk Assessment and the Surprising Danger of Not Doing One by Mark R. Brengelman, JD, MA Attorney at Law Frankfort, Kentucky 1
About Mark R. Brengelman • Holds Bachelor's and Master's Degrees in Philosophy from Emory University, Atlanta, Georgia • Earned a Juris Doctorate from the University of Kentucky College of Law, Lexington, Kentucky • Served out a successful twenty year career with state government in Kentucky, including…. now in private practice since 2012 • Was a former Assistant Attorney General assigned to multiple state licensure boards in health care and other professions – General Counsel and Prosecuting Attorney • Has presented Continuing Education for over 50 national and state organizations and private companies, including the Kentucky Office of the Attorney General, the Kentucky Bar Association, the National Attorneys General Training and Research Institute, and the Federation of Associations of Regulatory Boards and eight of its member associations in psychology, physical therapy, dentistry, nursing, veterinary medicine, emergency medical services, state licensed contractors, and athletic trainers • Has represented all three branches of state government and now a local municipality in governmental ethics and now a state licensure board Represents: • licensees before state boards and in other professional matters • two government ethics commissions and a state board • parents and kids in confidential child abuse and neglect cases, termination of parental rights, and adoption proceedings I help health care practitioners, kids/parents, and government agencies navigate the law and ethics and make the rules understandable as applied to them.
Based upon the content of this program, you will be able effectively to identify: • Risk assessment under the HIPAA laws • Vulnerability, threat, and risk analysis • Scope of risk assessment • Identifying potential threats and vulnerabilities • Assessing security measures in place • Determining threat occurrence, likelihood, and impact • Finalize documentation of the risk assessment • Regular review and updates to risk assessment for new employees, new laws, and new technology • The surprising danger of not doing a HIPAA risk assessment How to Conduct a HIPAA Risk Assessment 3
Disclaimer! Goals of the content of this program – what this does and does not cover: • Does provide a broad overview of federal Risk Assessment under HIPAA in health care • Does not cover everything about Risk Assessment or everything about how these apply to any specific health care entity (i.e., hospital, clinic) or health care practitioner (i.e., dentist, physician) • Does educate the person attending to ask the right questions in their own profession/health care entity about compliance with federal law and Risk Assessment under HIPAA Additional disclaimers: • I do not practice Risk Assessment in HIPAA cases or consult on them • I do work in health care regulatory law and professional licensure where there are legal standards of confidentiality – comparison on professional licensure law confidentiality and HIPAA How to Conduct a HIPAA Risk Assessment 4
Basics of federal HIPAA Risk Assessment – the importance of HIPAA: • HIPAA risk assessments help in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to secure electronic protected health information • A risk analysis is a requirement in federal law • Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications of HIPAA • Your health care organization should determine the most appropriate way to achieve HIPAA compliance, taking into account the characteristics of the organization and its environment • Your health care agency must conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information • In addition to an express requirement to conduct a risk analysis, the HIPAA law indicates risk analysis is a necessary tool in reaching substantial compliance with many other standards and implementation specifications • The outcome of the risk assessment process is a critical factor in assessing whether an implementation specification or an equivalent measure is reasonable and appropriate How to Conduct a HIPAA Risk Assessment 5
Risk Assessment under the HIPAA laws: • National Institute of Standards and Technology (NIST) helps organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment • Users include HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services • The Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have jointly launched the HIPAA Security Risk Assessment (SRA) Tool • The SRA tool’s features make it useful in assisting small and medium-sized health care practices and business associates in complying with HIPAA’s Security Rule How to Conduct a HIPAA Risk Assessment 6
Vulnerability, threat, and risk analysis: • Risk Analysis is a requirement in 45 CFR § 164.308(a)(1)(ii)(A) • Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the Security Rule • A risk analysis is foundational, and must be understood to address specific safeguards and technologies that will best protect PHI • The Risk Assessment guidance is not intended to provide a one-size-fits-all blueprint for compliance with the risk analysis requirement - clarifies expectations for organizations working to meet the requirements How to Conduct a HIPAA Risk Assessment 7
The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • Examine a landmark settlement in the amount of $650,000 levied against a business associate entity of a nursing home system for improper HIPAA security violations involving an everyday device we all rely on and keep in our pockets – a cellular telephone – here a smartphone • The U.S. Department of Health and Human Services investigated a security breach involving multiple nursing homes and hundreds of itemized violations of the HIPAA security rule; ultimately, this civil settlement was reached to resolve the matter • Note: civil settlement was with the U.S. government, not with private patients for money damages (no information anyone person sued for that) • How does the security rule apply to the use of cell phones by health care providers? • How could violations result in a whopping $650,000 administrative fine? • This extraordinary administrative fine was not the end of the matter, but was the start of a compliance period designed to rectify these violations How to Conduct a HIPAA Risk Assessment 8
The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • “Catholic Nonprofit To Pay $650K Settlement In HIPAA Breach” – from Law360, June 30, 2016: • Catholic health non-profit – paid $650,000 in HIPAA-related penalties • Stolen mobile device compromised the protected health information of hundreds of nursing home residents • Agreement between the Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) and the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), includes implementation of a corrective action plan for allegedly breaching HIPAA security laws • “Business associates must implement the protections of the HIPAA security rule for the electronic protected health information they create, receive, maintain or transmit from covered entities,” Jocelyn Samuels, director of the OCR, said in a statement • This landmark, 2016 agreement dated back to violations starting February 2014 • Six separate nursing homes for which CHCS provided management and information technology services complained to OCR about a breach of unsecured electronic protected health information How to Conduct a HIPAA Risk Assessment 9
The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • “Catholic Nonprofit To Pay $650K Settlement In HIPAA Breach” – from Law360, June 30, 2016: • Breach involved the theft of a CHCS-issued employee iPhone • Note: maybe the only thing they did right! Recommendation on employer-issued electronics, but there must be follow up with all that • History: OCR enforces federal standards around privacy and security for people's health information and launches an investigation in April 2014 into CHCS's non-compliance with HIPAA • The investigation found the security policies and procedures did not comply with the federal standards that govern the protection of individually identifiable health information • The iPhone was unencrypted, with no password, and contained extensive personal information, including Social Security numbers, information regarding diagnosis and treatment, medical procedures, names of family members and legal guardians and medication information How to Conduct a HIPAA Risk Assessment 10
The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • “Catholic Nonprofit To Pay $650K Settlement In HIPAA Breach” – from Law360, June 30, 2016: • At the time of the theft, CHCS did not have policies that addressed what to do in the event of a security incident, such as mobile devices containing personal health information stolen from its facility • CHCS also did not have in place any risk analysis or management plan • Note: if they had had one, would it have identified this weakness? Would anybody have asked about using passwords, etc.? • Since September 2013 (until 2014), CHCS has not conducted required assessments of the potential risks and vulnerabilities to the confidentiality and availability of the electronic personal information it holds, nor has it implemented security measures to sufficiently reduce those risks and vulnerabilities • These are both HIPAA violations on their own – did not have to wait for an actual breach, but this actual breach revealed this violation, so now you have multiple problems • The $650,000 fine was not enough! How to Conduct a HIPAA Risk Assessment 11
The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • “Catholic Nonprofit To Pay $650K Settlement In HIPAA Breach” – from Law360, June 30, 2016: • CHCS must revise and maintain its written policies and procedures, including password management, login monitoring, data backup plans, and security-related training for employees who have access to people’s health data • The agreement may result in further action against the non-profit under HIPAA rules if there is non-compliance – two year monitoring process • “Corrective Action Plan” – attached as Appendix A to the agreement • Note: I have the entire Agreement • How did we get to $650,000? I have not done the math, but . . . . • 412 individuals were ultimately affected by the combined breaches • Let us do the math: that is $1,000 per person, and other amounts for the other HIPAA non-compliance issues • Doesn’t insurance pay for all of that? Not! How to Conduct a HIPAA Risk Assessment 12
The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • “Catholic Nonprofit To Pay $650K Settlement In HIPAA Breach” – from Law360, June 30, 2016: • This is my speculation – the Agreement does not itemize the amount • No admission of liability (how can I secure a $650,000 fine when no one did anything wrong?!?!?) • Note: No reports of unauthorized access to patient information on the stolen mobile phone; all potentially affected individuals were timely notified (now that is a HIPAA requirement they apparently met) • From the OCR itself: • Press release issued in the case for all the world to see – this reflects the public nature of final action by the federal government’s OCR • Unsure if CHCS issued its own press release – it sure could • Is this the future of HIPAA enforcement? Two-thirds of a million dollars? • “Business Associates Beware: More HHS Enforcement Ahead” – from Law360, July 18, 2016: How to Conduct a HIPAA Risk Assessment 13
The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • Is this the future of HIPAA enforcement? Two-thirds of a million dollars? • “Record $5.5M HIPAA Deal Foreshadows Future Enforcement” – from Law360, August 23, 2016: • In August 2016, Advocate Health Care System agreed to pay a then-record $5.55 million to settle a variety of HIPAA violations; two year corrective action plan and numerous corrective actions to remedy the described failures • Two year corrective action plan seems consistent How to Conduct a HIPAA Risk Assessment 14
The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • Is this the future of HIPAA enforcement? Two-thirds of a million dollars? • “Record $5.5M HIPAA Deal Foreshadows Future Enforcement” – from Law360, August 23, 2016: • Advocate was the largest health system in Illinois and operated more than 400 sites of care and 12 acute care hospitals • Statement: “The OCR has entered into settlement agreements in the past few months for increasing amounts of $650,000, $2.7 million, $2.75 million, and the Advocate settlement of $5.5 million How to Conduct a HIPAA Risk Assessment 15
The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • Is this the future of HIPAA enforcement? Two-thirds of a million dollars? • “Business Associates Beware: More HHS Enforcement Ahead” – from Law360, July 18, 2016: • Reported as the first time a Business Associate entered into a resolution agreement • Factors: shaped by the size and services of the business associate, non-profit status where a higher fine may impact the ability of the entity to serve “vulnerable and underserved populations,” and the absence of risk analysis and risk management • Nothing like a $650,000 fine to get your attention – and the industry How to Conduct a HIPAA Risk Assessment 16
Summary and tips for avoiding liability and risk: For individual health care practitioners: • Read and understand your profession’s practice act and know what current practice standards are and current confidentiality in general – usually the standards are very broad in professional licensure • Follow the appropriate standard of care • Use a nationally recognized and “HIPAA compliant” software and medical records system • Train all your staff and re-train them How to Conduct a HIPAA Risk Assessment 17
Summary and tips for avoiding liability and risk: For health care facilities: • Know your HIPAA confidentiality or hire someone who does – your facility is liable • Have regular training on HIPAA rules for everyone (employees/volunteers) – recommended annual training for anyone who has access to PHI • Document your facility’s Risk Assessments accurately – that is your best defense to a federal HIPAA investigation that will mitigate damages if there is a security breach • Outsource HIPAA Risk Assessment where necessary • But large entities will have their own IT and HIPAA compliance offices, so just do that! How to Conduct a HIPAA Risk Assessment 18
Questions? Register Now 19
20 Thanks for Watching Learn More

Recommended

HIPAA Boot Camp: A Step-by-Step Guide to Achieving Compliance
HIPAA Boot Camp: A Step-by-Step Guide to Achieving ComplianceHIPAA Boot Camp: A Step-by-Step Guide to Achieving Compliance
HIPAA Boot Camp: A Step-by-Step Guide to Achieving ComplianceConference Panel
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...Michigan Primary Care Association
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019Jose Ivan Delgado, Ph.D.
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...Skoda Minotti
 

Recommended

HIPAA Boot Camp: A Step-by-Step Guide to Achieving Compliance
HIPAA Boot Camp: A Step-by-Step Guide to Achieving ComplianceHIPAA Boot Camp: A Step-by-Step Guide to Achieving Compliance
HIPAA Boot Camp: A Step-by-Step Guide to Achieving ComplianceConference Panel
 
HIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceHIPAA - Understanding the Basics of Compliance
HIPAA - Understanding the Basics of ComplianceJay Hodes
 
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...
MPCA HIPAA Compliance/Meaningful Use Requirements and Security Risk Assessmen...Michigan Primary Care Association
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019Jose Ivan Delgado, Ph.D.
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
PSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW 2016 - HIPAA Compliance for EMS Community
PSOW 2016 - HIPAA Compliance for EMS CommunityPSOW
 
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...HIPAA Compliance: What Medical Practices and Their Business Associates Need t...
HIPAA Compliance: What Medical Practices and Their Business Associates Need t...Skoda Minotti
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009rogersons
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldRyan Snell
 
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and BeyondBreaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and BeyondConference Panel
 
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...Conference Panel
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersJason Karn
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
Hipaa changes 2018 and how to comply
Hipaa changes 2018 and how to complyHipaa changes 2018 and how to comply
Hipaa changes 2018 and how to complySangeetha Parandhaman
 
Prepare a workplace brief (8-10 double-spaced pages) to address a .docx
Prepare a workplace brief (8-10 double-spaced pages) to address a .docxPrepare a workplace brief (8-10 double-spaced pages) to address a .docx
Prepare a workplace brief (8-10 double-spaced pages) to address a .docxharrisonhoward80223
 
Chapter 9
Chapter 9Chapter 9
Chapter 9bodo-con
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
Regulating Healthcare - Lecture E
Regulating Healthcare - Lecture ERegulating Healthcare - Lecture E
Regulating Healthcare - Lecture ECMDLearning
 
Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...
Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...
Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...LTC Expert Publications
 
2016-04-21 HIPAA
2016-04-21 HIPAA2016-04-21 HIPAA
2016-04-21 HIPAAJonathan Zuhosky
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleMichigan Primary Care Association
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Compliancy Group
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simpleJose Ivan Delgado, Ph.D.
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamAtlantic Training, LLC.
 
AN20230811-3.pptx
AN20230811-3.pptxAN20230811-3.pptx
AN20230811-3.pptxHabibuKumar
 
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...Conference Panel
 
The 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical ProvidersThe 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical ProvidersConference Panel
 

More Related Content

Similar to HIPAA Compliance Made Easy: Conducting a Risk Assessment

HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit ImplementationValency Networks
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009rogersons
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldRyan Snell
 
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and BeyondBreaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and BeyondConference Panel
 
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...Conference Panel
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersJason Karn
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
Hipaa changes 2018 and how to comply
Hipaa changes 2018 and how to complyHipaa changes 2018 and how to comply
Hipaa changes 2018 and how to complySangeetha Parandhaman
 
Prepare a workplace brief (8-10 double-spaced pages) to address a .docx
Prepare a workplace brief (8-10 double-spaced pages) to address a .docxPrepare a workplace brief (8-10 double-spaced pages) to address a .docx
Prepare a workplace brief (8-10 double-spaced pages) to address a .docxharrisonhoward80223
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...eringold
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
Regulating Healthcare - Lecture E
Regulating Healthcare - Lecture ERegulating Healthcare - Lecture E
Regulating Healthcare - Lecture ECMDLearning
 
Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...
Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...
Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...LTC Expert Publications
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleMichigan Primary Care Association
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Compliancy Group
 
AN20230811-3.pptx
AN20230811-3.pptxAN20230811-3.pptx
AN20230811-3.pptxHabibuKumar
 

Similar to HIPAA Compliance Made Easy: Conducting a Risk Assessment (20)

HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
 
Becoming HITECH - 9/2009
Becoming HITECH - 9/2009Becoming HITECH - 9/2009
Becoming HITECH - 9/2009
 
HIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile WorldHIPAA Compliance and Security in a Mobile World
HIPAA Compliance and Security in a Mobile World
 
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and BeyondBreaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and Beyond
 
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
HIPAA Guidelines and Electronic Communication: What Healthcare Professionals ...
 
HIPAA and Privacy for Researchers
HIPAA and Privacy for ResearchersHIPAA and Privacy for Researchers
HIPAA and Privacy for Researchers
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
Hipaa changes 2018 and how to comply
Hipaa changes 2018 and how to complyHipaa changes 2018 and how to comply
Hipaa changes 2018 and how to comply
 
Prepare a workplace brief (8-10 double-spaced pages) to address a .docx
Prepare a workplace brief (8-10 double-spaced pages) to address a .docxPrepare a workplace brief (8-10 double-spaced pages) to address a .docx
Prepare a workplace brief (8-10 double-spaced pages) to address a .docx
 
Chapter 9
Chapter 9Chapter 9
Chapter 9
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
Regulating Healthcare - Lecture E
Regulating Healthcare - Lecture ERegulating Healthcare - Lecture E
Regulating Healthcare - Lecture E
 
Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...
Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...
Your Home Health Care Agency is 5xs More Likely to Be Audited By OCR than the...
 
2016-04-21 HIPAA
2016-04-21 HIPAA2016-04-21 HIPAA
2016-04-21 HIPAA
 
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus RuleHIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
HIPAA/HITECH Requirements for FQHCs and the New Omnibus Rule
 
Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2Maninging Risk Exposure in Meaningful Use Stage 2
Maninging Risk Exposure in Meaningful Use Stage 2
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
HIPAA Basics by Brian Fleetham
HIPAA Basics by Brian FleethamHIPAA Basics by Brian Fleetham
HIPAA Basics by Brian Fleetham
 
AN20230811-3.pptx
AN20230811-3.pptxAN20230811-3.pptx
AN20230811-3.pptx
 

More from Conference Panel

Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...Conference Panel
 
The 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical ProvidersThe 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical ProvidersConference Panel
 
Protecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital LandscapesProtecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital LandscapesConference Panel
 
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024Nursing Standards in Hospital Accreditation: CMS Guidelines 2024
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024Conference Panel
 
Implementing CMS Hospital QAPI Guidelines for 2024
Implementing CMS Hospital QAPI Guidelines for 2024Implementing CMS Hospital QAPI Guidelines for 2024
Implementing CMS Hospital QAPI Guidelines for 2024Conference Panel
 
Exploring the Revised Medicare 855 Enrollment Form for 2024
Exploring the Revised Medicare 855 Enrollment Form for 2024Exploring the Revised Medicare 855 Enrollment Form for 2024
Exploring the Revised Medicare 855 Enrollment Form for 2024Conference Panel
 
Demystifying Shared Care and "Incident To" Billing: 2024 Updates
Demystifying Shared Care and "Incident To" Billing: 2024 UpdatesDemystifying Shared Care and "Incident To" Billing: 2024 Updates
Demystifying Shared Care and "Incident To" Billing: 2024 UpdatesConference Panel
 
Understanding CPT Code Revisions in 2024
Understanding CPT Code Revisions in 2024Understanding CPT Code Revisions in 2024
Understanding CPT Code Revisions in 2024Conference Panel
 
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...Conference Panel
 
Provider Enrollment Excellence: A Strategic Program Guide
Provider Enrollment Excellence: A Strategic Program GuideProvider Enrollment Excellence: A Strategic Program Guide
Provider Enrollment Excellence: A Strategic Program GuideConference Panel
 
What Physicians Need to Know: CMS Final Rules 2024
What Physicians Need to Know: CMS Final Rules 2024What Physicians Need to Know: CMS Final Rules 2024
What Physicians Need to Know: CMS Final Rules 2024Conference Panel
 
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...Conference Panel
 
Demystifying the 2024 OIG Audit Selection Criteria
Demystifying the 2024 OIG Audit Selection CriteriaDemystifying the 2024 OIG Audit Selection Criteria
Demystifying the 2024 OIG Audit Selection CriteriaConference Panel
 
Medicare Preventive Care: A CMS Perspective
Medicare Preventive Care: A CMS PerspectiveMedicare Preventive Care: A CMS Perspective
Medicare Preventive Care: A CMS PerspectiveConference Panel
 
Part B Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part B Unpacking the 2023 CMS Hospital Infection Prevention MandatesPart B Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part B Unpacking the 2023 CMS Hospital Infection Prevention MandatesConference Panel
 
Part A Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part A Unpacking the 2023 CMS Hospital Infection Prevention MandatesPart A Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part A Unpacking the 2023 CMS Hospital Infection Prevention MandatesConference Panel
 
Key Elements of CMS Emergency Preparedness Regulations
Key Elements of CMS Emergency Preparedness RegulationsKey Elements of CMS Emergency Preparedness Regulations
Key Elements of CMS Emergency Preparedness RegulationsConference Panel
 
2023 Proposed HIPAA Amendments: What You Need to Know
2023 Proposed HIPAA Amendments: What You Need to Know2023 Proposed HIPAA Amendments: What You Need to Know
2023 Proposed HIPAA Amendments: What You Need to KnowConference Panel
 
Prepare for October 2023: ICD-10 Coding Changes Ahead
Prepare for October 2023: ICD-10 Coding Changes AheadPrepare for October 2023: ICD-10 Coding Changes Ahead
Prepare for October 2023: ICD-10 Coding Changes AheadConference Panel
 
Navigating the CMS Physician Proposed Rule 2024: What You Need to Know
Navigating the CMS Physician Proposed Rule 2024: What You Need to KnowNavigating the CMS Physician Proposed Rule 2024: What You Need to Know
Navigating the CMS Physician Proposed Rule 2024: What You Need to KnowConference Panel
 

More from Conference Panel (20)

Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
Grievances and Complaints 2024 Compliance with the CMS CoPs, Joint Commission...
 
The 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical ProvidersThe 2024 Prior Authorization Process For Medical Providers
The 2024 Prior Authorization Process For Medical Providers
 
Protecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital LandscapesProtecting Patient Privacy: Navigating HIPAA in Digital Landscapes
Protecting Patient Privacy: Navigating HIPAA in Digital Landscapes
 
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024Nursing Standards in Hospital Accreditation: CMS Guidelines 2024
Nursing Standards in Hospital Accreditation: CMS Guidelines 2024
 
Implementing CMS Hospital QAPI Guidelines for 2024
Implementing CMS Hospital QAPI Guidelines for 2024Implementing CMS Hospital QAPI Guidelines for 2024
Implementing CMS Hospital QAPI Guidelines for 2024
 
Exploring the Revised Medicare 855 Enrollment Form for 2024
Exploring the Revised Medicare 855 Enrollment Form for 2024Exploring the Revised Medicare 855 Enrollment Form for 2024
Exploring the Revised Medicare 855 Enrollment Form for 2024
 
Demystifying Shared Care and "Incident To" Billing: 2024 Updates
Demystifying Shared Care and "Incident To" Billing: 2024 UpdatesDemystifying Shared Care and "Incident To" Billing: 2024 Updates
Demystifying Shared Care and "Incident To" Billing: 2024 Updates
 
Understanding CPT Code Revisions in 2024
Understanding CPT Code Revisions in 2024Understanding CPT Code Revisions in 2024
Understanding CPT Code Revisions in 2024
 
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...
Decoding the Latest Changes in the 2024 Medicare Physician Fee Schedule (MPFS...
 
Provider Enrollment Excellence: A Strategic Program Guide
Provider Enrollment Excellence: A Strategic Program GuideProvider Enrollment Excellence: A Strategic Program Guide
Provider Enrollment Excellence: A Strategic Program Guide
 
What Physicians Need to Know: CMS Final Rules 2024
What Physicians Need to Know: CMS Final Rules 2024What Physicians Need to Know: CMS Final Rules 2024
What Physicians Need to Know: CMS Final Rules 2024
 
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...
A Deep Dive into 2023: Hospital CoPs and Best Practices for History and Physi...
 
Demystifying the 2024 OIG Audit Selection Criteria
Demystifying the 2024 OIG Audit Selection CriteriaDemystifying the 2024 OIG Audit Selection Criteria
Demystifying the 2024 OIG Audit Selection Criteria
 
Medicare Preventive Care: A CMS Perspective
Medicare Preventive Care: A CMS PerspectiveMedicare Preventive Care: A CMS Perspective
Medicare Preventive Care: A CMS Perspective
 
Part B Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part B Unpacking the 2023 CMS Hospital Infection Prevention MandatesPart B Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part B Unpacking the 2023 CMS Hospital Infection Prevention Mandates
 
Part A Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part A Unpacking the 2023 CMS Hospital Infection Prevention MandatesPart A Unpacking the 2023 CMS Hospital Infection Prevention Mandates
Part A Unpacking the 2023 CMS Hospital Infection Prevention Mandates
 
Key Elements of CMS Emergency Preparedness Regulations
Key Elements of CMS Emergency Preparedness RegulationsKey Elements of CMS Emergency Preparedness Regulations
Key Elements of CMS Emergency Preparedness Regulations
 
2023 Proposed HIPAA Amendments: What You Need to Know
2023 Proposed HIPAA Amendments: What You Need to Know2023 Proposed HIPAA Amendments: What You Need to Know
2023 Proposed HIPAA Amendments: What You Need to Know
 
Prepare for October 2023: ICD-10 Coding Changes Ahead
Prepare for October 2023: ICD-10 Coding Changes AheadPrepare for October 2023: ICD-10 Coding Changes Ahead
Prepare for October 2023: ICD-10 Coding Changes Ahead
 
Navigating the CMS Physician Proposed Rule 2024: What You Need to Know
Navigating the CMS Physician Proposed Rule 2024: What You Need to KnowNavigating the CMS Physician Proposed Rule 2024: What You Need to Know
Navigating the CMS Physician Proposed Rule 2024: What You Need to Know
 

Recently uploaded

Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...Gfnyt
 
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591adityaroy0215
 
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...High Profile Call Girls Chandigarh Aarushi
 
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsiindian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana TulsiHigh Profile Call Girls Chandigarh Aarushi
 
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7Miss joya
 
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591adityaroy0215
 
Leading transformational change: inner and outer skills
Leading transformational change: inner and outer skillsLeading transformational change: inner and outer skills
Leading transformational change: inner and outer skillsHelenBevan4
 
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...Vip call girls In Chandigarh
 
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...Call Girls Noida
 
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...Call Girls Service Chandigarh Ayushi
 
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...Sheetaleventcompany
 
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In RaipurCall Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipurgragmanisha42
 
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋Sheetaleventcompany
 
💚😋Mumbai Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Mumbai Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Mumbai Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Mumbai Escort Service Call Girls, ₹5000 To 25K With AC💚😋Sheetaleventcompany
 
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Call Girls Noida
 

Recently uploaded (20)

Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
Bangalore call girl 👯‍♀️@ Simran Independent Call Girls in Bangalore GIUXUZ...
 
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
VIP Call Girl Sector 25 Gurgaon Just Call Me 9899900591
 
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
Russian Call Girls in Chandigarh Ojaswi ❤️🍑 9907093804 👄🫦 Independent Escort ...
 
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsiindian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
indian Call Girl Panchkula ❤️🍑 9907093804 Low Rate Call Girls Ludhiana Tulsi
 
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7
Vip Kolkata Call Girls Cossipore 👉 8250192130 ❣️💯 Available With Room 24×7
 
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
VIP Call Girl Sector 88 Gurgaon Delhi Just Call Me 9899900591
 
Leading transformational change: inner and outer skills
Leading transformational change: inner and outer skillsLeading transformational change: inner and outer skills
Leading transformational change: inner and outer skills
 
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
No Advance 9053900678 Chandigarh Call Girls , Indian Call Girls For Full Ni...
 
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
pOOJA sexy Call Girls In Sector 49,9999965857 Young Female Escorts Service In...
 
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Hyderabad Just Call 9907093804 Top Class Call Girl Service Available
 
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...
Jalandhar Female Call Girls Contact Number 9053900678 💚Jalandhar Female Call...
 
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
Call Girl In Zirakpur ❤️♀️@ 9988299661 Zirakpur Call Girls Near Me ❤️♀️@ Sexy...
 
Call Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service Guwahati
Call Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service GuwahatiCall Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service Guwahati
Call Girl Guwahati Aashi 👉 7001305949 👈 🔝 Independent Escort Service Guwahati
 
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service LucknowVIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
VIP Call Girls Lucknow Isha 🔝 9719455033 🔝 🎶 Independent Escort Service Lucknow
 
Call Girls in Lucknow Esha 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
Call Girls in Lucknow Esha 🔝 8923113531 🔝 🎶 Independent Escort Service LucknowCall Girls in Lucknow Esha 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
Call Girls in Lucknow Esha 🔝 8923113531 🔝 🎶 Independent Escort Service Lucknow
 
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In RaipurCall Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
Call Girl Raipur 📲 9999965857 ヅ10k NiGhT Call Girls In Raipur
 
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Chandigarh Escort Service Call Girls, ₹5000 To 25K With AC💚😋
 
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
Russian Call Girls in Dehradun Komal 🔝 7001305949 🔝 📍 Independent Escort Serv...
 
💚😋Mumbai Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Mumbai Escort Service Call Girls, ₹5000 To 25K With AC💚😋💚😋Mumbai Escort Service Call Girls, ₹5000 To 25K With AC💚😋
💚😋Mumbai Escort Service Call Girls, ₹5000 To 25K With AC💚😋
 
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
Vip sexy Call Girls Service In Sector 137,9999965857 Young Female Escorts Ser...
 

HIPAA Compliance Made Easy: Conducting a Risk Assessment

  • 1. How to Conduct a HIPAA Risk Assessment and the Surprising Danger of Not Doing One by Mark R. Brengelman, JD, MA Attorney at Law Frankfort, Kentucky 1
  • 2. About Mark R. Brengelman • Holds Bachelor's and Master's Degrees in Philosophy from Emory University, Atlanta, Georgia • Earned a Juris Doctorate from the University of Kentucky College of Law, Lexington, Kentucky • Served out a successful twenty year career with state government in Kentucky, including…. now in private practice since 2012 • Was a former Assistant Attorney General assigned to multiple state licensure boards in health care and other professions – General Counsel and Prosecuting Attorney • Has presented Continuing Education for over 50 national and state organizations and private companies, including the Kentucky Office of the Attorney General, the Kentucky Bar Association, the National Attorneys General Training and Research Institute, and the Federation of Associations of Regulatory Boards and eight of its member associations in psychology, physical therapy, dentistry, nursing, veterinary medicine, emergency medical services, state licensed contractors, and athletic trainers • Has represented all three branches of state government and now a local municipality in governmental ethics and now a state licensure board Represents: • licensees before state boards and in other professional matters • two government ethics commissions and a state board • parents and kids in confidential child abuse and neglect cases, termination of parental rights, and adoption proceedings I help health care practitioners, kids/parents, and government agencies navigate the law and ethics and make the rules understandable as applied to them.
  • 3. Based upon the content of this program, you will be able effectively to identify: • Risk assessment under the HIPAA laws • Vulnerability, threat, and risk analysis • Scope of risk assessment • Identifying potential threats and vulnerabilities • Assessing security measures in place • Determining threat occurrence, likelihood, and impact • Finalize documentation of the risk assessment • Regular review and updates to risk assessment for new employees, new laws, and new technology • The surprising danger of not doing a HIPAA risk assessment How to Conduct a HIPAA Risk Assessment 3
  • 4. Disclaimer! Goals of the content of this program – what this does and does not cover: • Does provide a broad overview of federal Risk Assessment under HIPAA in health care • Does not cover everything about Risk Assessment or everything about how these apply to any specific health care entity (i.e., hospital, clinic) or health care practitioner (i.e., dentist, physician) • Does educate the person attending to ask the right questions in their own profession/health care entity about compliance with federal law and Risk Assessment under HIPAA Additional disclaimers: • I do not practice Risk Assessment in HIPAA cases or consult on them • I do work in health care regulatory law and professional licensure where there are legal standards of confidentiality – comparison on professional licensure law confidentiality and HIPAA How to Conduct a HIPAA Risk Assessment 4
  • 5. Basics of federal HIPAA Risk Assessment – the importance of HIPAA: • HIPAA risk assessments help in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to secure electronic protected health information • A risk analysis is a requirement in federal law • Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications of HIPAA • Your health care organization should determine the most appropriate way to achieve HIPAA compliance, taking into account the characteristics of the organization and its environment • Your health care agency must conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information • In addition to an express requirement to conduct a risk analysis, the HIPAA law indicates risk analysis is a necessary tool in reaching substantial compliance with many other standards and implementation specifications • The outcome of the risk assessment process is a critical factor in assessing whether an implementation specification or an equivalent measure is reasonable and appropriate How to Conduct a HIPAA Risk Assessment 5
  • 6. Risk Assessment under the HIPAA laws: • National Institute of Standards and Technology (NIST) helps organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment • Users include HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services • The Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have jointly launched the HIPAA Security Risk Assessment (SRA) Tool • The SRA tool’s features make it useful in assisting small and medium-sized health care practices and business associates in complying with HIPAA’s Security Rule How to Conduct a HIPAA Risk Assessment 6
  • 7. Vulnerability, threat, and risk analysis: • Risk Analysis is a requirement in 45 CFR § 164.308(a)(1)(ii)(A) • Conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the Security Rule • A risk analysis is foundational, and must be understood to address specific safeguards and technologies that will best protect PHI • The Risk Assessment guidance is not intended to provide a one-size-fits-all blueprint for compliance with the risk analysis requirement - clarifies expectations for organizations working to meet the requirements How to Conduct a HIPAA Risk Assessment 7
  • 8. The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • Examine a landmark settlement in the amount of $650,000 levied against a business associate entity of a nursing home system for improper HIPAA security violations involving an everyday device we all rely on and keep in our pockets – a cellular telephone – here a smartphone • The U.S. Department of Health and Human Services investigated a security breach involving multiple nursing homes and hundreds of itemized violations of the HIPAA security rule; ultimately, this civil settlement was reached to resolve the matter • Note: civil settlement was with the U.S. government, not with private patients for money damages (no information anyone person sued for that) • How does the security rule apply to the use of cell phones by health care providers? • How could violations result in a whopping $650,000 administrative fine? • This extraordinary administrative fine was not the end of the matter, but was the start of a compliance period designed to rectify these violations How to Conduct a HIPAA Risk Assessment 8
  • 9. The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • “Catholic Nonprofit To Pay $650K Settlement In HIPAA Breach” – from Law360, June 30, 2016: • Catholic health non-profit – paid $650,000 in HIPAA-related penalties • Stolen mobile device compromised the protected health information of hundreds of nursing home residents • Agreement between the Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) and the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), includes implementation of a corrective action plan for allegedly breaching HIPAA security laws • “Business associates must implement the protections of the HIPAA security rule for the electronic protected health information they create, receive, maintain or transmit from covered entities,” Jocelyn Samuels, director of the OCR, said in a statement • This landmark, 2016 agreement dated back to violations starting February 2014 • Six separate nursing homes for which CHCS provided management and information technology services complained to OCR about a breach of unsecured electronic protected health information How to Conduct a HIPAA Risk Assessment 9
  • 10. The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • “Catholic Nonprofit To Pay $650K Settlement In HIPAA Breach” – from Law360, June 30, 2016: • Breach involved the theft of a CHCS-issued employee iPhone • Note: maybe the only thing they did right! Recommendation on employer-issued electronics, but there must be follow up with all that • History: OCR enforces federal standards around privacy and security for people's health information and launches an investigation in April 2014 into CHCS's non-compliance with HIPAA • The investigation found the security policies and procedures did not comply with the federal standards that govern the protection of individually identifiable health information • The iPhone was unencrypted, with no password, and contained extensive personal information, including Social Security numbers, information regarding diagnosis and treatment, medical procedures, names of family members and legal guardians and medication information How to Conduct a HIPAA Risk Assessment 10
  • 11. The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • “Catholic Nonprofit To Pay $650K Settlement In HIPAA Breach” – from Law360, June 30, 2016: • At the time of the theft, CHCS did not have policies that addressed what to do in the event of a security incident, such as mobile devices containing personal health information stolen from its facility • CHCS also did not have in place any risk analysis or management plan • Note: if they had had one, would it have identified this weakness? Would anybody have asked about using passwords, etc.? • Since September 2013 (until 2014), CHCS has not conducted required assessments of the potential risks and vulnerabilities to the confidentiality and availability of the electronic personal information it holds, nor has it implemented security measures to sufficiently reduce those risks and vulnerabilities • These are both HIPAA violations on their own – did not have to wait for an actual breach, but this actual breach revealed this violation, so now you have multiple problems • The $650,000 fine was not enough! How to Conduct a HIPAA Risk Assessment 11
  • 12. The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • “Catholic Nonprofit To Pay $650K Settlement In HIPAA Breach” – from Law360, June 30, 2016: • CHCS must revise and maintain its written policies and procedures, including password management, login monitoring, data backup plans, and security-related training for employees who have access to people’s health data • The agreement may result in further action against the non-profit under HIPAA rules if there is non-compliance – two year monitoring process • “Corrective Action Plan” – attached as Appendix A to the agreement • Note: I have the entire Agreement • How did we get to $650,000? I have not done the math, but . . . . • 412 individuals were ultimately affected by the combined breaches • Let us do the math: that is $1,000 per person, and other amounts for the other HIPAA non-compliance issues • Doesn’t insurance pay for all of that? Not! How to Conduct a HIPAA Risk Assessment 12
  • 13. The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • “Catholic Nonprofit To Pay $650K Settlement In HIPAA Breach” – from Law360, June 30, 2016: • This is my speculation – the Agreement does not itemize the amount • No admission of liability (how can I secure a $650,000 fine when no one did anything wrong?!?!?) • Note: No reports of unauthorized access to patient information on the stolen mobile phone; all potentially affected individuals were timely notified (now that is a HIPAA requirement they apparently met) • From the OCR itself: • Press release issued in the case for all the world to see – this reflects the public nature of final action by the federal government’s OCR • Unsure if CHCS issued its own press release – it sure could • Is this the future of HIPAA enforcement? Two-thirds of a million dollars? • “Business Associates Beware: More HHS Enforcement Ahead” – from Law360, July 18, 2016: How to Conduct a HIPAA Risk Assessment 13
  • 14. The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • Is this the future of HIPAA enforcement? Two-thirds of a million dollars? • “Record $5.5M HIPAA Deal Foreshadows Future Enforcement” – from Law360, August 23, 2016: • In August 2016, Advocate Health Care System agreed to pay a then-record $5.55 million to settle a variety of HIPAA violations; two year corrective action plan and numerous corrective actions to remedy the described failures • Two year corrective action plan seems consistent How to Conduct a HIPAA Risk Assessment 14
  • 15. The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • Is this the future of HIPAA enforcement? Two-thirds of a million dollars? • “Record $5.5M HIPAA Deal Foreshadows Future Enforcement” – from Law360, August 23, 2016: • Advocate was the largest health system in Illinois and operated more than 400 sites of care and 12 acute care hospitals • Statement: “The OCR has entered into settlement agreements in the past few months for increasing amounts of $650,000, $2.7 million, $2.75 million, and the Advocate settlement of $5.5 million How to Conduct a HIPAA Risk Assessment 15
  • 16. The $650,000 HIPAA violations case – the surprising danger of not doing a HIPAA Risk Assessment: • Is this the future of HIPAA enforcement? Two-thirds of a million dollars? • “Business Associates Beware: More HHS Enforcement Ahead” – from Law360, July 18, 2016: • Reported as the first time a Business Associate entered into a resolution agreement • Factors: shaped by the size and services of the business associate, non-profit status where a higher fine may impact the ability of the entity to serve “vulnerable and underserved populations,” and the absence of risk analysis and risk management • Nothing like a $650,000 fine to get your attention – and the industry How to Conduct a HIPAA Risk Assessment 16
  • 17. Summary and tips for avoiding liability and risk: For individual health care practitioners: • Read and understand your profession’s practice act and know what current practice standards are and current confidentiality in general – usually the standards are very broad in professional licensure • Follow the appropriate standard of care • Use a nationally recognized and “HIPAA compliant” software and medical records system • Train all your staff and re-train them How to Conduct a HIPAA Risk Assessment 17
  • 18. Summary and tips for avoiding liability and risk: For health care facilities: • Know your HIPAA confidentiality or hire someone who does – your facility is liable • Have regular training on HIPAA rules for everyone (employees/volunteers) – recommended annual training for anyone who has access to PHI • Document your facility’s Risk Assessments accurately – that is your best defense to a federal HIPAA investigation that will mitigate damages if there is a security breach • Outsource HIPAA Risk Assessment where necessary • But large entities will have their own IT and HIPAA compliance offices, so just do that! How to Conduct a HIPAA Risk Assessment 18